[-] Charger8232@lemmy.ml 18 points 2 months ago* (last edited 2 months ago)

Chrome sounds more secure

Chromium is not the same as Chrome. I highly suggest reading the previous posts.

yet I don’t want an advertising company looking at my browsing habbits

There are more privacy respecting options such as ungoogled-chromium and Brave (which can be configured to minimize data collection and bloat).

In the end, the choice is yours.

[-] Charger8232@lemmy.ml 17 points 2 months ago* (last edited 2 months ago)

This depends on what you're trying to defend against. In my opinion (on GrapheneOS):

  • "Accessibility" permission (i.e. full control of the device)
  • "Network" permission
  • "Modify system settings" permission
  • "Install unknown apps" permission
  • Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)

Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the "Wi-Fi control" permission.

[-] Charger8232@lemmy.ml 17 points 2 months ago* (last edited 2 months ago)

After getting the crash issue resolved (it is now fixed), I tested this to see how it behaves by using PCAPdroid. I also attempted to decrypt the traffic, to see what it sends.

This is the traffic analysis:

Type Port IP version Size Status
DNS 53 IPv4 Random >120 B Closed (Good)
TLS 443 IPv6 120 B Unreachable
HTTPS 443 IPv4 Usually 2.4 KB Error (Did not trust my decryption certificate)

It sends to a random list of hosts, all of which are listed here:

https://4chan.org

https://www.reddit.com

https://www.yahoo.com

https://www.cnn.com

https://pornhub.com

https://www.ebay.com

https://wikipedia.org

https://youtube.com

https://github.com

https://medium.com

https://thepiratebay.org

After digging through the code, here is the file with a list of hosts. It also seems to randomly generate user agents, which is good.

The developer blocked me from opening issues on all of his projects.

[-] Charger8232@lemmy.ml 16 points 2 months ago

This is allegedly also true for Firefox on Android, which I will be investigating in this topic.

[-] Charger8232@lemmy.ml 19 points 2 months ago

What makes Firefox desirable over Chrome is that it’s not beng developed by massive corporation that gets the majority of its profits selling user data and delivering targeted adverts.

This is a separate issue of being able to trust developers, which is not being covered here. Projects like ungoogled-chromium exist, after all. I will be inspecting the software as a whole, and not any future interference that may happen.

[-] Charger8232@lemmy.ml 17 points 3 months ago

Creating mirrors on other platforms such as GitLab and Codeberg is on my to-do list. Thank you!

[-] Charger8232@lemmy.ml 16 points 4 months ago

I'm not saying GrapheneOS is for everyone, but the privacy and security they offer should be the baseline for every phone (restricting network access, etc.). I do see your point though!

231
submitted 4 months ago* (last edited 3 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Edit: Before you read, I made some mistakes here that I mention in my part 2

My mobile operating system of choice is GrapheneOS. I run it on a used Google Pixel 8, as I didn't have enough money for any of the phones in the Google Pixel 9 lineup, which offer a more secure ultrasonic fingerprint scanner. I used to use iOS, but I finally managed to switch. I wanted to share my thoughts on GrapheneOS, problems I had, and the apps that I use.

To install apps, I first check if it is available on GrapheneOS's built in app store. If not, it is installed via Accrescent. Because Accrescent is still very small in support, most of my apps are installed via Obtainium. One app however, ProtonVPN, is installed via Aurora Store, because that is the only installation medium that allows me to sign in as a guest.

I do have a Proton account, so signing in isn't an issue, but since I plan to use ProtonVPN until I can pay for Mullvad VPN, I might as well get as much anonymity as I can. I don't use the actual Google Play Store, despite claims of it being more secure, mainly due to me required to create a Google account. I only use Aurora Store for ProtonVPN. For apps that are not available for Obtainium but are available on F-Droid, I simply use the F-Droid repo inside of Obtainium. All apps are verified with AppVerifier.

For games I have a very small selection. Simon Tatham's Portable Puzzle Collection is a game collection I have been using since before I even knew it was open source. Antimine is a Mines client, which is a classic. I also play a game called Zoysii, which is only available on F-Droid. It passes the time. Code Word is a nicely made Wordle app, with some extra features. Open Sudoku is a nice Sudoku app, however I found that almost all of the available puzzles to install are very easily solvable. 2048 by SecUSo is a decent app to play 2048 that is still maintained, however it currently does not have a dark mode theme. blichess is a fork of lichess that simply adds the option to play over Bluetooth, which I really like.

My mobile 2FA app is Aegis, which is really everything you would expect. Audire is an open source frontend for Shazam, which I use for music recognition. I'm sure there are some better apps with different APIs, but Shazam works really really well, and that is what I am looking for in the app. Aves is my photo manager, as it allows for proper photo hiding. It is available through Accrescent, which is nice. It is one of few apps that required me to sign terms and conditions, but it doesn't matter since it doesn't have internet access anyways. It allows me to view extensive details about photos, and even remove metadata in the app.

I use AndBible for Bible study, but the project seems to be abandoned and needs lots of improvements. I sincerely hope a good alternative is developed eventually. I would be willing to help out any way I can.

For messaging I use SimpleX Chat for my most personal chats, but for mostly everyone I contact them via Molly, which is a hardened version of Signal available on Accrescent. When I am offline, I contact nearby people through Briar over Bluetooth, which is awesome while camping. I don't have any cellular provider, so I occasionally have to make sacrifices in terms of contact.

The default GrapheneOS calculator has no dark mode, so I opt for OpenCalc as my default calculator. I tried both Etar and Fossify Calendar as a calendar, and have been much happier with Fossify Calendar. A lot of Fossify projects have been abandoned, sadly, so I may have to switch.

I use the default GrapheneOS camera for most of my pictures, but when I need high quality shots I will use Open Camera. It supports HDR and some post processing. The GrapheneOS camera has incredible support for code scanning, such as QR codes and bar codes. I don't plan to use the Pixel Camera, since those apps work just fine for me. To edit photos I use the GrapheneOS gallery, but it is somewhat lacking. I plan to stick with it as they add new features.

I have a ClearClipboard app that, simply, clears the clipboard when you open it. It's a small tool but I get very paranoid about clipboard access. I've found that my password manager doesn't reliably autoclear, which I will discuss later.

The default GrapheneOS clock app is fine. I wish there was an OLED theme, but it's worked for what I need. DeepL is what I use for translations, because I cannot seem to find an offline translator app. It's very upsetting. For my keyboard I use HeliBoard with the proprietary swipe to type module, and it's great. There are a few weird autocorrect suggestions, such as not recognizing the word "A", but it's honestly not been a huge issue.

I use Joplin to take notes. I had issues with Standard Notes when I was on iOS, and had switched to Joplin there. I now can't even imagine why anyone would even try to use Standard Notes, Joplin makes Standard Notes look like a joke. It has all (or at least all I care about) of the paid features of Standard Notes, for completely free.

My password manager is KeePassDX, which is honestly exactly what I would want from a password manager. The only issue I've had is that it sometimes disables biometric unlock and makes you unlock it yourself, which is super weird. Besides that, I will be using it until either it dies or I do.

For eBook reading I use Librera, but the UI is honestly atrocious. The best eBook reader I have ever used is Apple's stock Books app, and I honestly wish something of that polish existed on Android. Librera will work but it's not nice to use.

I have LibreTorrent in case I ever need to torrent something on the go. It's fine, I wish torrent software would include a hard toggle to disable seeding, but it's worked as intended. In a similar category I use LocalSend to transfer between any of my devices. I haven't tried KDE Connect because LocalSend has never caused me problems. The only issues I have encountered were because of strict VPN settings.

