flatbield
Interests: News, Finance, Computer, Science, Tech, and Living
- 0 Posts
- 51 Comments
Also decide what apps that you must have. If you can use the browser version or the progessive webapp version which is just the browser version installed that is probably better. Or if you do not need it on your phone use the browser version on you laptop.
In the end though you will have some of these platforms for network reasons. Mostly things like Instagram, Facebook, LinkedIn. Google is not one of them though except for android itself. You also do not have to spend a lot of time contributing to these platforms. Use them when you need to nothing more.
Well that is the point isn’t it. Companies are not very reliable. The only thing they can be relied on to do is whatever butters their bread and that can change at any time. There is also a PR component and a fact component and they do not always agree.
Proton is really no different. I seem to remember they changed what they said on their website after outing that activist. Presumably to be a little less misleading. Again, I am impressed with Proton but not infinitely impressed.
Security audits do not guarantee security. They are just the best we have. Just as code reviews do not guarantee good and trustworthy code. In the end, we do not know what we do not know. In the end, every system has its weaknesses.
Sure I believe Proton is a reasonable supplier. Even with that Proton for example is on the record of giving out user info to governments. I am sure they did not meet the expectations of that activist.
Security is always porous. The article really had no suggestions. They say 2FA but account recovery is often a combination of access to your email account or questions. None of this stuff is particularly secure.
So yes security is an advanced feature usually not provided and normal users do not even try at being secure nor do most systems insist on it.
Edit: Some sites are doing away with passwords and just sending and email with a link to login. Totally not secure but account recovery has long used the same method so it may not be actually reducing security much since there never was much security.
One way to find providers is to go to your states tax site and see who supports your state. This list is often a lot shorter list. The ones I would look at in general sorted by decreasing popularity of their web site last year:
- TurboTax. 52%.
- H&R Block. 31%.
- FreeTaxUSA. 8%.
- TaxAct. 5%.
- TaxSlayer. 2.4%.
- OLT.com. 0.58%.
- 1040.com. 0.26%.
The % numbers are really just relative website popularity of the options I listed at a point in time. As I said before, I favor FreeTaxUSA. Interesting they can import from TurboTax, H&R Block, TaxAct, TaxSlayer, CashApp, and OLT so they must consider those their major competitors. Also note that I believe the same company that is behind FreeTaxUSA also markets under TaxHawk and Express1040.com.
TurboTax, H&R Block, TaxAct, and TaxSlayer tend to be the high end products in decreasing popularity and price. The first three tend to be somewhat similar pricing, and TaxSlayer a bit cheaper. FreeTaxUSA, OLT, and 1040.com tend to be the lower end offerings again in order of decreasing web site popularity though not always decreasing price. FreeTaxUSA appears to be the low end market leader.
I have not used all of these but I have used FreeTaxUSA and TaxAct. Both were fine. We finally ditched TaxAct a few years ago due to rising prices and their stupid tiered pricing plans. FreeTaxUSA is just so much simpler then many of the other providers because it comes without most the marketing BS and it has a good price/value ratio.
Others, feel free to comment and make any corrections to what I have said.
Like others said FreeTaxUSA. We use it and like it.
Just know one downside is that it does not do direct imports from financial firms or other data sources. You have to enter the data. Otherwise for individual taxes, it is pretty complete. It also does not do Form 1041 returns which is for Trusts and Estates as separate entities, that is under their own EINs. Most people do not need that.
Edit: Looks like this year a few imports have been added. One seems to be W-2 from PDF. The other is last year returns from some common other tax return providers. Not tried any of these. They already imported their own last year data.
Not saying I like it. I actually have email running in my VPS. Pain to setup but did not have delivery problems but I only use it in limited ways.
Reason I did not switch to this for general use is mail is too core and it needs to be something my wife can maintain if needed. Plus I would have had to have several VPSes in multiple data centers to guarantee 100% uptime and segment security. Plus auditing, patching, and upgrade work load.
For now we use the mail accounts provided by my small ISP but at some point we will probably move to hosted domain mail. Maybe Fastmail or something similar as the provider.
My point is that it is not correct that only gmail works.
Self hosting is a different consideration. It is a lot of work and fairly costly to get correctly setup and a real pain to maintain. There is very little reason to do it too as there are many providers that can host your domain mail. Proton Mail and Fastmail are two such examples.
I am annoyed by this too. The big limitation would have had you could not use IMAP as that is remote.
The other issue is implementation. It would be easy to forward or attach or just store unencrypted in an insecure way which may not be desirable. Frankly for what I do I would prefer Thunderbird decrypt on receipt but place all content in a vault. If one wanted to add some more restrictions one could make it hard to forward by accident mail that was originally encrypted.
The big issue with PGP has always been a combination of bad implementations and key distribution.
Moderation has always been required on the net. It is only a question by whom and for whom. To participate in any social setting either IRL or on the net, you need to conform to the expectations of that community. If you choose to do otherwise then you can expect consequences. What is shocking about this?
This is what F-droid says:
This is the crazy thing about ads. The ad network and site operators should be responsible for making sure both the ads and the people putting up the ads are trustworthy. The reason I now block all ads is this reason. Neither party cares and they are willing to act as a conduit for this stuff. In most other industries orgs are responsible for their supply chains.
What is the story with XMPP anyway. For a while, maybe 10 or more years ago it looked like the thing. Then it kind of imploded. Do people actually use it?
I know FSF may still have a server. DuckDuckGo did for a while. Maybe still does.
Biggest issues I ever had with it were firewall traversal. Most servers did not offer tls 443 at the time. The video chat extension was not wide spread either. Good public servers were sometimes hard to find too plus there was some spam.
