I use Pixel with GrapheneOS as my phone, and I just have a separate profile that only has WhatsApp installed and nothing else. Since the profiles are completely separated, it doesn’t have access to anything else I do on the phone and it’s not running in the background (the profiles are basically sandboxed fresh slates, and switching it can be set-up to behave in a same way as basically turning off the phone as far as the profile is concerned).

When the bridge asks me to log in again or refresh a session, I simply switch to the second profile for a minute and re-log in. I’ve heard iIt might be possible to set up an emulator and leave it running on the server, but that felt like too much effort.

Yeah, that’s my experience as well. In addition to being lazy with updating, so if some kind of supply chain attack happens, I usually sorts itself out before I get to updating :D

But I did limit my browser extensions, after I a cause with Nano Defender taught me a lesson - it was a mildly popular anit-anti-adblock killer that worked where other adblocks were detected, but the developer sold the extension to a company that turned it into a info-stealer malware and pushed an update through chrome store, which got accepted and propagated, and some of my social network sessions got compromised. So, I just stick to more popular projects where something like this shouldn’t happen, and don’t use random extensions.

Yeah, that part about WhatsApp is annoying. I just have a spearate profile on Graphene that has only WhatsApp installed, and whenever it wants me to refresh a session I just switch to the profile and log in.

There is, but it requires you to log into the app every two weeks to maintain a session. You can setup a emulator to do it for you. I just have a separate profile on my Graphene with Only WhatsApp that I switch to and login whenever I get a warning.

I’ve been using it for almost a year by now, and so far I didn’t have any problems. I’ve not considered that problem though, so it might be happening and I was just lucky.

WhenI was setting it up, it took me only like two hours tops. The ansible project is well documented, has a clear setup guide, and the process is really just getting server with ssh access, changing DNS, changing around 5 values in the ansible config and running it.

As far as I know the Discord bridge has some limitations, the major one being that IIRC it doesn’t atually support calls. But just for chatting across servers it has worked well for me.

There’s also the fact that you have to either trust the project with your password (as in, the the bridfe adds a matrix bot that runs on your server, but needs your pssword), since I think it uses the web version in the background (but then you can also use it for DMs and any server), or set up a bot on the discord server you want to bridge, which obviously cant be done if you’re not an admin. It’s a foss project, but there’s always a small risk of it gping rogue.

https://github.com/spantaleev/matrix-docker-ansible-deploy

Its pretty well documented and easy to follow, it took me only like an hour to setup.

I’m hodsting my own Matrix server with WhatsApp, Telegram, Discord (you don’t need a bot for that, you can just share your login with the bridge) and Messenger bridge. I have all my IMs in one app, don’t have to install spyware on my phone, and I can make bots that troll annoying people that message me on any platform.

Hosting it was super simple, thanks to the Ansible project that’s extremely robust and well done, I literally just got a hosting, domain amd changed like 5 config values to enable the bridges I wanted, gave it an IP and ssh key, and ran it. And if I need to update, I literally “just update” (it’s all wrapped up into “just” tool), and it eve handles cases where I didn’t update for a while, failing graciously and telling me what I need to do maually, usually just rename some config values.

I wholly recommend it. You probably wont convince your friends to switch from <insert app here>, and this is the best compromise.

I’m using a small instance on Hetzner, for 6$ a month. You could in theory get a free oracle cloud instance for it, but I didn’t manage to get one.

And you can easily share it with anyone interrested, make them an account, so they can also consolidate their DMs. I’m sharing it with a few friends and colleagues.

Yeah, I know and that’s what I’m afraid of. I guess I’ll just have to come to terms with most websites not working in some obscure web browser that’s not feature-complete. Would actually help with my addiction, so it won’t be so bad, I guess.

You are right, it was unfairly harsh wording, I apologize for that. Most of those products are super cool and important, I’ve kind of extrapolated it from what I’ve read in other posts about them spending too much on stuff like events and other, non-developemnt, related stuff that I actually never checked, while also not realizing that they also have a ton of other projects, which mixed with the dissapointment with the recent development about the Meta partnership led to me choosing that wording unfairly.

If it keeps going on like this, it won’t be long before I’ll just say fuck it and switch to elinks…

Hmm, on that note - is there any CLI web browser that can do javascript and css? Because iirc, elinks doesn’t, though I havent used it in years.

IIRC, only like 2% of Mozilla spending goes towards FF (I may be misinterpreting something, but I remember 2% being thrown around), so funding FF without rest of Mozilla bullshit shouldn’t be that hard. Of course, since Mozilla did spend so little on FF, it’s a question how much they actually care about FF and what would happen if they lost access to their golden goose. They shouldn’t have problem funding FF, but they probably have other bullshit they don’t want to let go and that has more priority for them.