I eventually plan to use Mullvad VPN, but until I can afford it I am using ProtonVPN as I mentioned. I have no real comments because I have only used ProtonVPN. IVPN is on my radar, but Mullvad VPN is still at the top of my list. IVPN is available via Accrescent. I also have Orbot in case Proton or Mullvad are blocked.

Music players have been a struggle for me. All of them have their own various issues. All I really need is a nice way to play mp3 files offline and sort them into playlists. A night timer is nice. Vinyl Music Player is what I use for now, since Fossify Music Player seems to be abandoned. I'm open to some open source alternatives here, since the ones I have tried all have issues. Ideally these should be available by Obtainium.

I use Organic Maps for navigation. Support is alright in my city. OsmAnd has a pretty bad UI but it's gotten better. Organic Maps I've heard has a few issues, and OsmAnd has a premium tier, but I don't really care. I am just sticking with Organic Maps. I'm happy with it, so it's fine.

I have RadioDroid installed to try it out. It lets you listen to radio stations over WiFi. I'm jealous of Motorola users for their built in AM/FM radio receiver antenna. I might not keep this app, since it's fairly useless when you think about it. Either way, maybe a GrapheneOS phone will come along with a built in antenna.

I have Tor Browser installed just in case I ever need to visit an Onion site or use a Gecko based browser. My main browser is Vanadium, and I did try Mull but it doesn't block advertising redirects even with uBlock Origin. Vanadium is fine for now.

I have Trail Sense as a compass and emergency survival app. I hope I never have to use it for survival, but at the same time, I hope this app saves my life. It's cool to see how many sensors it utilizes to help you out.

Tubular is a fork of NewPipe that has SponsorBlock support. I like it, it's not as polished as I would want but it's plenty usable. I wish it had DeArrow as well, but I'm sure it won't be long until it's added.

I use the Fossify Voice Recorder for voice recordings. It's what you would expect, not much to say here. For weather, I use Breezy Weather. For some reason some features were unavailable on the F-Droid version, but after installing with Obtainium I now have plenty of features at my disposal. It's almost as good as the iOS weather app, and has plenty more features. The accuracy where I am is slightly iffy, but it's good enough that I can rely on it.

I use a passphrase to lock my phone, and use biometric unlocking to ensure no one can shouldersurf passcodes. GrapheneOS only lets you add up to 4 fingerprints, which is a good enough limit, but I do wish it was higher. If I wanted only 4 fingerprints, I would choose that myself. I backup GrapheneOS using my own USB stick and the built in backup option. Some apps such as SimpleX refuse to be backed up automatically, but I can simply manually export the database and backup that file.

Even without any Google frameworks installed, GrapheneOS has been a really seamless and polished experience. The issues I would raise are actually with Android itself, such as weird management of app signing, but overall GrapheneOS has been incredible. GrapheneOS is honestly the minimum every person should expect in terms of privacy and security on their phones, because nothing else even comes close to GrapheneOS in those categories. The gap between iOS and GrapheneOS is absolutely massive, given that so many of the apps I use are Android specific.

292
submitted 4 months ago* (last edited 4 months ago) by Charger8232@lemmy.ml to c/linux@lemmy.ml

The codenames for every major Debian release are named after characters from Pixar's Toy Story franchise. Debian's unstable release is fittingly named after Sid, an unstable character from the Toy Story movies.

31
submitted 4 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

I am in the process of moving away from Spotify by downloading my music offline. The files vary in types (.webm, .m4a, etc.), and I would like a way to sort them into playlists on Android. What are your suggestions?

177
submitted 4 months ago* (last edited 4 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

I was bored, so I compiled a list of 77 of my favorite open-source privacy-focused software. This ranges from Android apps to desktop apps to websites to operating systems. I scraped the programming languages used for each one from their respective repositories, and created a simple scoring system to score each programming language.

Obviously there is some bias, since Kotlin is very popular for Android apps and not much else, and it's not an exhaustive list, so some data might be off, but it was still fun to make! Just wanted to share it with all of you, in case anyone else finds it interesting.

The full ranking

Full ranking

  1. C++
  2. C
  3. Kotlin
  4. Java
  5. JavaScript
  6. TypeScript
  7. Python
  8. Shell
  9. C#
  10. Dart
  11. PHP
  12. Ruby
  13. HTML
  14. Makefile
  15. Go
  16. QML
  17. Pascal
  18. CSS
  19. Clojure
  20. Blade
  21. Crystal
  22. Batchfile
  23. Swift
  24. Emacs Lisp
  25. Svelte
  26. Rust
  27. CMake
  28. Haskell
  29. Lua
  30. Vue
  31. Roff
  32. XSLT
  33. Assembly
  34. NSIS
  35. Objective-C
  36. SCSS
  37. Less
  38. PLpgSQL
  39. Objective-C++
  40. Inno Setup
  41. Meson
  42. WebAssembly
  43. ASL
  44. PowerShell
  45. Rich Text Format
  46. GLSL
  47. Common Lisp
  48. Haml
  49. Scheme
  50. Dockerfile
  51. Perl
  52. AIDL
  53. M4
  54. Mustache
  55. D
  56. MDX
  57. SourcePawn
  58. M
  59. Pug
  60. Lex
  61. EJS

Scores for each programming language

Language scoresC++: 13070

C: 11734

Kotlin: 7195

Java: 6727

JavaScript: 5356

TypeScript: 5002

Python: 4250

Shell: 1903

C#: 1873

Dart: 1872

PHP: 1844

Ruby: 1499

HTML: 1389

Makefile: 990

Go: 975

QML: 955

Pascal: 917

CSS: 888

Clojure: 878

Blade: 832

Crystal: 738

Batchfile: 708

Swift: 577

Emacs Lisp: 556

Svelte: 366

Rust: 351

CMake: 342

Haskell: 326

Lua: 300

Vue: 288

Roff: 268

XSLT: 176

Assembly: 167

NSIS: 130

Objective-C: 128

SCSS: 90

Less: 77

PLpgSQL: 66

Objective-C++: 61

Inno Setup: 59

Meson: 41

WebAssembly: 25

ASL: 22

PowerShell: 21

Rich Text Format: 21

GLSL: 18

Common Lisp: 16

Haml: 14

Scheme: 13

Dockerfile: 12

Perl: 12

AIDL: 11

M4: 7

Mustache: 7

D: 5

MDX: 5

SourcePawn: 2

M: 2

Pug: 2

Lex: 1

EJS: 1

The original data

(NOTE: I am NOT looking for criticism on any choices made here)

Original data

HuggingChat

TypeScript 62.1%

Svelte 36.6%

Dockerfile 0.4%

JavaScript 0.4%

HTML 0.2%

Shell 0.1%

Other 0.2%

GPT4ALL

C++ 48.2%

QML 32.3%

Python 8.5%

CMake 5.4%

JavaScript 3.9%

C 1.0%

Other 0.7%

Audacity

C 37.6%

C++ 35.3%

Python 18.1%

Shell 2.8%

Common Lisp 1.6%

QML 1.3%

Other 3.3%

Duplicati

C# 87.3%

JavaScript 5.7%

HTML 3.2%

Less 1.8%

Python 1.2%

Shell 0.4%

Other 0.4%

Vorta

Python 99.2%

Other 0.8%

Filen (Desktop)

