I don’t know what the fuck is going on with Kagi on Lemmy. They must be using bots or paying people for promoting them. I just don’t get how people can trust them so much when they haven’t released the code for anything, they require you to be logged in which makes the user uniquely identifiable and therefore could easily correlate your searches to your identity (even if they claim not to, it’s just a “trust me, bro”)
what transparency and “privacy focus” are you talking about?
They haven’t released a single line of code and they required you to be logged in, which makes you uniquely identifiable, and if you paid using credit card, then you gave away your personal identifiable information.
The Wall Street Journal reported that Meta plans to move to a “Pay for your Rights” model, where EU users will have to pay $ 168 a year (€ 160 a year) if they don’t agree to give up their fundamental right to privacy on platforms such as Instagram and Facebook. History has shown that Meta’s regulator, the Irish DPC, is...
The Bromite project has been inactive for the last 9 months or so. Today I found this fork of Bromite that’s well maintained and seems to work flawlessly. Hope it helps others who were looking for a replacement.
It’s not free to publish apps on the Play Store. And I’m not sure if this is still the case today, but I recall of Google forcing to include their libraries on apps published there.
it’s quite fun to see the whole thing you want to engineer just to have an excuse to use a blockchain.
Have you ever heard of Torrents? USENET? eDonkey? Those things are more resilient than your blockchain, they’ve proved themselves by being around more than 20 years and still in use.
The new Plus category of Chromebooks is an assurance that you’ll get a higher level of performance and features but still at a reasonable starting price....
I’m running Arch Linux in a 18 year old laptop. And I could and have run Debian in the very same laptop in the past.
I don’t get your point at all. If laptops were as repairable as desktops, we could continue using them for 15+ years. And software support, thanks to the GNU/Linux distro maintainers, is not a problem.
Kagi can claim whatever they want in their privacy policy. Where’s the code of their servers? Because I see none. How do we know they aren’t keeping logs that could be easily correlated (by themselves or a third party who access their servers)?
Even if we had the code, I would still be skeptical, we can’t be sure what code are they exactly running on the server side and having an account linked to every search is just awful.
SearXNG is anonymous while offering the very same features, if not better.
You aren’t wrong about not knowing if SearXNG instances are running a modified version of SearXNG that tries to log you.
Fortunately, we don’t need to trust those instances. They do not require you to login, so there’s not an unique identifier (like an account) to associate your searches with other than your IP address which you can hide with a VPN, or even better, using a .onion instance (something that Kagi does not have at all AFAIK).
For using Kagi, no matter if you switch your IP address every time, if you delete cookies after closing your browser or if you buy a new laptop for every search query, you’re uniquely identified because you need to log into your account.
And for that account, you have to use a payment method. Sure, you can try and pay with a Monero to Bitcoin exchanger and do not give any personal information (and if we’re being realistic, we know most Kagi clients aren’t doing this). Even if you paid anonymously, you can only achieve pseudonymity because you’re associated with your account.
With SearXNG, I could use a different .onion instance for each query and be completely anonymous (that’s completely overkill, but it illustrates my point well).
No. Kagi’s fault is needing an account, a unique identifier which all searches could be correlated to.
SearXNG could leak your IP if your VPN provider was keeping logs? Definitely. And so does Kagi. Tor could be attacked by a three letter agency and compromise your .onion connection to SearXNG? Definitely. And it would be easier to de-anonimyze you when connecting to Kagi, which doesn’t have an onion domain. Do you need to give SearXNG your email and/or payment information? Not at all. But Kagi requires it. Can you look like two completely different users when doing two queries to SearXNG? Easy. Not possible with Kagi. Do we have the server’s code? We do for SearXNG instances. We don’t have Kagi’s.
I think it’s pretty clear the privacy compromise here.
the answer is yes, unless you’re on GrapheneOS. Google Services is a privileged app and therefore it can bypass permissions as it sees fit.
GrapheneOS (optionally) installs it as a unprivileged app, which you can restrict permissions to. Still, I wouldn’t recommend installing it since they have extensive telemetry.
Try luck with throwaway email + VPN. Although it’s possible they’ll still be able to identity you if you’re the only one using that VPN on your local Walmart. At least they won’t be able to see your traffic.
In the privacy community there are services, programs for private maps use. Some even suggest using the phone without a SIM card (which is quite possible, but you can get into trouble). But I don’t use them, as my geolocation is already tracked by an advanced camera system in my city, by my cell provider via triangulation....
what do you mean by you can get into trouble for using a phone without a SIM card? A WiFi only phone is just a smaller tablet.
And yeah, cities with extensive camera vigilance can be a problem impossible to solve. There’s not much you can do about that other than protest.
