cyrus

cyrus , 5 days ago

SimpleX is quite a promising project, uses Double Ratchet End-to-End-Encryption (from Signal), and has a very interesting protocol and model to provide quite strong metadata protection, especially in regards to whom you talk to and groups you're in.

If your threat model requires exceptionally strong Metadata protection, SimpleX is probably going to be your go-to

Though, for a more lenient threat model, where still good, but less laser-focused metadata protection is enough, Signal will probably do just fine.

Personally I use Signal, but I also have a SimpleX Profile, an XMPP Account and Matrix. (preferred in that order)

cyrus , 5 days ago

The "NO AI" clause is conditional, though.

As mentioned in their FAQ, they will reverse that rule when it is "viable in terms of data privacy and ethicality"

unless the rampant ethical and data privacy issues around datasets are resolved via regulation.

Whilst they aren't VC-Backed, their servers already had to do nearly 10 upgrades, their "AI Detection" is backed by another, third-party AI, and it's not transparent what said service is.

And to top it off, it's a closed ecosystem. You upload your art there, and either Cara dies one day and your following is gone, or they change their policies, leadership or anything else, at which point everyone will have to move again

it's yet another case where the Fediverse and other Federated networks address the core issue that lead to this disaster - content ownership - better than systems like these do. I'm not hopeful for Cara.

cyrus , 7 days ago

Just FYI, Heliboard (continuation of OpenBoard) has all of the above. Just note that you'll need to import Google's Swype library once to use Swipe-To-Type.

cyrus , 7 days ago

Its great, same as their standalone Speech-To-Text Application.

cyrus , 7 days ago

Yes, they self-implemented that.

So unlike Heliboard, you don't need to import Google's Swypelibs.

cyrus , 12 days ago

If you wanna go nuts on the data, probably Obsidian.md with the built-in Daily Note plugin and the Dataview plugin, which allows you to do all kinds of crazy operations on the data in your vault as if it was a database.

If you wanna go less nuts, obsidian still has tagging, linking notes, daily notes, and all kinds of other stuff built-in and is extensible by things like the Calendar plugin from the community.

And everything is stored as plain Markdown with the occasional hint of JSON (for some plugins) so you're not locked into using Obsidian until the end of time. Your data is yours.

(I realise this sounds like an ad but I've just been using Obsidian for years now and I enjoy it)

cyrus , 11 days ago

I've resorted to just syncing my fault folder using Syncthing externally, surprisingly convenient

cyrus , 10 days ago

Syncthing does have an Android app, but I've never looked into doing anything syncthing-related on iOS because I simply don't have any iOS devices :/

cyrus , 12 days ago

NPUs existed before recall and have other uses apart from that.

cyrus , 18 days ago

Just FYI, SearX is dead. Long live SearXNG

cyrus , 22 days ago

Codeberg, woo!

cyrus , 22 days ago

Alternative Title:
Google CEO Sundar Pichai on Bullshit-Powered search and the future of the Hellfire we used to call the "Internet"

cyrus , 22 days ago

Yes.

After their plan of starting with local iMessage and expanding later didn't turn out well, they turned it around. Start with Matrix, add local bridges later.

The current application is based on the Beeper Mini codebase, is Matrix-First and will soon allow you to use local bridges to better preserve E2EE. As seen by some MSCs opened up by the beeper team, they are also looking into encrypted chat backups with these local bridges.

cyrus , 22 days ago

It's not a traditional matrix client mind you, and when I say "Matrix First" I mean architecturally.

cyrus , 26 days ago

This is a deliberate decision to force people to turn off tracking protection.

No this is a hilarious fuckup where they forgot to move twitter.com, pbs.twimg.com and more off of the Twitter domains, so Firefox started blocking it because to Firefox it looks like Social Media trackers.

Mozilla already pushed a fix.

cyrus , 27 days ago

FYI: xManager itself is Open-Source, Spotify obviously isn't.

cyrus , 27 days ago

That's just fine.

cyrus , 27 days ago

I won't properly reply to this, I'm biased cuz a friend of mine works on this 🥴

cyrus , 27 days ago

I mean, to be completely fair, that's how data storage works.

We cannot really just make data disappear, so we let it get overwritten instead

cyrus , 27 days ago

yeah cuz for normal, day-to-day use that's exponentially slower the more you're deleting

You can do that when you wipe something.

cyrus , 27 days ago

no when I say "overwritten" I mean that the area is set as deleted in the filesystem and the next time something writes to that area the data that was there before is disregarded.

cyrus , 27 days ago

no I don't believe a damn word of what apple's gonna say on this, I just wanted to get the message out there that generally file deletion works by allowing data to be overwritten, so if the images are local this could very well just be that either it's showing data that hasn't been overwritten yet or it accidentally brought things out of the "recently deleted" depending on how long ago it was deleted.

cyrus , 27 days ago

If all that you wanna do is download stuff, maybe try https://cobalt.tools

It pretty much just grabs the raw URL to the content for you, without the UI and fluff (in the case of Instagram) so you can just do a little "save as..." and it's worked quite reliably for me to view content my friends sent me.

cyrus , 28 days ago

The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.

