Hiker, software engineer (primarily C++, Java, and Python), Minecraft modder, hunter (of the Hunt Showdown variety), biker, adoptive Akronite, and general doer of assorted things.
Stealth was already a thing though?
https://web.archive.org/web/20240704205425/https://protonvpn.com/blog/stealth-vpn-protocol/
Very confused by the “new” post with the same URL announcing an existing thing. The only new part seems to be “for Windows” but that’s not clear at all from the blog post.
I was a teen in the early 2010s. It’s not a hard and fast rule, but the people I know that I grew up with (myself included) that are doing the best with their careers, did the best in college, and were least subject to peer pressure/had good impulse control had parents that did not censor their access to the Internet and instead had conversations about time management and gave them room to fuck up in high school.
I went to a community college during high school per my parents pressure and promptly fucked up one class having to drop it and having my parents pay $600 instead of tanking my GPA.
BUT, I never dropped a single class at university and graduated magna cum laude. I had the room to fail when it didn’t matter as much.
I don’t want to be a backseat parent, but as someone that grew up in this mess myself and saw a lot of people hit the pavement, please consider giving them more freedom as they get older so they can fail while you’re still there to catch them. You don’t need a firewall to stop someone from watching videos all day … just check in and see what they’ve been into all day; encourage them to create stuff not just consume it.
I was also very isolated in high school, depressed and hiding it, and the folks I met playing video games on the Internet honestly were a huge factor in my continued existence. Some are still very good friends well over a decade later.
Perhaps a different perspective, perhaps not. Do what’s right for your kids, but every time I hear about parents policing their teens Internet usage I get concerned because of my own lived experiences. Have a nice day.
I wouldn’t … mostly because it discourages you from remembering/memorizing your password, and that’s not something you want to do.
FWIW: I think the local password manager only folks are a bit overly paranoid (and most folks I’ve met of the mindset end up using syncthing or something like that anyways which is basically just Proton Pass with extra steps … so I wouldn’t worry much about that side of it).
It should be provable they use the protocol. That’s what goes over the wire and it can be observed.
What’s not provable is that there isn’t a backdoor in the app that allows specific users to be targeted.
Similarly, it’s not provable that there isn’t some client side scanning technology.
Furthermore, it would be difficult to prove that Whatsapp doesn’t send some data back to Meta for all users masked as part of some other network operation.
I suspect any backdoor that happens for all users or regularly would’ve been detected, but that still doesn’t mean it’s safe.
I don’t entirely disagree… But, if they build the entire platform and you can just self host and use someone else’s editors inside their platform, they’re not making any money and the fact that they made their code open source and overly generous is ultimately probably a major factor in that.
Ultimately you may be about to use someone else’s markdown editor, but they made that possible.
As it stands they claim to give you a pretty steep discount if you use your own servers. I don’t know how steep of a discount it really is…
But standard notes was never free as in beer, it was free as in speech… And AFAIK there’s nothing to stop you from learning to code, forking the app, removing the licensing mechanism, and making your own build.
First, it was a little weird that the biggest draw of their premium subscription was not their cloud but extensions, which were mostly made by third parties and needed only a static site to host. But I could host my own extensions so this was no big deal.
Yes.
Then they made it harder to host and install your own extensions, making you have to select them one at a time instead of pointing to a single place.
They really want you to pay for the product, ultimately they are a business. You self hosting without a subscription doesn’t help them.
https://standardnotes.com/help/self-hosting/subscriptions https://standardnotes.com/help/48/can-i-use-extensions-with-a-self-hosted-server
Then they started moving functionality like folders into extensions.
As a long time user… I’m fairly confident that folders always were an extension? Of course folders used to be a layer upon tags and now they’re just kinda the same thing.
… in any case it doesn’t really sound like you were ever a customer and I don’t think they’re going to miss you much. Maybe this is still good information for other folks that don’t want to pay them though.
And I haven’t been particularly thrilled with the idea of putting all my privacy needs under a single banner either.
I do share that concern. Proton is increasingly the “big privacy tech” company. That’s also not an inherently bad thing to have though as big companies do carry more weight in political discussions. They can help represent privacy in legislation (for better or worse companies are people for this purpose in the US).
Email isn’t secure. You need to put a ton of trust in your VPN provider. I don’t think either of those services should be provided by the same company…
Email can be (close to) secure with PGP, which Proton is just a fancy PGP client.
The VPN was created because they needed a VPN they could trust for their email customers in sketchy areas.
I think Proton grew out of necessity then because they realized both that they could and it’s useful for them to grow.
They’re not bad, you’re just misinformed at a fundamental level.
Proton Mail is like Bitwarden, it encrypts data client side and stores the encrypted blob server side, which is exactly what they’re doing with your private key. Otherwise, you’d have to carry it around on a USB or do some other voodoo to be able to read your emails.
That paper is god awful bad. They’re basically saying things like “it can’t be secure because they rely on the client code to be delivered by TLS and you could have a MITM that results in different client code being sent!” and "proton allows you to set passwords that are weak, thereby not looking out for your best interest!
Their conclusion can be summarized as “Proton can’t provide a secure web mail application, because nobody can.” Their suggested remedy is also actually a thing now because there is a Proton Mail desktop application.
The whole thing is pretty ridiculous in any case because someone would have to have control over your DNS server, you’d have to go to a phishing instance of proton instead of the real one, you’d be logged out because the cookies wouldn’t be decryptable by their server, so you’d then finally have to login handing over your password.
If you use Proton VPN (or some other trustworthy DNS) that situation can happen. For most people it’s an extremely unlikely situation. It’s not a Proton problem though, it’s a web technology problem.
For most people this situation will never happen (but it would be nice if someone would solve the problem).
When using TOR or a VPN, they also force you to verify your account with SMS.
People are going to abuse services that allow anonymous signups… Proton does not claim to be an anonymous email service, merely a private email service.
This seems like a good feature.
Though, the main thing I want from Signal is back-sync (from a phone to a computer) when pairing a new device… The lack of the ability to do that is effectively a deal breaker for me. I want my entire chat history (or at least the last 90 days or so) available on my computer so I can search it/see recent context even if it’s a fresh install/new device/there’s a bug resulting in a resync being required/etc.
https://www.digitaltrends.com/mobile/apple-iphone-getting-rcs-2024-imessage-news/
Maybe try searching what I said first…?
You definitely shouldn’t invest time in SMS. Without RCS (or some custom messaging protocol support), “texting apps” are pretty much a dead market.
RCS is both more secure and more user friendly than SMS can be by design. Once the iPhone gets RCS support in the coming months/years, this will be especially true.
It really hasn’t. Some people freaked out about it for weak reasons, similar to people freaking out about Wayland.
It’s made working across distros so much nicer. The fundamental service management, logging, etc is all just a bunch of common tools and patterns.
Fedora, Debian, Ubuntu, OpenSUSE, Majaro, etc didn’t switch to it because “it’s one of the cancer’s of the Linux desktop for years.”
https://mxlinux.org/wiki/system/systemd/
I’m pro-systemd so that’s an immediate pass from me.
Are you sure your union isn’t helping? No union is going to be run by miracle workers, but that doesn’t mean they don’t improve conditions. I can’t say for sure, but I suspect this sentiment is part of why union membership fell apart in the 20th century “well my union doesn’t do anything for me anyways.”
Like democracy, unions do require some upkeep via people stepping up. If you don’t like how your union is performing, you could consider becoming a rep (admittedly based on my limited understanding as a non-union employee).
Do you happen to have a time-stamp?