Your cell provider might track you via triangulation, but this is solved by either plane mode, turning your phone off or a Faraday bag. Of course those would render your phone useless (except plane mode and WiFi activated).
it’s a problem quite difficult to solve right now. if you want a working phone, at least your cell provider will track you. But by using open street maps you don’t give your data to Google too, so you minimize who has it.
oh okay, I thought you meant legal trouble. Of course that you won’t be receiving calls without a SIM card.
There’s a way of receiving calls without a SIM card, and that’s using VOIP numbers, like Twillio. But you’d need to be connected to WiFi of course. So there’s not real solution to this problem other than letting your cell provider track you.
I suggest using Tor or a VPN (with jurisdiction outside of your local government claws) at all times so even if they get your location, they don’t know what are you doing with your phone.
Also, Yandex might sell the information to other third parties that your government might not sell to, so I would still use open street maps unless the difference in comfort of using Yandex is a big deal for you.
What do you mean? only the ones in the screen or the very first ones from years ago tend to fail. Otherwise, fingerprint scanners on Android work like a charm.
that’s why Apple forces replacement parts to be paired with the original device, making impossible for repair shops to scrap and reuse parts of broken iPhones to repair others.
Let’s be honest, Gmail, being a Google service, was condemned to have an awful UI which can’t work without loading megabytes of JS into your browser.
The good news are that they still support mail clients, which everyone should be using except for those occasions you’re working from a device you do not own.
The bad news are that Gmail still analyzes your emails in the server side, and uses them to serve you tracking ads and train AI models. So maybe switching providers altogether is a better option for those who have a choice.
The table is quite big (190+ lines of hand-written HTML) and it doesn’t fit on mobile phone screens unless you zoom out. It should be fine on desktop. It also specifies the criteria followed and has analysis of some of the IMs in the table (not close to all of them, I hope to add more analysis in the future)....
yeah, I agree. I hope the project lasts, because it’s by far the best option. I hope they manage to implement having the same “account” in both desktop and mobile, it’s the only feature I miss.
As of why multi-device sync isn’t a core feature is due to the inherent nature of the SimpleX protocol that everything is stored locally, servers are only relays and do not store nothing more than heavily encrypted packages that only contains messages and once they are delivered, they are immediately removed. Servers do not store any information, they don’t have your contacts, nor any form of unique identification for your account. You might even change the relay you’re using every 5 minutes, because you aren’t tied to them.
Compare that with XMPP where you’re hosted in one server and all your messages and conversations go to that single server. Your server also stores your contact list for multi-device sync and because you’re always using the same server for that account, it will work seamlessly. In SimpleX, your account information never leaves your device.
I mean, XMPP also leaks your IP to the server if you don’t use Tor or a VPN. If you don’t trust the server, it’s a must to hide your IP.
I don’t think that changes anything in the comparison. Except Briar, which uses Tor by default, I think that every other messenger reveals your IP to the server if you aren’t actively hiding it. That’s just how it works. At least SimpleX and XMPP can be used through onion services, something that others don’t offer.
yeah I agree that XMPP is currently the best option.
But SimpleX is also self-hostable, you can configure it to only connect to your own relay server. Or just use .onion servers. So SimpleX is a close second IMO.
electron is mentioned in the OS supported section as a platform. Not taken into account for the privacy part, as you can see it is neither red or green. Also, there’s not a single mention of Element, because it’s just one client, yes.
I encourage you to read our criteria, I think you’ll find it quite reasonable.
I just did a text search on the page and There’s no mention of electron outside the Operating System support in the table, which is not taken into account for the rating.
And yes, I like that There’s no official client for XMPP which helps it’s independence from any entity or corporation, potential bad actors trying to push malicious features. But that’s beyond my point.
I don’t judge Element instead of Matrix. I just mention the OS support which is not rated and I make clear that there are other clients.
Briar and GNU Jami are the best privacy friendly P2P messengers. I think they have MacOS support but not sure.
SimpleX Chat, although not P2P, uses servers as relays and they get virtually not data from you. You can even switch relays daily or host your own. Depending on your use case, it could be useful since IMO it works better than P2P messengers (due to the limitations of P2P)
I didn’t know this one, and after looking through their website, I can’t trust them at all.
Dev’s email is gmail. First red flag. And their social media profile are Twitter, Instagram and Facebook. Not to mention that all I can read about their “protocol” is shitty marketing speak. There’s no technical whitepaper. And there’s no code. It seems to be proprietary software which is enough reason to run away from it. Together with the rest of things, it looks like either it’s a honeypot or (more probably) a fake privacy initiative trying to grab some money/data from non technical users.