This is my issue with Wireguard. It is not good a firewall traversal. On restrictive nets really you have to get out via TLS port 443. No other way often works. So for the traveler OpenVPN TCP option can be way better. Nice to see Proton has a solution.
The other problem with Wireguard is that it is not necessarily as anonymous. The good VPN providers had to do special things to make that so.
Other then that, Wireguard is wonderful in terms of performance and presumably security too.
Question. Did XMPP ever solve the firewall traversal problem. What I found back when I used XMPP was that I simply could not use it on a lot of networks because the server port would be blocked. 443 would often work but not all XMPP servers support 443. Not sure but maybe NAT traversal was sometimes an issue too.
Thanks for the post. Kind of blast from the past. Mostly XMPP as died and blown away in my neck of the woods but some people still use it. I think the fsf does, and maybe duckduckgo has a server. All for it coming back though, but good luck with that. I’ll keep it in mind though in the event I have an application. Thanks.
Keep in mind that security is boring. You want it to be boring. Long established distributions with good team and release cycle, really good security team, and minimal software, minimal attack surface (i.e. less is more). Just mention because Fedora is a test bed really, and so not exactly what one would choose for a secure system.
This is why of the list that people provided I would personally favor Rocky (RHEL), Debian, or OpenBSD. All of the others have a lot to prove to me frankly. Not saying bad, lot were good suggestions, but they have the downsides of being less mainstream and/or more cutting edge, or more specialized.
You might want to look at Debian and install only minimal components, and then just read through the security guide. If you care about security, I am not sure automated is the way to go, or at least not without some personal knowledge and a personal audit of the supposedly secure system. There is also the question of hardened against what meaning one has to consider your threats.
The problem with a lot of bio based systems is that they are spoofable on one hand, you cannot change them on the other, they are not secrets, and using them discloses them.
Face ID is a good example. Lot of these systems you can just hold up a photo. Apple is the only vendor that I would consider using face id with as theirs is believed to be fairly good.
How much speed do you need? That is still a lot of bandwidth. This is from someone with 8 mbps up/ 60 mbps down. So your still way better then I am. I am envious. Well no so much as this is enough for me.
Other thing to keep in mind is that bandwidth is only half of performance, latency is the other. So check that too.
You take me wrong. Not saying your question is a bad question. You ask what I do when I have a software dev question or other similar questions.
Software in particular but for many topics a web search leads you to the answer. If not that, then a more particular search of Wikipedia or alternativeto.net for example. Lot of these searches lead to familiar places some of course Reddit included though not that common for really good software dev answers. Software stuff is very well documented this way too. Source code, documentation, discussions … literally anything. I generally work my way back. In the end one can just read the source though we all try to avoid that.
You asked about a bridge. Search is the bridge. If I actually needed some direction from someone else I would find a specific forum or the actual dev community for that specific piece of software but only after I had put in the up front work.
So my answer was a serious one. Encouraging a way of thinking.
The big issues with iPhone I have are overly complicated, overly expensive, walled garden, and so locked down you cannot remote control, and cannot install your own software from your own sources. Researchers cannot even easily reaseach security issues and they do have them.
So with all that, iPhone is a no for me. On the other hand probably more secure. It is also not from an Ad company which is good.
There have been Firefox Extensions for a long time. Just a limited number. uBlock Origin is one of them. Reason I say Firefox is two reasons. First why would anyone use a browser from an Ad company. Makes no sense to me. Second there is talk that Google will eliminate some of the APIs good Ad blockers need and Mozilla I think has said they will retain.
What ads are you trying to block? For a browser use Firefox and uBlock origin. For apps choose apps without ads. F-Droid and alternativeto.net are your friends in finding apps. I basically do not have ads.
Just confirming what some others said. Basically I have a Nextcloud setup where I sync all my devices though Nextcloud and can see Calendar, Contacts, and Tasks on Nextcloud, Android, and Linux (though this side could have been Windows for example).
The software I use for this is Open Sync on Android. This is a free fork of DavX5 which like others said also should also work. Then I just use my stock calendar, and contacts app, but I use OpenTasks for my tasks. On the other end I also sync with Thunderbird on Linux and can see my calendar, contacts, and tasks.
Little techie to all setup just because of all of the components. But otherwise works well.
OpenTasks: https://play.google.com/store/apps/details?id=org.dmfs.tasks
Open Sync: https://play.google.com/store/apps/details?id=com.deependhulla.opensync
We still have a home phone and pretty much do not give out our cell number. So we get very few junk cell calls.
One thing I have been thinking. One way to block a lot of calls is have a phone number in an area code that you do not know anyone. Then block that entire area code and those around it if needed. Most of our junk calls come from the area code of the phone number.
Like others have said the most effective is to send everything to voice mail except what you white list. We do not do that but maybe we will get there.
For the FOSS stuff Nextcloud talk, OpenMeetings, and Briefing seem to be the other ones people have not mentioned. Not used any of them. Nextcloud seems interesting if you already use Nextcloud for other things.
Frankly I would personally look at Jitsi Meet, or Wire. I have used Jitsi Meet a year or two ago. I did not find it as stable as Zoom on my setup. I liked it in every other way. Also it uses WebRTC in the browser which means that the browser needs to be configured to use WebRTC and some browsers have typically worked better then others. I do not think Jitsi Meet is e2ee though. I mention Wire because it may be e2ee (check). BigBlueButton is pretty well known too but I have never used it. Keep in mind not many conferencing solutions are e2ee.
Element/Matrix is the other tech I hear people talk about a lot. Not sure it is really a meeting alternative though.
The DGI Mini 3 Pro. Looks pretty cool. For that. Frankly you could just buy a separate cheap phone or tablet to use with just that or use an old one you already have. When you buy something to replace it later you could also consider openness and compatibility too.