• 15 Posts
  • 73 Comments
Joined 3 years ago
cake
Cake day: November 3rd, 2021

help-circle

  • Ups, I just got to enjoy piped and in particular pipeline on gnu+linux and libretube on AOSP.

    Pipeline in particular allows to totally avoid electron (freetube), and in both cases the piped instance is the one communicating with youtube, not me, :) And both applications support sponsorblock (tubular does, but newpipe doesn’t). But not talking directly to youtube is a win. Did I mention dropping another electron app, :) ?

    But… I installed pipeline from AUR, because I don’t like flatpak… Not sure if other user repos offer it as well…


  • I’m interested on what changed that make it differ from Mull in a non recommended way. Are you referring to their 1st MR? where they outline:

    • Replaced Arkenfox & Brace preferences with ones from Phoenix 2025.01.06.1…
    • Added support for Google Safe Browsing (Safe Browsing is disabled by default and can be enabled by setting the following preferences to true in about:config)

    I understand Mull was using arkenfox which is sort of the go-to reference, and now ironfox move to phoenix. The safe browsing is the same approach Librewolf follows, though I don’t like their comment on a proxy. I don’t like their choice of the brave search engine, but I always replace that with searxng tweaked a bit.

    The MR doc doesn’t look too terrible, but don’t know about the changes themselves.






  • kixik@lemmy.mltoPrivacy@lemmy.mlIs Midori worth recommending?
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    22 days ago

    It’s a webkit engine based browser, actually it uses webkitgtk. Now webkit is the engine on which safari (apple) is based as well, and it’s been there for some time. blink, which is what chromium based browsers use, is a fork from webkit with its own extras.

    So it all depends, chromium based browsers are all blink engine based browsers, which are pretty related to webkit engine based browsers (midori is not the only one BTW). As well as there are a ton of blink based utilities such the electron ones (chromium in disguise), there are still quite a bit based on webkit, specially gtk applications.

    gecko as opposed to the other major web engines never had some sort of toolkit that would make it easier for other applications than the mozilla ones to be based on it, and it seems there will never be such toolkit, even less with the dominance of blink based browsers and applications, and in a lesser way but still high use webkit applications and browsers.

    If looking for actual alternatives to what dominates the market, I believe gecko is the option at the moment, and if the FF defaults are unsane, I’d strongly suggest using Librewolf, which is essence is FF with much better defaults, it partially uses arkenfox configs, but it’s independent and has its own decisions, and also removes very few blobs like pocket at build time.

    Eventually servo might become the web engine to look for, and perhaps verso the web browser based on servo. But they are still in early stages as to be considered for day to day regular use. I’m not sure if servo is both a web engine and also offers itself as a toolkit so other applications besides a web browser can be based on it, similar to webkit or blink, but I believe that’s not the case, at least not yet, though I wouldn’t put my hands on fire for this, :).

    Bottom line, you might want to take a look at Librewolf.

    Unfortunately divestOS is retiring, and Mull, something like Librewolf but for AOSP based devices, has ceased development. I’m really hoping someone capable of forking it does it…





  • They don’t, I mean registering your username/basename is not a requirement, they chose the registration as the default to make it easier to be found. But you can get away with not registering your username/basename and instead exchange with your contacts you ID number, and with that besides able to choose whatever username/basename, there’s no central directory to find you, which is good depending on your use case, but the Jami guys are right to say that makes it virtually impossible for others to find you and establish a conversation unless you exchanged somehow your ID numbers, but that’s not actually finding, :)

    That option is a one time choosing, when creating the account though.


  • It is open source, which is good, but ultimately it depends on the service provider as usual, what it logs and for how long. The good thing, is that by design there’s not much which can be collected.

    But for a mechanism that is supposed p2p distributed, unified push, their proxy stuff (which also helps reduce battery usage), make the app not such p2p, but the gain in battery life might be your priority. DHT is as well a point of gathering several connections, and also to collect metadata, but to be honest, DHT is so good for this purpose, that I don’t complain.

    The thing is that on the phone by default you don’t get a pure p2p experience, which is BTW really hard, as requiring both ends being present if pure p2p, and it’s really hard to actually contact the other end at any time. Although if wanted, jami can be configured as such, except by the DHT part I believe.