TypeScript 96.3%

JavaScript 2.1%

HTML 1.2%

NSIS 0.4%

Monero

C++ 81.7%

C 11.7%

Python 3.2%

CMake 2.0%

Makefile 0.5%

Shell 0.4%

Other 0.5%

Ivy Wallet

Kotlin 99.7%

Other 0.3%

Brasero

C 98.1%

Makefile 1.5%

Other 0.4%

VSCodium

Shell 83.8%

XSLT 16.0%

PowerShell 0.2%

GNU Emacs

Emacs Lisp 55.6%

Roff 23.8%

C 16.4%

M4 0.7%

Objective-C 0.6%

C++ 0.5%

Other 2.4%

GitLab

Ruby 69.2%

JavaScript 17.3%

Vue 6.8%

PLpgSQL 2.9%

Haml 1.4%

HTML 0.9%

Other 1.5%

Codeberg

Clojure 87.8%

Shell 3.9%

CSS 2.3%

HTML 2.2%

Batchfile 2.2%

PowerShell 1.0%

Other 0.6%

Wikipedia (MediaWiki)

PHP 82.7%

JavaScript 15.3%

Less 1.1%

CSS 0.8%

HTML 0.1%

Vue 0.0%

7-Zip

C++ 79.3%

C 17.6%

Assembly 1.6%

Makefile 1.5%

PeaZip

Pascal 91.7%

Inno Setup 5.9%

Batchfile 1.8%

C++ 0.4%

Shell 0.1%

C 0.1%

qBittorrent

C++ 71.0%

JavaScript 14.1%

HTML 11.5%

Python 1.1%

CSS 0.8%

CMake 0.7%

Other 0.8%

osu!

C# 100.0%

2048

CSS 54.9%

JavaScript 38.1%

HTML 6.5%

Ruby 0.5%

Wireshark

C 95.2%

C++ 2.4%

Python 1.1%

Perl 0.3%

CMake 0.3%

SourcePawn 0.2%

Other 0.5%

nmap

C 38.0%

Lua 29.0%

C++ 17.3%

Shell 4.6%

Python 4.3%

Makefile 1.9%

Other 4.9%

VirtualBox

C 67.2%

C++ 25.2%

Python 2.8%

Objective-C 1.7%

Assembly 1.4%

D 0.5%

Other 1.2%

Docker

Go 97.5%

Shell 1.5%

Dockerfile 0.5%

PowerShell 0.3%

Makefile 0.1%

Python 0.1%

calibre

Python 79.2%

C 17.1%

C++ 2.8%

HTML 0.3%

Shell 0.2%

XSLT 0.1%

Other 0.3%

Thunderbird

JavaScript 60.5%

C++ 21.5%

HTML 6.6%

CSS 3.8%

C 1.8%

Java 1.7%

Other 4.1%

Betterbird

Batchfile 66.5%

C 18.3%

C++ 10.1%

Shell 5.1%

draw.io (Desktop)

JavaScript 96.0%

Shell 4.0%

Joplin

TypeScript 71.4%

JavaScript 22.3%

HTML 1.9%

CSS 1.3%

Java 1.2%

Mustache 0.7%

Other 1.2%

LibreOffice

C++ 86.6%

Java 5.5%

Python 1.8%

Makefile 1.6%

XSLT 1.5%

Rich Text Format 1.4%

Other 1.6%

Proton Mail (Web)

TypeScript 92.1%

JavaScript 5.2%

SCSS 1.5%

MDX 0.5%

Swift 0.4%

CSS 0.1%

Other 0.2%

F-Droid

Java 65.3%

Kotlin 33.1%

Other 1.6%

Aurora Store

Kotlin 96.8%

Java 2.8%

AIDL 0.4%

Neo-Store

Kotlin 100.0%

Obtainium

Dart 98.7%

Other 1.3%

Droid-ify

Kotlin 99.6%

Shell 0.4%

IzzyOnDroid

PHP 97.2%

Python 2.5%

Shell 0.3%

Accrescent

Kotlin 100.0%

GNOME Software

C 97.0%

Meson 1.2%

Python 1.1%

Other 0.7%

Flathub

TypeScript 74.0%

Python 24.2%

JavaScript 1.1%

Shell 0.4%

SCSS 0.2%

Dockerfile 0.1%

SearXNG

Python 74.7%

Shell 9.9%

HTML 6.1%

Less 4.8%

JavaScript 2.7%

CSS 0.9%

Other 0.9%

GrapheneOS

Makefile 87.1%

C++ 11.3%

Shell 1.6%

GNOME

C 97.3%

Meson 2.3%

Python 0.4%

KDE Plasma

C++ 45.6%

QML 41.2%

C 5.5%

CMake 2.3%

Python 2.2%

JavaScript 1.9%

Other 1.3%

Arch Linux

C 98.4%

Assembly 0.7%

Shell 0.4%

Python 0.2%

Makefile 0.2%

Perl 0.1%

HeliBoard

Java 45.4%

C++ 34.7%

Kotlin 19.2%

Other 0.7%

Blender

C++ 76.3%

Python 14.6%

C 5.0%

GLSL 1.8%

CMake 1.2%

Objective-C++ 1.0%

Other 0.1%

FreeCAD

C++ 52.7%

Python 44.5%

C 1.5%

CMake 0.8%

NSIS 0.2%

Lex 0.1%

Other 0.2%

Krita

C++ 90.2%

Python 3.0%

C 2.3%

CMake 1.6%

HTML 0.7%

Rich Text Format 0.7%

Other 1.5%

GIMP

C 95.5%

Scheme 1.3%

Python 1.1%

C++ 0.7%

Meson 0.6%

Perl 0.4%

Other 0.4%

Flameshot

C++ 87.8%

CMake 5.8%

Shell 3.3%

Python 1.7%

Roff 1.1%

C 0.2%

Other 0.1%

Inkscape

C++ 94.1%

C 1.7%

CMake 1.5%

HTML 1.4%

Python 0.3%

Aegis

Java 96.0%

HTML 2.1%

Roff 1.9%

VeraCrypt

C 68.8%

C++ 19.0%

Assembly 10.0%

Shell 1.1%

Makefile 0.5%

Batchfile 0.3%

Other 0.3%

KeePassXC

C++ 95.1%

CMake 2.2%

Shell 1.5%

PowerShell 0.6%

Objective-C++ 0.4%

Python 0.1%

Other 0.1%

KeePassDX

Kotlin 79.0%

C 14.0%

Java 4.1%

Assembly 2.6%

C++ 0.2%

Ruby 0.1%

addy.io

Blade 83.2%

JavaScript 5.2%

Vue 4.8%

PHP 4.5%

CSS 2.3%

Mullvad VPN

Rust 35.1%

Swift 26.2%

Kotlin 19.5%

TypeScript 13.2%

C++ 2.8%

Shell 1.8%

Other 1.4%

Alovoa

Java 82.7%

HTML 9.8%

JavaScript 3.6%

CSS 2.8%

Other 1.1%

Briar

Java 98.0%

Kotlin 1.9%

Other 0.1%

SimpleX Chat

Haskell 32.6%

Kotlin 32.3%

Swift 26.9%

HTML 2.2%

TypeScript 1.4%

JavaScript 1.1%

Other 3.5%

Medito

Dart 88.5%

Kotlin 8.0%

Ruby 2.0%

Swift 0.7%

CMake 0.2%

C++ 0.2%

Other 0.4%

coreboot

C 94.4%

ASL 2.2%

Makefile 1.0%

C++ 0.7%

Assembly 0.4%

Perl 0.4%

Other 0.9%

Libreboot

Shell 51.5%

Python 25.1%

C 22.2%

Makefile 1.2%

OpenStreetMap

Ruby 78.1%

HTML 8.7%

JavaScript 6.9%

PLpgSQL 3.7%

SCSS 1.2%

C++ 0.7%

Other 0.7%

OsmAnd

Java 95.3%

Kotlin 3.9%

AIDL 0.7%

CSS 0.1%

Shell 0.0%

XSLT 0.0%

Organic Maps

C++ 71.0%

C 7.5%

Java 6.1%

Swift 3.5%

Objective-C++ 3.1%

Python 2.9%

Other 5.9%

VLC Media Player

C 62.6%

C++ 18.9%

Objective-C 8.3%

QML 3.1%

Makefile 1.6%

Lua 1.0%

Other 4.5%

Stremio (Desktop)