The claims of signal being "state-sponsored" come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)

It wouldn't make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it's mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?

And again, Durov's claims are entirely assumptions, and that coming from someone that has had [various](https://mtpsym.github.io// different vulnerabilities and weird bugs on their platform

cyrus , 29 days ago

Musk himself hasn't actually provided any sources either, all his statements made on Twitter recently are basically pulled from thin air, almost like vague references

cyrus , 28 days ago

That already exists, but it's weak in terms of encryption.

cyrus , 29 days ago

activism.

cyrus , 30 days ago

Just so you know, the actual source code for this project mentions both Jamulator and another project that did this for the N64.

cyrus , 30 days ago

it sucks but can you blame them?

For picking discord I very much can blame them, I figure it won't be long until that goes down the drain too.

cyrus , 26 days ago

Open https://yourserver.example/.well-known/matrix/client and see if this part exists in it:

"org.matrix.msc3575.proxy": {
    "url": "https://slidingsync.lab.matrix.org"
}

if so, chances are it'll just work.

cyrus , 26 days ago

Yes, the entire point is that it is the client where Sliding-Sync is being developed and tested.

cyrus , 26 days ago

Yeah but logically speaking that's what EX looks fort, and chances are that it'll work (because why else would it be in the response?)

cyrus , 1 month ago

(the sync can actually be self-hosted and is OSS, the DRM is third-party and proprietary)

cyrus , 1 month ago

It isn't google-free in the sense that it ships https://microg.org

Unless you enable SafetyNet, none of Google's code runs.

cyrus , 1 month ago

Proton and Wire didn't share any decrypted ciphertexts, Wire shared a ProtonMail address and Proton an iCloud Address that they had set as a recovery method.

Personal info like where they live came from Apple.

cyrus , 1 month ago

"Inside the EU" in the sense of "its headquartered in the EU" or in the sense of "available in the EU"?

either way, I've heard lots of people here vouch for Tidal.

cyrus , 1 month ago

The case is essentially "hey you kinda passed a bill that's against your own constitution? You're kinda supposed to follow that..."

cyrus , 1 month ago

Most info came from the fact that they made the move to link their personal iCloud Mail as a recovery method.

Infinite wisdom.

cyrus , 1 month ago

there are additional cookies with duration as high as 1825 days, not 180... So which is it?

Whatever the browser reports is what they are actually doing.

In Firefox, enter the developer tools, navigate to the "Storage" tab and open the "Cookies" dropdown.
For any given domain you can now look at the "Max Age" or Expiry date.

cyrus , 1 month ago

the metadata still isn’t.

That doesn't quite work in the case of Signal

The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn't encrypted.

Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn't realistic.

*: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling...especially if you wanna stay sane whilst having a threat model

cyrus , 1 month ago

I've just installed it, and it runs just fine on my PC

As per the source code, that was probably from here given that is where the source code for this Linux port lives.

cyrus , 1 month ago

They are technically not wrong when they say that the whole experience isn't made up of just an App

They are intentionally dodging the ACTUAL question.

Anyways here is a leak of their "LAM", which is just playwright for the most part.
https://web.archive.org/web/20240424133441if_/https://pixeldrain.com/api/file/vYHXbUwP?download

With that, we have both components, yay?

cyrus , 1 month ago

I'm curious about all the people in this thread saying regarding phone numbers considering I do have an account that's just an email alias and thats it 🤔

cyrus , 1 month ago

approximately 9 months, sometime in summer of last year

cyrus , 1 month ago

No I mean the new bitwarden app works completely offline lol

cyrus , 1 month ago

Well for one, iMessage runs over the internet and Apple isn't a telecom company (Verizon, etc)

Either way, the TL;DR is that either there must be a backdoor or something else to allow law enforcement to access communications that run over telecom companies. This doesn't apply when a user does it, but definitely when telecom companies design a messaging protocol.

cyrus , 1 month ago

iMessage can also run over e-mail.

And RCS was designed by the GSMA which is effectively a bunch if telecommunications companies.

cyrus , 1 month ago

Video rooms are coming, Element is currently working on MatrixRTC, for Matrkx-Native VoIP.

Demo is at https://call.element.io, Element X on mobile implements this and soon™ the desktop client will too.