Kagi is a paid alternative to ad-supported search engines like Google and DuckDuckGo. It has recently revised its pricing model, reducing the cost for a plan with unmetered searches from $25 per month to $10....
not at all. with that, you achieve pseudonymity, because even if they can’t know who you are, they can tie every search you do to the very same account, your “pseudonym”.
with DuckDuckgo (and I’m not a DDG fan to be honest) I can just change my IP and clear browser local storage to make several anonymous searches.
with kagi, even if you take the inconvenience of creating a new account each month, all your monthly searches are tied to a single account.
Not as far as i can tell. If you used a new burner email every time and paid through trocador with monero your payments could be tied back to the instant exchange, but no farther since monero uses ring signatures.
I didn’t mean to your real identity (if you’ve managed to do payment well enough and never leak your IP while using it), I meant that even if you create a new pseudonym every month, all your monthly searches are tied to a single pseudonym, which can reveal a lot about an individual.
XMPP and Matrix are two competing federated end-to-end encrypted messengers. XMPP is far better, on server cost decentralization, speed over Tor, degoogled push notifications, multi-identities, and overall privacy. So if Matrix is inferior centralized bloatware, why is it more popular? Especially among techies, who should in...
idk about the rest but the $5 Hetzner box running Synapse is inaccurate. While you can definitely run either Prosody or Synapse in the same box, Prosody consumes much less resources, which means that if, for example, a $5 box can run a 500 users Prosody (XMPP) server, that same box running Synapse could allocate only around 100 users
(not actual numbers, I haven’t done any real benchmark other than installing both of them in my Raspberry Pi, mess around with both and test how Prosody’s resources consumption is much lower, both on “idle” and when receiving traffic)
I get your point and your use case, but I like to look further in the viability of the network.
yeah of course, a $5 box can’t host 500 users, they weren’t actual numbers. But in my tests on limited hardware, Synapse consumed almost twice as much RAM and CPU for (barely) the same usage. So I’d imagine that when scaling things up a large XMPP server can be run with much less hardware than a similarly sized Matrix server.
This is quite relevant for the longevity of the network. Cheaper hosting means more people can afford to voluntarily run servers and also less amount of donations can cover the costs.
Elon Musk said he will charge all X/Twitter users a fee to be on the platform. He suggested that such a change would be necessary to deal with the problem of bots on the platform....
small communities of self-hosters that offer the services to those who don’t possess the knowledge to do it themselves. These communities would self-host federated protocols (eg XMPP) so people can interact with others no matter which server they use.
Ideally maintained through users donations. If you want to be less idealistic, maybe small co-ops which charge a reasonable monthly/annual fee and provide free services for those who can’t really afford to pay.
Does anyone know if there might be an android client for Bookwyrm. F-droid has one but it’s not been update in 5 months. I tried using fedi-lab but it couldn’t seem to connect to the instance I’m using
it uses Android’s webview, which is a chromium browser that comes with Android by default to be used inside apps. This means that it does not need to be updated frequently, since it is just a wrapper for Android’s webview. And bookwyrm itself is updated on the server side and sent to your browser, so no need to update that locally either.
From reading their github’s repo, the only thing the developer adding is a barcode scanning for books to be used within webview. Not sure how many updates that thing needs, probably not many.
In conclusion, as long as webview is updated (important, browsers are a security nightmare) and your Bookwyrn instance is updated too, there should be nothing to worry about even if the app itself isn’t updated in a year or more.
I’m helping a friend of mine writing a long essay exposing the abusive, monopolistic and anti-consumer practices of Microsoft. First, we’ve created some sort of table of contents with the different topics we want to cover and now we’re gathering sources for each of these topics....
Dev’s email is gmail. First red flag. And their social media profile are Twitter, Instagram and Facebook. Not to mention that all I can read about their “protocol” is shitty marketing speak. There’s no technical whitepaper. And there’s no code. It seems to be proprietary software which is enough reason to run away from it. Together with the rest of things, it looks like either it’s a honeypot or (more probably) a fake privacy initiative trying to grab some money/data from non technical users
as it’s usually the case with these shady proprietary super duper secure messengers they probably don’t have a protocol of their own. The dev probably took any other IMs source code, made a few changes to the UI and now is trying to grab some cash or data from the few people that install it.
Apple considered switching to DuckDuckGo from Google for Safari - Bloomberg News (www.reuters.com)
Migrated from Windows to Linux. Decided to share list of answers/statements I was looking for before did it (and could not find).
Finally migrated from Windows to Linux. For anyone wondering, what is the state of Linux as your primary OS for home PC\laptop in 2023....