I’m not sure what Mullvad is based on - i think it’s on Tor, which is Firefox based?

I do use mostly LibreWolf, but if FF also went to shit, I wonder if Tor, and thus Mullvad, would keep on going or not. Because I suppose LibreWolf would have troubles with keeping up, if Mozilla would enshitify FF, since they would probably have to fork and continue development on their own.

This is the first time ive heard about microg. How is the app support with it? Can you run every app that needs play service? I have Google Sandbox installed only on a second Graphene profile, and use it for bare minimum of apps that dont work without it, Bolt app, mostly weird MFA for work or package tracking apps i use once per month, while disabling most of their permissions. Will microg improve my situation in this case to be worth switching over? Does it work without root?

I’ve been mostly using Mullvad, and so far it worked pretty well out of the box. Few sites break, and for that I have LibreWolf, but other than that, I’m enjoying Mullvad more.

One thing I forgot to mention - last time I recommended cloudflared, I was told that the TOS for cloudflared forbid use for high-volume streaming of data, such as movie/audio streaming, or sharing of large files for download.

I never had an issue with it, but I didn’t use it for streaming, only to share/download a small to medium sized file once per few weeks. I suppose that if you were to publicly post a link to a few Gb large file, and had hundreds of people download it through the cloudflared, they may take an issue with it. Maybe even if you were regurally watching streamed movies from your server through it. So just a heads up, make sure to check the ToS first.

I’m using GrapheneOS, and suprising amount of apps (including my bank app) works without Google Services. And if there’s something I need for work that doesn’t work without them, I have another profile with sandboxed Google play (which isn’t enabled on my main profile), and use the app there, where it’s separated from all of my data. No need to root my phone, and so far it worked great.

As for sharing your Nextcloud stuff, what I did was for services that need to be public, I just got a cheap (like, few dollars per year) domain and use Cloudflare Tunnel (Cloudflared). It handles all port forwarding for you, and you don’t have to make anything public on your router - just install cloudflared on the server and have it forward the port you want to your domain. You can also set up geoblocking and ACL pretty easily, so it’s perfect for that.

I’ve however recently moved to using ZeroTier, because it has a nice mobile VPN app, so I just run zerotier (it’s literally two commands to install and join a network) on my server, and if I need to access something there I just launch it on my phone and connect through ZeroTier. This, however, won’t help if you want to share stuff from your server with others, since they’d have to install a ZeroTier client and also join your network. For Jellyfin, Nextcloud and Sunshine, though, it’s amazing.

And if that still feels like too much hassle for you, I’d recommend looking into Proton Drive. I’d consider that one of the best hassle-free alternatives to GDrive, which launched recently.

I really hope that CS will come up with recipes and emails where the board specificly “strongly recommended” that they reduce operation costs or denied internal investments. It probably won’t happen, because such pressure from investors is usually pretty vague, i.e they don’t literally tell you to cut corners, but they strongly suggest that if you won’t somehow increase revenue, you (the management) will have problems. Of course, it’s up to you how you do it, but to meet their often unrealistic demands, just doing a better job while also investing into internal failsafes is often simply not possible. It’s a loss-loss situation for CS, but I really hope they won’t loose this legal battle.

I’m sure there’s a lot of CS employees that would disagree with that, unfortunately there’s probably not much they can do about it.

I was just a few days ago giving my two weeks notice exactly for that reason. I’m getting so fed up with capitalism and companies working for the vultures who give zero fucks about what you do or whether you do it well or not, prioritizing profits over actually doing your job well. I don’t care about money, I worked in cybersec out of principle, to help people with their security. I don’t really care about money, as long as there’s job to be done for someone, I don’t really care if the project I’m working on is super profitable for me, as long as it at least breaks even. But no, we had to cut corners, basically scam our customers by selling products we had no qualified people for who barely scraped by enough results for the customer to not notice it. Non-existent R&D or training, because several milions of anuall profit are not enough. Fuck all of them, if I’m ever going to work again in cybersec, it will be a non-profit.

This OP’s article infuriates me, the nerves they have to demand more money for what’s entirely their failure, which they also directly cause in every company they touch. I’m sure that the fact that the failure was so devastating for most companies is also by large margin fault of their investors, some of which are probably also part of this lawsuit, that blocked investment into disaster recovery plans or backups, because their millions of profit per year felt low.

I feel like I’m getting pretty radicalized recently, ugh.