And now I understand why that weirdo was so hellbent on the corporations of the world supporting this

Even ignoring the ideological reasons to not want facebook integration: There are only so many hours in the day and so many dollars in the donation bucket. If an open source project is dedicating a disproportionate percentage of that on a feature that a significant part of the community actively do not want: That is exactly WHY you fork a project.

And once we consider the ideological and safety related reasons to not want facebook and giant corporate interests involved?

I have a lot of issue with the people who decide the answer is harassment and hate. But if enough development and organizational energy want to fork this? Fuckin’ A.

I can’t speak to their Password Management as I use Bitwarden for that

But I am slowly but surely migrating myself away from gmail to (my own email at my own domain routed to) Proton. The webmail is very much comparable to gmail and, if you communicate with like minded people, it has decent support for signing and even encrypting email both to other proton mail users as well as to complete randos with just a password that you can send later. My only real complaint is that (… for some really good reasons) there is no easy to use exchange server and I need to run their mail bridge to use a desktop client like Thunderbird to send and maanage and (one day) back up emails.

VPN? I switched over to this around the same time I decided I wanted to “take control” of my email and it works pretty well. Very easy to get some openvpn credentials that I can plug into whatever setup I want. And no extra fee for port forwarding unlike SOME providers. That said, my main complaint is that the port is semi-randomized which doesn’t play the nicest with my totally legit linux iso torrenting setup… But a quick docker ps and docker logs and then updating the config is pretty trivial and I only have to do it maybe once a week?

The big elephant in the room is that, as you rightfully understand, you are still putting a LOT of trust. But that is actually why I like Proton. Because other companies pretend they are going to knife fight the CIA and the US Government on your behalf all while actively not acknowledging anything until we get a post mortem. Proton are VERY open about just how far they are willing to go to protect you (not very) and what YOU can do to mean that Proton can’t provide much useful information once the appropriate paperwork and legal actions have been filed.

I wouldn’t trust a paid account with anything more sensitive than what really innovative stuff a friend did with a bun in the dumpster behind the Wendy’s the other night. But, hypothetically, if I needed to send an anonymous email? Third party VPN/Tor, clean hardware, and a free Protonmail account works great and I do trust Proton to give the absolute bare minimum in that case.

And just for a bit of context. My “grand plan” is to migrate the vast majority of my correspondence and accounts to email addresses tied to one or more of my own domains. Currently I plan to use Protonmail for the mail server because I don’t want that smoke. But the point is that I control the email address so I can get my Heat on and walk away in 30 seconds (actually more like a few hours but…).

Which is why the other aspect of that is that I want to back up the emails I actually want to save (rather than just EVERYTHING like those of us with older gmail accounts do) via a local client that I then archive to an encrypted volume on my NAS and (REDACTED) after that.

Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone’s location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.

Which… is why this fundamentally does not work with “hacker” solutions that allegedly emphasize privacy. Because you just don’t have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.

*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.

I mean… bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell… cell tower logs are a treat for cops/TLAs for a reason.

Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.

Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.

If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.

Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they’ll watch a youtube and decide to put EVERYTHING through their vpn which… defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that “Fred Smith in Afghanistan” is really “Fred Smith in North Carolina”

Which is why my approach is that there is data I very much want to protect and data I know I can’t. So I focus on understanding the former while doing what I can with the latter.

And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.

I guess. But it is really going to depend on where you live and just how frequently it does dial home.

My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.

The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.

Took a bit to figure out what it was even claiming to do

When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.

God no. Just take a hatchet to my battery and be done with it.

Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information… that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can’t really self-host a crowd-sourced network.

Video length is incredibly important to The Algorithm and a LOT of content creators time their videos to the second. Taking away control of that (even if the end result ins the exact same length) is going to ruffle a lot of feathers and lead to a lot of people who want to “be a champion for the viewers who should like, comment, and subscribe and use my referral code for war thunder” as a result.

It was inevitable (and is arguably the “logical” extension of sponsor segments).