C++ 36.7%

QML 17.6%

NSIS 12.4%

JavaScript 10.7%

Shell 9.1%

CMake 4.1%

Other 9.4%

OBS Studio

C 54.6%

C++ 34.7%

CMake 6.1%

Objective-C 2.2%

Objective-C++ 1.6%

M 0.2%

Other 0.6%

NewPipe

Java 84.0%

Kotlin 13.5%

HTML 2.5%

FreeTube

JavaScript 68.5%

Vue 17.2%

CSS 11.2%

SCSS 3.0%

EJS 0.1%

Invidious

Crystal 73.8%

HTML 13.9%

JavaScript 8.2%

CSS 2.6%

Shell 1.1%

Makefile 0.2%

Dockerfile 0.2%

PeerTube

TypeScript 89.7%

HTML 6.5%

SCSS 3.1%

Shell 0.4%

Pug 0.2%

JavaScript 0.1%

Tubular

Java 84.6%

Kotlin 13.0%

HTML 2.4%

Mullvad Browser

JavaScript 28.1%

C++ 25.7%

HTML 22.3%

C 12.4%

Python 2.8%

Tor Browser

JavaScript 28.2%

C++ 25.6%

HTML 22.3%

C 12.4%

Python 2.9%

uBlock Origin

JavaScript 88.4%

CSS 4.9%

HTML 3.4%

WebAssembly 2.5%

Shell 0.6%

Python 0.1%

Makefile 0.1%

[-] Charger8232@lemmy.ml 17 points 4 months ago

Why weren't any backups created?

604
submitted 4 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can't remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn't tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don't just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They're not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser's password storage is better than nothing. Don't reuse passwords, use long randomly generated ones.

It's free, it's convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I'm preaching to the choir, but if even one of you decides to use a password manager after this then it's an easy win.

Please, don't wait. If you aren't using a password manager right now, take a few minutes. You'll thank yourself later.

23
submitted 5 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Introduction

I am a fan of Louis Rossmann. This will be very evident in the rest of the message. I saw how many companies tried to get away with anything and everything they possibly could, and I began to get very upset. I wanted to know what a perfect software would be like, one that was ethical, open, and had no way to pull the rug out from under its users. Many of the things Rossmann says were introduced into this philosophy, as well as some of my own views. I wanted to create a sort of guideline for how software should be.

Early draft

This took multiple months to complete, multiple drafts (lots of which were written by hand), lots of sections compressed and decompressed, and lots of research and time to think. With all of that said, I am absolutely terrible at writing. I would either be too detailed, not detailed enough, or other various problems. However, I am including an early draft because it seems to hold its own slightly differing vision. This is an early draft written by hand:

  1. Transparency and availability All of the software's code should be completely open source. No part of the software should be proprietary, including dependencies, blobs, drivers, extensions, website, installers, servers, etc. Those all fall under the same conditions listed in this whole document. No dependencies should be included unless they are essential for the software's core functionality or explicitly requested by the user. All dependencies should be clearly documented, and their purpose should be easily understandable by the user. The entire source code should be accessible to everyone, without any restriction, censorship, or moderation. There should be no requirement to create an account, verify identity, pay any amount, or any other extra steps to be able to access the source code in its entirety.

  2. Legibility Every part of the code should also be understandable. Obfuscation, encryption, or any other attempts to create code that is not understandable is not allowed. All code should be well written, clearly understandable, and well documented. Documentation should be clearly understandable and falls under the same conditions as the code itself in terms of how it can be accessed. Furthermore, all documentation should be able to be easily accessible entirely offline. All code and its extensions should be free to study, edit, and distribute without restriction.

  3. Availability, equality, and ease of use The entire software should be available to everyone for installation. There should be no restriction or censorship on who, when, or where (geographically and digitally) the software can be installed. There should also be no discrimination on who is able to use the software. Same installations of the software should be identical for all users. The software should be easy to install and uninstall, and all traces of the software should be removed after installation.

  4. Free of cost The entire software should be completely free of cost. There should be no free trials, no subscriptions, no paid portions, etc. There should also be no paid alternative to the software with added functionality (such as a "premium" tier) The full version of the software should be completely free to download, install, and use to its full functionality.

  5. Update availability and backwards compatibility All software updates should be optional. No updates should be required, no matter how important. Users should not be bothered about updates besides a single notifier when an update is available. There should be clear options to select which portions of the software get updated, if any, how the software is updated, and clear descriptions of which portions are receiving updates. There should be no restriction of censorship about who receives updates. All updates should be identical for all users. An offline update capability should be implemented, for users to download an update separately and update the software in an offline environment. All older versions of the software should be available to rollback to, or to install fresh.

  6. Extension ease of use Extensions and plugins should be available to create and install for the software. These extensions fall under the same conditions listed in this entire document. Extensions should be easy to create and implement into the software. There should be no moderation, restriction, regulation, or censorship on which extensions can be installed and used.

  7. Offline capabilities The entire software should be able to function to its full capabilities in an entirely offline environment. No part of it should ever rely on external sources such as cloud servers, website pings, etc. There should be no limitation on the functionality of the software in an offline environment.

  8. Data control and interoperability All user data stored by the software should be easy and free to be able to import, export, modify, delete, and transfer at all times. This functionality should be clearly implemented, with no added steps. Data should also be completely interoperable with other similar softwares.

  9. Account freedom and security The software should never ask or force the creation of an account, identity verification, or any other form of authentication. All portions of the software should be completely accessible without any further verification. However, if a user decides to credential protect certain portions of the software for security reasons, credentials should be stored entirely locally and securely.

  10. Universal compatibility and freedom The software should strive to be compatible with as many systems and devices as possible. There should be no restrictions on which operating systems or devices the software can be installed on besides what is not possible to do. For all installations, clear debug messages should be present for errors in the software, as well as an easy system to manage these error messages.

  11. Perpetual access The software should be available to install and use in full perpetually. There should be no time limit to be able to access the full functionality of the software. Trial versions of the software are not allowed. Users should have perpetual and unrestricted access to the complete software.

  12. Optional legal agreements Users should never be asked or forced into any legal agreements, contracts, terms of service, terms of use, privacy policies, etc. If it is absolutely necessary that any of those are included, there should be a clear and easy way to opt out completely from all parts of the agreement. Users should be fully opted out by default from any agreements, and users should be clearly aware of what they are opting into. The agreement should be written in a manner that can be easily understood, and in a manner that is clearly visible to the user. Users should be able to change their preferences afterwards, in an easy and clear way.

  13. Permissions The software's permissions should be easily changeable. Permissions include access to devices such as microphone and webcam, access to certain folders and files, access to modify and delete files, etc. These permissions should be clearly listed, and no unnecessary permissions should be enabled by default.

Disclaimer

Because I am terrible at writing, most of this was painstakingly generated using LLaMA 3.1 70B & 405B. Believe it or not, this was actually a lot of work. Not only did I have to give detailed enough explanations for it to give an output that aligned with my vision, but formatting and sorting each section took an insane amount of work. Not to mention hallucinations, outputs that did not fit the prompt, rate limiting, and multiple other issues. Finally, after months of planning, preparation, tweaking, and editing, I am happy with what has been created.

How to help

Even though I am happy with what has been created, it is by no means perfect and needs a massive amount of human intervention to improve it. Be nitpicky! I want to make this something the community is happy with, and something that is free of flaws and loopholes. I am very open to feedback here, since this is not the final version.