  • yes, but it’s mostly for open source apks, the beauty of apkupdater is that it allows installing/upgrading some apks from apkpure and other sources (it was true for apkmirror directing to the right place to download and install from the browser, but on apkmirror most apks now days don’t install/upgrade unless you install their own apkmirror app), avoiding google play and avoiding aurora store (which besides the issues with anonymous connections, it gets upgrades pretty late for some reason). That’s something I don’t see an alternative for. Yes, upkupdater also allowed to install/upgrade from github/gitlab/… but its major purpose to me, was to be able to install/upgrade some non open source stuff without the need to connect to google play, and using recognized and reputable mirrors like apkpure and when it was feasible apkmirror. For FLOSS I use f-droid (official repo, plus non official like “izzyondroid” and others). Unfortunately there are a few apps I’m forced to use, which are not open source…



  • wow:

    We use specifically crafted messages that trigger delivery receipts allowing any user to be pinged without their knowledge or consent

    That makes think that 1st, perhaps it would be a good idea to avoid “return receipts” on any messenger, though that breaks ability to know if the destination has actually received, and if the destination has actually read the message.

    Perhaps another thing, even though your messenger doesn’t identify users with phone numbers at all, still block the messenger to have access to your contact list. Not sure if this affects, for example if a xmpp client has access to a broader contact list, if it can only relate to xmpp addresses it wouldn’t pay attention to phone numbers, but I can’t really tell.

    And of course, don’t use any messenger which tights users with phone numbers, no matter if to share among contacts now usernames are used instead of the phone number, when the phone number is still the way to identify the user.



  • That’s great if not having to use any proprietary apps depending on google services, including push notifications, since part of divestos unsupported stuff includes:

    Google Apps or microG or Sandboxed Play Services are NOT supported.

    Which is fine, if you don’t need to use such apps. An alternative to /e/os, which now a days is actually murenaOS, is lineageOS for micro G, which does sort of monthly releases based on whatever is available as nightly releases on lineageOS. It does provide you with microG and also with F-Droid with privileged extensions installed and already set for you. This might be more suitable than divestos if in need for some such apps.


  • Yup, divestOS allows for booloader lock though unfortunately they don’t support microG. I hope they somehow help upstream their relock solution to LOS. I use LOS for microG instead, since I need stupid bank apps and also for the office some stupid proprietary multi factor authentication apps… If only LOS for microG could lock the bootloader at will (it needs to be unlocked for major upgrades, like on regular LOS), that’d be great.

    There’s as well CalyxOS, which uses microG and also locks the bootloader, however I do prefer LOS since the strategy from CalyxOS and GrapheneOS trying to deGoogle pure Android in my mind sound like having some limitations, as opposed to LOS approach to be based on AOSP instead. Though that’s just in my mind, I’m sure those guys in Calyx and Graphene are the best at security and privacy.


  • Not sure what updates you are expecting to happen.

    I’m not aware of any effort trying to identify the traffic going in and out on Thunderbird under android. The guesses from the one reporting about what happens when configuring a new email account is of no use since it’s easily associated to Thunderbird looking for ways to easy automation on new accounts settings.

    Unless there’s a throughout analysis of the traffic, I’m not aware of anything to be expected. You can try reaching the one reporting his concern, and ask if he has looked into how to report an actual issue/bug to Thunderbird, or if someone else has done it


  • Quick question, why not considering lemmy as your “blog” provider? If the “community” concept wouldn’t apply, perhaps creating your own “community” and becoming its “mod”, disabling posts from others except yours, wouldn’t that work? Lemmy already provide RSS feeds so others can follow/track your posts without any lemmy account, just like with any blog providing RSS/atom feeds, and you get “blog” feedback through lemmy, but the same applies to other blog providers, only the ones subscribed can provide feedback.

    I was looking for an anonymous blogging mechanism with digital signature (not to identify the author but to verify its authenticity). Long story short, nothing out there seemed to really fit into what I was looking for, but among the suggestions lemmy was there as an option. You can avoid following anything, and looking into lemmy’s default from page, just use it to post and get feedback, forgetting about the social networks characteristics of lemmy, and make it work as your blog provider…


  • What they’re saying there is that when trying to auto detect the server configurations, there are unexpected connections to cloudfare IPs, which didn’t usually happen with K9. Who posted the concern associated this to telemetry, but the answers are pointing a different direction. But at this point it just guesses, :(

    I guess some more formal traffic inspection needs to happen to understand if truly there’s unexpected traffic, where it is directed to, and hopefully infer somehow its purpose. The guesses about what’s happening suggest it’s just about the auto connection, but again, just guesses.

    I explored the configurations, and I didn’t find anything about telemetry, and so neither how to disable it. K9 does not have an about:config advanced configuration like desktop Thunderbird does, so if there’s truly telemetry or some other sort of information leakage, then after proving it, perhaps developers realize they can do better. But so far nothing really proving telemetry or information leakage.