As for what it will do to timestamps: The same thing it does to timestamps in podcasts. Some podcast players have a special way to tag the timestamp to adjust with the inserted ads but NOBODY hosts with those. So they are rendered useless.

On the youtube side? They could potentially be auto-adjusted because youtube will know how many ads were inserted . But considering the goal of this is to serve ads…

I mean… I don’t really disagree in this specific context.

I assume Fortnite has kernel level/rootkit anti-cheat. And Epic make massive amounts of cash from all the goku skins people buy. Unless they have the resources to test at least the major distros and keep aware of possible hacks/bypasses on that side it is just begging for exploits. And it is big enough that the moment one is identified EVERYBODY is grabbing an ubuntu live CD to get some goku dollars.

I still think it is shit that they don’t directly support Linux with the EGS (especially since they distribute Unreal Engine and marketplace stuff via that). But for their “more revenue than the GDP of a small nation” live game? I get it.

A buddy who works on one of the popular live games made the comparison to pokemon cards. Everyone thinks it is a great idea to show them off at school. Until the kid trips, they get scattered on the floor, and it is a god damned feeding frenzy of every single kid losing their minds to scramble and fight over that dog eared pikachu card.

So… exactly what we already have except instead of c/linux@lemmy.world it is c/linux@lemmy.worldANDlemmy.zip?

Again, how does that work if c/linux is “the same” on every instance?

Will comments and posts exist on the world view of c/linux but not the zip view? At which point… what are we actually getting over the status quo? Because you can bet that anyone who has hexbear unblocked would see two different versions of every single thread because nobody else would see the hexbear posted thread.

There have been a number of articles (pop and scholarly) about malicious code being social engineered into codebases over the past few years. And, in this case, the malice is “expected” from one of the long time developers to begin with.

Also: We got INCREDIBLY lucky that Andres Freund detected it when he did. Because that was hitting right around the time a lot of the major distros were preparing their major releases (Fedora basically escaped by the skin of their teeth).

Malicious manipulation of open source projects has always been a concern. And the vast majority of us do the equivalent of signing whatever form we are given because “oh it just looks like a standard contract”.

What you are describing is basically Mastodon (or, if you like porn and hatespeech, twitter… non-consensual porn because a lot of Mastodon instances are REALLY horny).

The moment you aggregate communities across instances you remove the ability to moderate them. Because maybe a hexbear mod wants to remove all mention of the Uyghur people, an ml mod wants to remove all mention of genocide against them, and a zip mod wants to remove all the comments about why genocide is good in a thread about god damned Bluey.

Do they all get to delete everything across every instance? Do you start having different views of the same community depending on your home instance?

All moderator elections would do is let chuds stack the ballot. Look up shit like the sad puppies debacle.

The answer is that a site needs to decide what its rules are and then moderators need to enforce those rules, regardless of how the community feels. Which, ironically, is what ml is doing (even if they don’t publicize those rules). And if the community dislikes the rules, you disassociate with them.

The issue with the fediverse is that you need to defederate or else you are tacitly approving of their bullshit.

You… should probably pay more attention to the news.

It is very possible for bad actors to inject malicious code into an open source project. And it is very probable for people to not notice because the vast majority of developers never read a single line of the open source code they claim to value so much.

“Any bad code will be detected by the armies of people who do rigorous code analysis of every single pull request” was always nonsense.

We have decades of proof of chuds brigading and building up hate speech hellfests in these “just let capitalism decide” laissez-faire models.

Moderation free environments just turn places into kiwi farms.

Not off the top of my head. It was one of the various “tech” youtubers who will do everything ranging from “here is how to set up proxmox” to “I tried five twitter alternatives for a week” videos.

World grew MASSIVELY around the time of the reddit mod strike.

In the time since? A lot of those communities are basically full of people who can’t stop talking about their ex while constantly re-posting everything they see there. And… the lemmy world admins made a few controversial decisions and their method of removing problem/“problem” users made a lot of us uncomfortable. Piss off an admin and your entire comment history is wiped in an instant and your ban reason is unverifiable.

Whereas ml already had communities that existed to talk about the topic of the community rather than what reddit was talking about.