The Philosophy

Category: Open-Source and Licensing

  1. Open-Source Ecosystem: The entire software ecosystem, encompassing the core codebase, as well as all supplementary components, modifications, and derivatives, should be transparently and freely accessible to anyone. This means that all extensions, add-ons, plugins, and integrations, regardless of their origin or purpose, should be developed and shared under open-source licenses. Similarly, any forks or variations of the original software should also be openly available, allowing the community to benefit from diverse perspectives and innovations. By embracing openness and collaboration, the software can evolve more rapidly, securely, and equitably, with the collective efforts of a global community driving its growth and improvement.

  2. Free and Open-Source License: The software should be made available under a free and open-source license, allowing users to freely study, modify, and distribute the software. This means that the software should be released under a license that grants users the freedom to use, modify, and distribute the software, without any restrictions or limitations. The software should be made available in a format that is easily accessible and modifiable, such as source code, and should be accompanied by clear and concise documentation that explains how to use, modify, and distribute the software. The license should also allow users to create and distribute derivative works, such as modified versions of the software, and should not impose any restrictions on the use of the software for any purpose, including commercial use. By making the software available under a free and open-source license, the developers can promote collaboration, innovation, and community involvement, and can help to ensure that the software remains free and open for the benefit of all users. Additionally, the software should also be made available in a way that is accessible to people with disabilities, and should be designed to be usable by people with a wide range of abilities and needs.

Category: Code Quality and Development

  1. Readability and Code Quality: The code should be crafted with the utmost care for readability, making it effortless for humans to comprehend its intent, logic, and behavior. This means that the code should be written in a clear, concise, and consistent manner, using a syntax that is easy on the eyes. Variables, functions, classes, and other programmatic elements should be assigned descriptive and meaningful names that accurately convey their purpose and role, avoiding ambiguity and confusion. Additionally, the code should be liberally annotated with high-quality comments that provide context, explain complex concepts, and highlight key decisions, making it easier for developers to understand, maintain, and extend the codebase over time. By prioritizing readability, the code becomes a valuable resource for knowledge sharing, collaboration, and collective growth.

  2. Comprehensive Documentation: The code should be accompanied by comprehensive, accurate, and up-to-date documentation that provides a complete understanding of its functionality, behavior, and underlying architecture. This documentation should include detailed explanations of each component, module, and interface, as well as usage examples, tutorials, and guides that facilitate easy adoption and integration. Furthermore, the documentation should be written in a clear, concise, and accessible manner, using language that is free from technical jargon and assumptions about prior knowledge. By providing thorough documentation, the code becomes a self-contained resource that empowers developers to quickly grasp its inner workings, troubleshoot issues, and make informed decisions about customization, extension, and maintenance. This, in turn, fosters a culture of transparency, collaboration, and continuous improvement, where the codebase serves as a shared knowledge base for the entire community.

  3. Modular and Extensible Architecture: The software should be designed with a modular and extensible architecture, allowing users to customize and enhance its functionality through the use of extensions or plugins. This means that the software should provide a robust and well-documented API, as well as a plugin framework, that enables developers to create custom extensions that can interact with and modify the software's core functionality. The software should also provide a user-friendly interface for managing and installing extensions, making it easy for users to discover, download, and install new extensions. Furthermore, the software should be designed to allow extensions to be developed for all portions of the software, including the user interface, data processing, and core functionality. This will enable users to tailor the software to their specific needs and workflows, and will also enable developers to create specialized extensions that can be shared with the broader user community. By providing a robust extension framework, the software can become a platform for innovation and customization, allowing users to create a tailored experience that meets their unique needs and requirements.

  4. Transparent Development Process: The development process for the software should be transparent and clear, with documentation for each step of the process. This means that the development team should maintain a publicly accessible repository of documentation, including design documents, meeting notes, and technical specifications, that provides a clear understanding of the development process and the decisions that are being made. The documentation should be up-to-date and accurate, reflecting the current state of the software and any changes that are being made. Additionally, the development team should provide regular updates on the development process, including blog posts, social media updates, and email newsletters, that keep users informed about what is happening and what to expect. Any outages or disruptions to the software should be clearly communicated to users, with explanations of what happened, how it is being fixed, and when the software is expected to be back online. The development team should also provide a clear and transparent process for reporting and tracking issues, with a publicly accessible bug tracker and a clear process for submitting and resolving issues. By providing transparent and clear documentation and communication, the development team can build trust with users and demonstrate a commitment to openness and accountability.

Category: Deployment and Updates

  1. Uniform Deployment and Updates: All users should receive the same version of the software, with identical features, functionality, and updates, regardless of their location, device, or usage patterns. This means that the software should be deployed and updated uniformly, without any hidden variations, experiments, or segmentations that could create unequal experiences or introduce unnecessary complexity. No user should be unwittingly enrolled in A/B testing, beta programs, or other forms of differential treatment that could compromise their experience or create uncertainty about the software's behavior. By maintaining a single, unified codebase and deployment process, the software can ensure consistency, reliability, and fairness for all users, while also simplifying testing, debugging, and support processes. This approach also helps to build trust and transparency with the user community, who can rely on a predictable and uniform experience across the board.

  2. Access to Previous Versions: The software should maintain a comprehensive archive of all previous versions, making it possible for users to access, download, and install any earlier version of the software that meets their specific needs or preferences. This means that users should have the freedom to choose the version that works best for them, whether it's due to compatibility issues, feature requirements, or simply a preference for a previous user interface. Furthermore, the downgrade process should be straightforward and reversible, allowing users to seamlessly transition between versions without losing data, settings, or functionality. By providing unfettered access to previous versions, the software acknowledges that users have different needs and workflows, and empowers them to make informed decisions about their own software experience. This approach also demonstrates a commitment to user autonomy, flexibility, and choice, while also facilitating testing, debugging, and troubleshooting efforts by providing a clear and accessible version history.

  3. Optional Updates: Updates to the software should be optional, with users having complete control over what updates are applied and when. This means that the software should provide a clear and transparent update process, with detailed information about what changes are being made, why they are necessary, and what benefits they will bring. Users should be able to select which updates to apply, and which to ignore, with the ability to easily opt-out of any update that they do not want. Furthermore, the software should provide a clear and easy-to-use interface for managing updates, with options for selecting specific updates to apply, viewing update history, and rolling back to previous versions if needed. The ability to easily undo any and all updates should be a key feature of the software, allowing users to quickly and easily revert to a previous version if an update causes issues or is not desired. This approach recognizes that users have different needs and preferences when it comes to updates, and provides them with the flexibility and control to manage their software experience in a way that works best for them. By making updates optional and providing clear selection and undo options, the software can help to build trust with users and ensure that they feel in control of their software experience.

Category: Portability and Compatibility

  1. Portability and Compatibility: The software should be designed to be maximally portable and compatible, with the goal of running seamlessly on a wide range of systems, hardware configurations, and architectures. This means that the software should be developed with a focus on platform independence, using technologies and techniques that enable it to adapt to diverse environments and ecosystems. Whether it's running on a desktop computer, laptop, mobile device, server, or embedded system, the software should strive to be compatible with various operating systems, processor architectures, and hardware platforms. By embracing this philosophy, the software can reach a broader audience, increase its utility and value, and provide a more inclusive and equitable experience for users across different technological contexts. This approach also promotes flexibility, resilience, and future-proofing, as the software can more easily adapt to changing technological landscapes and evolving user needs.

