Kagi is more of a private search company than an AI search company, but you need AI in your marketing to get funding these days.

They have done a pretty decent job of actually making useful applications of AI though; their summarizer tool is actually quite useful. It normally at least gets the jist of the page or YouTube video you’re looking at.

They also have taken steps to protect user privacy with their privacy pass extension … and they’ve announced a Linux port of Orion is on the way.

I’d feel much better if Orion was open source; but Kagi does seem to be taking their privacy commitments seriously.

I use Kopia to B2, then on a monthly basis I copy the current Kopia repo to an external drive that’s otherwise kept offline in my house.

I mean his phrasing could have been better but he is right that privacy and anonymity are different.

I’m not sure if you do given the account being disassociated from the search… Your bank could know you pay for Kagi, but that doesn’t mean anyone knows what you search.

The extension itself is open source and per them (I haven’t verified on my own) actually takes steps to combat the browser fingerprint problem; so I think it’s really just the VPN side of things that most people need to worry about (at least from the perspective of disassociating their search history and the sites they visit).

I have it; it works (even in private browsing windows so long as you visit the site logged in, in a non-private browsing window first).

Eh… Without examples, I don’t know that this is a good warning.

Everyone gets into different technologies at their own pace. Even if it does bite OP in some abstract way because they eventually get to some complex use case, that’s okay; it’s all a learning experience.

PostgreSQL is just better. It’s supports transactions on DDL (things like altering table structure) and enforces unique constraints after transactions complete … so you can actually do a bunch of important stuff (like update your table structure or swap unique values between rows) safely.

As someone that uses a custom domain for the majority of his email, it’s not really a privacy thing, it’s a control thing.

I have hundreds of unique unpredictable email addresses and I can disconnect them at will to stop spam.

Hmm… There’s been a lot of quality of life patches (key binds, esc to close interfaces, clicking outside of interfaces closes them, smarter quantities on the withdraw screen, the option to have left click do a “default action” rather than opening the window, middle click drag, etc). He was pushing out changes every day for like two weeks, then weekly patches.

I haven’t really seen anything I’d call a bug (it’s actually one of the most stable games I’ve ever played).

It’s definitely a true early access game (and they’ve said as much; they’re open to a lot of potential changes and have been quite receptive to feedback with strong consensus), so I’d definitely check back from time to time if you like it in concept. They’re talking about adding action queuing and reworking the combat to feel “better” in the near term. Player trading and PvP duels should come soon after as well along with a bunch of other stuff.

The game is designed to be friendly to touch screens and they do plan to have a mobile client eventually (similar to RuneScape). However, they have said they will not add any micro transactions or other predatory stuff … and I believe them; the Gowers have been quite principled about that over the years.

Yeah? What wasn’t clicking for you? I love it

I prefer Threema over Signal, but I do not think the US government recommending an app means that they have it backdoored. The US government needs to protect its own communications as well and while the left hand may be thinking encryption is bad for law enforcement the right have is thinking encryption is good for national security.

So… I don’t think there’s some larger conspiracy, just the normal government dissonance.

Threema

Me with a 7900 XTX playing brighter shores 🥲

The specs in the comic are just crazy. The top of the line option has expanded a lot too. In the past Nvidia wouldn’t have bothered making a 4090 because the common belief was nobody would pay that much for a GPU… But seemingly enough people are willing to do it that it’s worth doing now.

AMD also revived CPUs in desktop PCs from extreme stagnation and raised the bar for the high end on that side as well by a lot.

So it’s a mix of inflation and the ceiling just being raised as to what the average consumer is offered.

deleted by creator

As you said, if PFS can be disabled by enabling a feature on the receiving end it’s by security practices not enabled, in the industry that’s called a downgrade attack and considered very bad practice.

I don’t have an iOS device to know for sure but I’m fairly certain they inform you and participants in your chats about the PFS interruptions. It’s a temporary problem you have to deal with to use a beta application.

One of their devs was on mastodon talking about how PFS was more complicated with their design than they expected because they need to sync up the devices. Signal took the approach of sending one message to every device and Threema sends it to one of your devices and then that device sends it to the others. From what I understand this makes the PFS session key synchronization harder for Threema so it’s not implemented yet.

This was their initial tweet: „There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings“

The issue with Signal Desktop however, required full file system access to your device at which point, there is nothing stopping the attacker from simply using a key logger, capturing your screen, etc.

Right but in practical terms many of the findings cited against Threema were equally if not more doubtful. I don’t know who the “big security researchers” you’re referencing are, but … as someone in the tech sector myself I do tend to agree that we’ve gotten to a place of really happenstance exploits being sold as if they’re like the old zero days where the user doesn’t have to do anything, it works 100% of the time, and the user loses control of their system.

If that quote is real … I think they were probably just miffed that the researchers didn’t discuss the fact that they were already in the later design stages of protocol improvements and made their findings sound far more plausible to exploit than they were.

There’s just a double standard here too… Threema gets shit for downplaying an exploit where you literally have to have physical access to the device, but it’s totally fine that signal didn’t even use basic operating system functionality (the keychain) to protect data at rest – that’s a physical AND digital risk?

I think that’s a characterization of what happened but not necessarily a good representation of what actually happened.

Yes, some researchers in Zurich found vulnerabilities. Yes they down played them … because you still couldn’t read anything. They were also already working on a new protocol before those researches wrote their paper and yes I’m sure they made some tweaks based on their findings.

This is their response; I’d hardly call it “insulting” https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement

You could say the same thing about Signal’s response to their “desktop security scandal” earlier this year (of which Threema wasn’t vulnerable and Signal repeatedly refused to acknowledge as a problem).

yet it still doesn’t support critical features like full forward secrecy

They do support PFS (perfect forward secrecy) though their new multi-device solution doesn’t yet support it.

https://threema.ch/en/blog/posts/ibex

This is the same protocol they were already working on when the “researches they insulted” released their research finding issues with the old protocol.

Threema is also far more active with third-party audits than any other group: https://threema.ch/en/faq/code_audit

They severely mishandled vulnerabilities by insulting the security researchers, then introduced a new protocol they built with the advice given to them for free from the SAME researchers before that, and yet it still doesn’t support critical features like full forward secrecy.

IMO this entire sentence is just wrong.

IMO, they wouldn’t

I’d also recommend taking a look at Threema.

I think their product direction is a bit better. Particularly as Signal still shows a message that they don’t back sync messages before you paired devices “for your security” … Threema also doesn’t back sync messages in their beta multi device setup, but that seems to be more less of a product stance and more of a “we just don’t do it yet.”

Threema is definitely missing some features like emoji reactions, stories, and a builtin cryptocurrency (which depending on your stances might be pros or cons).

Both apps have definitely gotten better over the years; I think Threema’s multi device support has really drained resources on their side so there hasn’t been as much outward feature work. I’m hoping it won’t be terribly long until that changes.