i'd brush the blobs off as secure boot stuff if the dev didn't ignore the issue for months. Now that's sus.
I've decided to use Docker
Anyone got a source on GrapheneOS recommending Brave?
My user is, yes. But there has to be an exploit in sudo for the program to elevate itself using it without the user knowing, no? It's possible for sure but I'm seeing this type of a precaution on a torrent client for the first time.
Has there ever been such an exploit? Given all other torrent clients I've seen just run as your user by default, is there something different in transmission over others that make it more vulnerable?
Isn't that a risk for anything downloaded, assuming I run transmission as my user, not root?
Did UMU get a launcher? Isn't a Proton "distribution" any launcher can use?
Your question more relates to security rather than privacy. Tailscale cannot read any of your traffic. It's all E2EE. Now, is it possible that they're distributing binaries not built from the open source that contain a backdoor? Sure. But it would be an absolute shitshow, not because you and me but because of the many enterprise customers they have. So I don't worry about that. Same goes for them going rogue and accessing your devices. For that, there's Taillock which makes your devices not trust traffic from a device not signed by a trusted node in your Tailnet.
I'd much rather make use of zero-config WG, exit nodes, relay servers, not having to worry about DDNS, solid NAT travelsal, etc. than to worry a company will lose their mind and attack free-plan users.
You can just turn off new devices signing up without manual approval.
How is NAT travelsal handled if you want to connect two devices via WG? That's what Tailscale primarily does.
Do you not need DDNS for that?
that's still a manual process for most apps I've tried