  2. Interoperability: The software should be designed to be completely interoperable with other programs and systems, allowing users to seamlessly integrate it into their existing workflows and ecosystems. This means that the software should support open standards and formats, enabling users to easily import and export data, and exchange information with other applications and services. The software should also provide APIs, SDKs, and other integration tools, making it easy for developers to build custom integrations and extensions. Furthermore, the software should be compatible with a wide range of operating systems, devices, and platforms, ensuring that users can access and use it regardless of their technical environment. The software should also support multiple data formats, protocols, and interfaces, allowing users to easily integrate it with other systems and applications. By prioritizing interoperability, the software can provide users with a flexible and adaptable solution that can be easily integrated into their existing workflows, and can help to break down silos and promote a more connected and collaborative environment. Additionally, the software should also be able to work with other software and systems that are not yet known or developed, by using open and extensible architecture and protocols.

  3. Universal Accessibility: The software should be designed to be universally accessible, available to everyone regardless of their location, nationality, age, sex, background, or any other characteristic. This means that the software should be free from any geographical, cultural, or linguistic barriers that could limit its accessibility. The software should be translated into multiple languages, and should be compatible with different operating systems, devices, and platforms to ensure that it can be used by people from diverse backgrounds and with varying levels of technical expertise. The software should also be designed to be accessible to people with disabilities, with features such as screen reader compatibility, high contrast mode, and keyboard-only navigation. Additionally, the software should be available to people of all ages, with a user interface that is intuitive and easy to use for both children and adults. The software should not discriminate against any individual or group based on their nationality, ethnicity, sex, or any other characteristic. By being universally accessible, the software can promote global understanding, collaboration, and equality, and can help to bridge the digital divide that exists between different communities and regions.

Category: Security and Privacy

  1. Security: The software should be designed with security as a top priority, incorporating the latest security standards, best practices, and technologies to protect users' data and prevent potential vulnerabilities. This means that the software should be built using secure coding practices, such as secure coding guidelines, code reviews, and static analysis, to minimize the risk of common web application vulnerabilities. Additionally, the software should be regularly audited and tested for security vulnerabilities, using both manual and automated testing techniques, to identify and address potential weaknesses. To further enhance security, the software should also implement a bug bounty program, which incentivizes security researchers to identify and report vulnerabilities, allowing the development team to quickly address and fix them. The software should also stay up-to-date with the latest security patches and updates, ensuring that any known vulnerabilities are promptly addressed. Furthermore, the software should use secure communication protocols, such as HTTPS and TLS, to protect user data in transit, and implement secure data storage practices, such as encryption and access controls, to protect user data at rest. By prioritizing security and continuously monitoring and improving its security posture, the software can provide users with a safe and trustworthy experience.

  2. User Privacy: The software should be designed with a strong commitment to user privacy, ensuring that it does not collect, transmit, or store any personal data or usage information without the user's explicit consent. This means that the software should not include any telemetry or tracking mechanisms, such as analytics, crash reporting, or usage monitoring, that could potentially compromise the user's anonymity or reveal their behavior. The software should also avoid any form of data harvesting, profiling, or behavioral analysis, and should not share any user data with third-party services or advertisers. Furthermore, the software should provide users with complete transparency and control over their data, allowing them to easily inspect, modify, and delete any data that is stored locally on their device. By respecting user privacy and avoiding telemetry, the software demonstrates a commitment to trust, transparency, and user autonomy, and helps to protect users from the risks of data exploitation and surveillance.

  3. Privacy-Invasive Features: The software should be designed with a strong commitment to protecting user privacy, ensuring that any feature or functionality that could potentially compromise user privacy is carefully evaluated and implemented in a way that prioritizes user control and consent. This means that any feature that could be considered privacy-invasive, such as data sharing, tracking, or profiling, should be explicitly opted-out by default, requiring users to actively choose to enable it if they wish to do so. Furthermore, the software should provide clear and transparent explanations of how each feature works, what data it collects, and how it is used, allowing users to make informed decisions about their privacy. Any feature that is deemed to be potentially privacy-invasive should be clearly labeled as such, and users should be provided with easy-to-use controls to disable or configure it to their liking. By prioritizing user privacy and providing transparent and granular controls, the software empowers users to take control of their own data and make informed decisions about their online activities.

  4. Anonymity: The software should be designed to be completely anonymous, ensuring that users can interact with it without revealing their identity or providing any personal information. This means that the software should not collect, store, or transmit any data that could be used to identify the user, such as IP addresses, device fingerprints, or browser cookies. The software should also not request or require any form of identification, such as usernames, passwords, or email addresses, and should not prompt users to provide any personal information, such as names, addresses, or phone numbers. Furthermore, the software should be designed to operate independently of any external services or systems that may collect or store user data, ensuring that users can use the software without being tracked or monitored. By prioritizing anonymity, the software can provide users with a safe and private experience, allowing them to use the software without fear of surveillance, data collection, or identity theft. Additionally, the software should also be designed to resist any attempts to de-anonymize users, such as through traffic analysis or other forms of surveillance, by using techniques such as encryption, secure communication protocols, and decentralized architectures.

  5. Sandboxed Environment: The software should be designed to operate in a sandboxed environment, where it is completely isolated from the rest of the system and cannot access or modify any sensitive data or system resources. This means that the software should be executed in a virtualized environment, such as a container or a virtual machine, that provides a strict separation between the software and the underlying system. The sandboxed environment should be configured to restrict the software's access to system resources, such as the file system, network, and hardware devices, and should prevent the software from making any changes to the system or its configuration. The software should also be designed to operate within the sandboxed environment, with no dependencies on external libraries or services that could potentially compromise the security of the system. By operating in a sandboxed environment, the software can provide a high level of security and isolation, preventing any potential security vulnerabilities or exploits from affecting the rest of the system. Additionally, the sandboxed environment should also provide a clear and transparent way to monitor and audit the software's activity, allowing users to easily track and understand what the software is doing and how it is interacting with the system.

  6. Granular Permissions: The software should be designed with a robust and granular permissions system, allowing users to control exactly what data and functionality the software has access to. This means that users should be able to grant or deny specific permissions, such as camera access, file access, or location services, on a case-by-case basis. Furthermore, the software should only request the permissions that are absolutely necessary for its core functionality, and should not request extraneous permissions that could be used to collect unnecessary data or compromise user privacy. By default, all permissions should be turned off, and users should be required to explicitly opt-in to each permission before the software can access the corresponding data or functionality. This approach recognizes that users have different needs and preferences when it comes to data sharing and access, and allows them to tailor the software's behavior to their individual circumstances. The permissions system should also be transparent and easy to understand, with clear explanations of what each permission allows the software to do, and why it is necessary. By providing users with granular control over permissions, the software can demonstrate its commitment to user autonomy and data protection, and can help to build trust with its users.

Category: User Experience

  1. Simplicity and Ease of Use: The software should be designed with simplicity and ease of use in mind, making it accessible to users of all skill levels and backgrounds. This means that the software should be easy to install, with a straightforward and streamlined installation process that requires minimal user input. Once installed, the software should be intuitive to use, with a clear and logical interface that makes it easy for users to find and access the features and functions they need. The software should also be easy to uninstall, with a simple and complete removal process that leaves no residual files or settings behind. Updates should be seamless and automatic, with clear notifications and explanations of what changes have been made and why. Navigation within the software should be straightforward and intuitive, with no obscured or hidden menus or options. All features and functions should be clearly labeled and easily accessible, with no unnecessary complexity or clutter. The software should also provide clear and concise documentation and support resources, including user manuals, tutorials, and FAQs, to help users get the most out of the software and troubleshoot any issues that may arise. By prioritizing ease of use and simplicity, the software can reduce user frustration and anxiety, and make it easier for users to achieve their goals and accomplish their tasks.