Meta (Facebook / Instagram) to move to a "Pay for your Rights" approach (noyb.eu)
The Wall Street Journal reported that Meta plans to move to a “Pay for your Rights” model, where EU users will have to pay $ 168 a year (€ 160 a year) if they don’t agree to give up their fundamental right to privacy on platforms such as Instagram and Facebook. History has shown that Meta’s regulator, the Irish DPC, is...
Bromite is dead, long live Cromite. (github.com)
The Bromite project has been inactive for the last 9 months or so. Today I found this fork of Bromite that’s well maintained and seems to work flawlessly. Hope it helps others who were looking for a replacement.
Amazon Prime Video is able to remove a video from your library after purchase. (lemmy.world)
We are contacting you regarding a past Prime Video purchase(s). The below content is no longer playable on Prime Video....
[proprietary] Professional DAW 'Studio One' is Now on Linux (Public Beta) (www.omgubuntu.co.uk)
Google Intros Chromebook Plus Devices With More Power, Apps and AI for $399 (www.cnet.com)
The new Plus category of Chromebooks is an assurance that you’ll get a higher level of performance and features but still at a reasonable starting price....
I wrote an article comparing privacy oriented search engines' privacy policies. Would love your thoughts. (www.ioslife.dev)
Free software pioneer Richard Stallman is battling cancer (www.theregister.com)
The Register www.theregister.com/…/richard_stallman_cancer/ #GNU #Linux
Do Google services have access to the camera/microphone if you don't give this permissions? (upload.wikimedia.org)
Do not really understand how Android sandboxing works for system apps.
Usually connect to Walmart's WiFi but they changed their policy I guess, won't be doing that now... (lemmy.ml)
I'm not worried about saving my location. Are you? (upload.wikimedia.org)
In the privacy community there are services, programs for private maps use. Some even suggest using the phone without a SIM card (which is quite possible, but you can get into trouble). But I don’t use them, as my geolocation is already tracked by an advanced camera system in my city, by my cell provider via triangulation....
any other pixel 6 users lose their fingerprint and biometrics settings options completely after the latest update?
I’m on Android 13 not 14 and I’ve seen reports a few months ago about this happening for 14....
Do you think VPN companies will start to feel pressure from legal/corporate powers to crackdown on pirating?
With the resurgence of pirating, do you think there will be a “response” from the powers that be?...
A new smartphone again? Rethink unhealthy culture of frequent upgrades (www.straitstimes.com)
SO. MUCH. THIS.
Google killing Basic HTML version of Gmail In January 2024 (www.theregister.com)
Google will discontinue the Basic HTML version of its Gmail service in January 2024....
Custom rom Realme 10 pro plus
Any custom rom in making for realme 10 pro plus?
Europe wants easy default browser selection screens. Mozilla is already sounding the alarm on dirty tricks (www.theregister.com)
Can you blame it?
Instant Messengers Analysis and Comparison (privacy.awiki.org)
The table is quite big (190+ lines of hand-written HTML) and it doesn’t fit on mobile phone screens unless you zoom out. It should be fine on desktop. It also specifies the criteria followed and has analysis of some of the IMs in the table (not close to all of them, I hope to add more analysis in the future)....
Recommendations for p2p messaging apps which don’t collect any of your data?
Does anyone have recommendations for p2p messaging apps which don’t collect any of your data and sell to advertisers?...
Unlimited Kagi searches for $10 per month | Kagi Blog (blog.kagi.com)
Kagi is a paid alternative to ad-supported search engines like Google and DuckDuckGo. It has recently revised its pricing model, reducing the cost for a plan with unmetered searches from $25 per month to $10....
XMPP vs Matrix: Whose King of Federation? (video.simplifiedprivacy.com)
XMPP and Matrix are two competing federated end-to-end encrypted messengers. XMPP is far better, on server cost decentralization, speed over Tor, degoogled push notifications, multi-identities, and overall privacy. So if Matrix is inferior centralized bloatware, why is it more popular? Especially among techies, who should in...
Will you be willing to pay for using Twitter? (variety.com)
Elon Musk said he will charge all X/Twitter users a fee to be on the platform. He suggested that such a change would be necessary to deal with the problem of bots on the platform....
Bookwyrm Android Client
Does anyone know if there might be an android client for Bookwyrm. F-droid has one but it’s not been update in 5 months. I tried using fedi-lab but it couldn’t seem to connect to the instance I’m using
Why do you hate Microsoft?
I’m helping a friend of mine writing a long essay exposing the abusive, monopolistic and anti-consumer practices of Microsoft. First, we’ve created some sort of table of contents with the different topics we want to cover and now we’re gathering sources for each of these topics....
deleted_by_author