  2. User-Friendly Agreements: Any legal agreements or terms of service associated with the software should be designed to prioritize user autonomy and flexibility. This means that users should have the ability to opt out of specific or all parts of the agreement, and that opting out should be the default behavior. In other words, users should not be required to opt in to any terms or conditions, and should instead be able to choose which parts of the agreement they wish to accept or reject. This approach recognizes that users have different needs and preferences, and allows them to tailor their relationship with the software to their individual circumstances. By providing users with the ability to opt out of specific or all parts of the agreement, the software can demonstrate its commitment to transparency, fairness, and user empowerment. Furthermore, the software should also provide clear and concise language in its agreements, avoiding legalese and technical jargon that could confuse or intimidate users. The goal should be to create a legal framework that is fair, flexible, and user-friendly, and that prioritizes the needs and interests of users above all else.

  3. Efficiency and Performance: The software should be designed to be efficient and optimized for performance, using only the necessary processing power and resources to accomplish its tasks. This means that the software should be written with a focus on minimizing computational overhead, reducing unnecessary computations, and optimizing data structures and algorithms for speed and efficiency. The software should not intentionally introduce lag or delay, nor should it use more processing power than necessary to discourage certain behaviors or to create a perceived sense of complexity. Instead, the software should strive to provide a seamless and responsive user experience, with fast and efficient performance that allows users to complete their tasks quickly and easily. The software should also be designed to adapt to different system configurations and hardware capabilities, ensuring that it runs efficiently on a wide range of devices and platforms. Furthermore, the software should be designed to minimize its impact on system resources, such as memory and CPU usage, and should not consume excessive amounts of power or battery life. By prioritizing efficiency and performance, the software can provide a better user experience, reduce frustration and annoyance, and help to minimize the environmental impact of computing.

Category: User Control and Autonomy

  1. Perpetual Access: Users should have the freedom to access and utilize the software to its fullest potential, without any artificial restrictions, limitations, or time constraints. This means that the software should not be designed with expiration dates, subscription-based models, or other mechanisms that could potentially limit its use or functionality over time. Once a user has obtained the software, they should be able to continue using it, without interruption or degradation, for as long as they see fit. The software should not be subject to vendor lock-in, forced upgrades, or other forms of coercion that could compromise the user's autonomy or freedom to choose. By granting users perpetual access to the software, the developers acknowledge that the user has invested time, effort, and resources into learning and utilizing the software, and that they should be able to reap the benefits of that investment without fear of interruption or loss of functionality.

  2. Offline Capability: The software should be designed to function fully and independently in an offline environment, without relying on a constant internet connection to operate. This means that all core features, functionality, and data storage should be self-contained within the software, allowing users to work, create, and interact with the software without any dependency on external networks or servers. Unless a specific feature or module explicitly requires an internet connection to function (e.g., online collaboration, cloud syncing, or data fetching), the software should be able to operate seamlessly in offline mode, without any degradation or loss of functionality. By prioritizing offline capability, the software ensures that users can work efficiently and effectively, even in areas with limited or no internet connectivity, and that their productivity and workflow are not disrupted by network outages or connectivity issues.

  3. User Data Control: Users should have complete control over their data, with the ability to easily import, edit, delete, and export all of their data in a format of their choice. This means that the software should provide a straightforward and intuitive interface for managing data, with clear and concise options for importing data from other sources, editing existing data, deleting data that is no longer needed, and exporting data to other applications or formats. The software should also support a wide range of data formats, including CSV, JSON, XML, and others, to ensure that users can easily exchange data with other applications and services. Furthermore, the software should provide users with the ability to customize the data import and export process, with options for selecting specific data fields, filtering data, and transforming data into different formats. The software should also provide users with a clear and transparent view of their data, with options for viewing data in different formats, such as tables, charts, and graphs. By providing users with complete control over their data, the software can empower users to manage their data in a way that meets their needs, and help to build trust and confidence in the software.

  4. User Content Ownership: Users should have complete ownership and control over any content created or generated by or using the software. This means that users should be able to export, share, and use their content in any way they see fit, without any restrictions or limitations imposed by the software or its developers. The software should not claim any ownership or rights to user-generated content, and should not use such content for any purpose without the user's explicit consent. Users should be able to export their content in a format that is compatible with other software and platforms, and should be able to use their content for any purpose, including commercial use. The software should also provide users with the ability to delete their content at any time, and should ensure that all user-generated content is stored securely and in accordance with the user's preferences. Furthermore, the software should be designed to ensure that users' content is not used for any purpose that is not explicitly authorized by the user, and should provide users with clear and transparent information about how their content is being used and shared. By giving users complete ownership and control over their content, the software can promote creativity, innovation, and freedom of expression, and can help to build trust and confidence in the software and its developers.

  5. Complete Uninstallation: When the software is uninstalled, it should be completely and thoroughly removed from the user's system, leaving no residual files, folders, registry entries, or other remnants behind. This means that the uninstallation process should be designed to delete all files, settings, and data associated with the software, including any configuration files, cache files, and other temporary files that may have been created during use. The software should also remove any registry entries, system hooks, or other system modifications that were made during installation, restoring the system to its original state. Furthermore, the software should not leave behind any hidden or obscure files or folders that could potentially be used to track or monitor the user's activities. The uninstallation process should be transparent and straightforward, with clear notifications and progress updates to let the user know what is happening. Once the uninstallation is complete, the software should be completely gone, with no lingering presence or influence on the system. By ensuring a complete and thorough uninstallation, the software can demonstrate its respect for user autonomy and system integrity, and help to maintain a clean and organized system.

  6. Decentralized Operation: The software should be designed to operate in a decentralized manner, where no single central server or authority controls the flow of data, updates, or functionality. Instead, the software should be able to function autonomously, leveraging peer-to-peer networks, distributed architectures, and decentralized protocols to enable users to interact, share, and collaborate without relying on a single point of failure. This means that the software should be capable of self-organization, self-healing, and self-updating, using mechanisms such as blockchain, distributed hash tables, or other decentralized technologies to ensure its continued operation and evolution. Furthermore, the software should provide a decentralized means of distribution, allowing users to download and share the software using peer-to-peer networks, such as BitTorrent, or other decentralized file-sharing protocols. By decentralizing both the software's operation and distribution, users can enjoy greater autonomy, resilience, and freedom, while also promoting a more open, inclusive, and community-driven development process.

Category: Community and Cost

  1. Community-Driven: The software should be designed to be community-driven, with a decentralized governance model that allows for collective decision-making and shared ownership. This means that the software should not be controlled by a single entity, such as a corporation or individual, but rather should be maintained and developed by a community of users and contributors. The community should have a say in the direction and development of the software, with opportunities for feedback, suggestions, and participation in decision-making processes. The software should also have extensive community support, with a strong and active community of users, developers, and contributors who can provide help, guidance, and resources to one another. This can include online forums, social media groups, documentation, and other resources that facilitate communication and collaboration. By being community-driven, the software can ensure that it remains free from corporate or individual interests, and is instead guided by the needs and values of its users. This approach can also help to foster a sense of ownership and responsibility among community members, who can work together to maintain and improve the software over time.

  2. Cost-Free: The software should be completely free of cost, with no fees, charges, or subscriptions required to use it. This means that the software should be available for download and use without any financial obligation, and that users should not be required to pay for any features, updates, or support. Furthermore, the software should not have any paid or premium alternatives, such as "pro" or "enterprise" versions, that offer additional features or functionality for a fee. Instead, the software should be a single, unified product that is available to all users at no cost. By being entirely free of cost, the software can be accessible to a wider range of users, including those who may not have the financial resources to pay for software. This can help to promote digital inclusion and equality, and can also help to ensure that the software is used for the benefit of all users, rather than just those who are willing or able to pay for it. Additionally, the software should also be free from any advertising, sponsored content, or other forms of monetization that could compromise the user experience or create conflicts of interest.

  3. No Account Requirement: The software should never require users to create an account or provide any personal information to use its full functionality. This means that users should be able to download, install, and use the software without ever being prompted to sign up, log in, or provide any identifying information. The software should be designed to operate independently, without relying on any external services or systems that require user authentication. Furthermore, the software should not use any tracking or analytics mechanisms that could be used to identify or profile users, even if they choose not to create an account. By not requiring an account, the software can provide users with a truly private and anonymous experience, free from the risks of data collection, profiling, and targeted advertising. This approach also respects users' autonomy and freedom to use the software without being forced to surrender their personal data or create a digital identity. The software should be designed to work seamlessly without an account, providing users with the same level of functionality and performance as if they had created an account.

Explanations

You may be wondering about why I added certain things I did. Here are a few:

  1. Readability and Code Quality: This is to prevent obfuscation or other things that prevent open source code from being easily readable and modifiable. It also means you can't release a compiled program and call it open source.

  2. Modular and Extensible Architecture: Things like sideloading exist so that developers don't create a monopoly on proprietary-in-nature ways to change or extend software.

  3. Uniform Deployment and Updates: Lots of companies (Google and Meta, to name a couple) will release slightly different versions of software to different people as a way to collect usage data for different designs and code adjustments. YouTube has also released a tool to do this with thumbnails. While I see the benefit, I personally do not agree with the idea that different users should be running different types of the same software.

  4. Sandboxed Environment: Lots of software (such as games with anticheat) require you to run it in an unsandboxed environment and abuse those rights to gain privacy invasive access to the system

  5. Efficiency and Performance: This section is due to one of my own personal experiences. Before I started my privacy journey, I had gotten a brand new flagship phone and installed Instagram on it. Instagram should have no problem running on the latest and greatest of devices. I noticed in a convoluted menu where you could set ad preferences, whenever I tried to change (manually, one by one, for each ad category) my ad preferences, my phone would get extremely hot and start slowing down until I exit the menu or closed the app. While I can't confirm, I can absolutely see motive for them to intentionally make the device commit digital suicide when you try to grasp any shred of privacy, and even if that isn't what happened, I don't like the possibility.

Thank you!

Thank you all for taking the time to read through my philosophy. It took a lot of time and effort to create, and I hope I can make it better for everyone!

57
submitted 6 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

A while ago I reached a point in my privacy journey where I simply felt bored. It's not a result of going too far in privacy, but simply my threat model has caused me to let go of a lot of things that used to entertain me (games, movie streaming, short form video, etc.) The entertainment landscape in privacy seems pretty bleak, since you no longer own the movies you watch, the games you play, and lots of proprietary software along the way. I entertain myself through FreeTube, physical copies of movies, and offline installations of games like Minecraft, but it's still a step down from how it used to be.

What do you do to keep yourselves entertained in a privacy conscious way?

45
submitted 6 months ago* (last edited 6 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

I was researching WebMail providers, and noticed that most WebMail providers recommended in privacy communities are labelled as proprietary by AlternativeTo.

I made a list of WebMail providers, private or not, to see which ones were actually open source:

Proprietary

AOL Mail: Free

Cock.li: Free

CounterMail: Paid

Fastmail: Paid

GMX Mail: Free

Gmail: Free

HEY Email: Paid

Hushmail: Paid

iCloud Mail: Free

Mail.com: Free

Mailbox.org: Paid

Mailfence: Freemium

Outlook.com: Freemium

Posteo: Paid

Rediffmail: Paid

Riseup: Free

Runbox: Paid

Soverin: Paid

StartMail: Paid

Yahoo! Mail: Freemium

Yandex Mail: Freemium

Zoho Mail: Freemium

Open source

Criptext: Free

Disroot: Free

Forward Email: Freemium

Infomaniak kMail: Freemium

Kolab Now: Paid

Lavabit: Paid

~~Mailpile: Free~~

Proton Mail: Freemium

~~Roundcube: Free~~

Skiff/Notion: Freemium

Tuta: Freemium

Unless I'm missing something, it seems like people overlook this when deciding on WebMail providers. Is it a distinction between a proprietary backend server and a proprietary app, or is there a different way to decide if a WebMail provider is proprietary vs. open source? Lavabit was labelled proprietary by AlternativeTo, but open source by Wikipedia.

Note

If I have labelled an open source WebMail provider as proprietary by mistake, please provide evidence by linking to the source code, and I will happily change it.

50
submitted 7 months ago* (last edited 7 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Previous post

Raivo launched another update today with the following message:

Dear users,

We apologize for the issues caused by our recent update. Please be assured that we are working around the clock to find a solution for this situation. In this version, we have implemented a temporary fix that enables the import and export feature.

If you receive a prompt asking you to choose between offline backup or iCloud, please select iCloud and enter your MASTERKEY. This will allow you to recover all of your codes.

We are still working and conducting thorough testing to determine how we can resolve this issue. We appreciate your patience.

Best regards,

Unfortunately I did not sync my app to iCloud previously due to distrust with Apple, which I acknowledge is entirely my fault. This means I was not able to recover my codes.

I suggest using 2FAS instead of Raivo. I've used it for 9 months and had no issues whatsoever.

Edit: @pr0927@lemmy.world has also recommended ente

@emptyfish@beehaw.org, luck is in your favor.

48
submitted 7 months ago* (last edited 7 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

I'm looking for a way to have a private method for Tap to Pay on GrapheneOS. Ideally I would like compatibility with privacy.com, and if possible have the option for Monero. I don't mind going through an exhaustive setup process. What are my options?

Edit: The point of this is not for convenience, I am trying to avoid using my standard credit/debit card to provide privacy against my bank by using privacy.com or Monero when cash is unavailable.

57
submitted 7 months ago* (last edited 7 months ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

9 months ago, Raivo OTP for iOS was sold to Mobime. Raivo was hailed highly in terms of privacy, but was dethroned to 2FAS Auth after that incident. Today, Raivo launched an update, and after updating all of my entries were completely wiped. I didn't have a backup, but even if I did you now have to pay in order to import/export TOTP codes. No thank you.

If you haven't already, create a backup right now for all of your 2FA apps, even if you think it won't break.

44
submitted 7 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

I never want to get a smart TV, but I found this exact TV (Toshiba FireTV) on the side of the road and decided it would be a fun project to try enhancing its privacy as much as I can. It did not come with the remote or any other accessories besides the TV, so if there is any way to pair an iPhone/Pixel as a remote that would also be good. Is there any way to replace the software with something open source, and anything else I can try?

Thank you all!

[-] Charger8232@lemmy.ml 16 points 9 months ago

If you consider raising awareness about a brand name to be an advertisement, then it does. I do see your point, though.

[-] Charger8232@lemmy.ml 15 points 9 months ago

I've been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.

[-] Charger8232@lemmy.ml 16 points 9 months ago

Here are some helpful links from the EFF (Electronic Frontier Foundation) on the topic:

https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices

https://www.eff.org/files/2017/03/10/digital-privacy-border-2017-guide3.10.17.pdf

https://www.eff.org/files/2018/01/11/border-pocket-guide-2.pdf

https://www.eff.org/issues/border-searches

I'm sure there's more that I haven't put here, feel free to sift through the search page

Having lived in the U.S. my whole life, (and this doesn't speak for everyone), it's not the dystopia people make it out to be all the time. In fact, people will likely judge you for wearing a face mask. If you care about hiding your face, sunglasses and a cap is enough. Remember to be reasonable with your threat model!

[-] Charger8232@lemmy.ml 17 points 10 months ago

Note to self: Do not live in Nevada.

view more: ‹ prev next ›

Charger8232

joined 10 months ago