🅿🅸🆇🅴🅻

  • 6 Posts
  • 82 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle


  • Those share buttons are trackers themselves. So it’s not about “supporting” those websites by publishing content to them, it’s about undermining the privacy of your readers and doing the opposite of what you preach, and “supporting” those websites by feeding them much more valuable user data. As another comment said, just put a button to copy the permalink and let them paste themselves if they want to share.

    As for you sharing a link on the mainstream social media platforms yourself, I’d actually encourage that. Cory Doctorow auto-publishes links (not content) to his articles on as many social media platforms as he can (sorry, can’t find the article in which he describes it). The point is that he still retains control over his content by hosting it himself, he controls the (lack of) trackers and ads, and gaining traffic from these platforms is still to his and his potential readers benefit. Bending your rules a little to reach more people and maybe even convert them to be more privacy-aware is fine.



  • For email migration / Proton:

    • Proton has an import tool but I think it’s still for paid customers only. You could pay for a 1 month subscription and do your thing.
    • The import tool has labels matching, pay attention to them if you want to migrate them too. If you have multiple addresses, create a label for each when importing so you’ll have an easy time identifying/filtering later.
    • I would encourage a paid Proton subscription if you can afford it, for its extra features. I.e. unlimited folders / labels; I also use the Export tool from time to time to backup all Proton email messages offline.
    • When changing your email address for accounts, you need to make sure all are accounted for in your password manager, and use a status for each of them (ie To migrate, Migrated, Cannot migrate / To delete, Cannot migrate / create new). This is going to be a tedious process, but it will be rewarding at the end.
    • Don’t leave your accounts that you cannot migrate in the air (ie they don’t have a change email option), even if they’re not important. Delete them. You might have to contact support on some of them to try to change email or request deletion. Consider this a spring cleaning and make the efort.
    • When deleting accounts, use the GDPR option if possible / you’re in the EU.
    • Keep your old Gmail around for some time to catch any accounts linked to it that you might have missed. As somebody else mentioned, there might be some for which you used Gmail login and those are easy to miss, especially if they don’t send any emails. You won’t be able to recover them without access to your Google account.
    • I wouldn’t bother with forwarding emails (why let Google know of your new identity?). Delete emails already imported. Use the import tool multiple times to import any new ones.
    • When you do the email address migration, even if you didn’t have multiple email addresses in Gmail, this could be a good time to separate online identities and have multiple addresses and/or aliases in Proton (ie 1. for personal/official/utilities accounts - your real identity, 2. shopping - still real identity, but these might be spammier, 3. rest/disposable/not tied to your real info/no payment enrolled; even more, depending on your use case). Any Proton paid plan allows you to have multiple addresses under the same login (10 for Mail Plus for example).
    • Personal opinion: Proton is awesome. Every year, even on the cheapest Mail Plus plan, Proton awards a 1GB Storage Bonus to all paying users.
    • The free plan has a limit of only 1 custom filter (they used to limit them for Mail Plus too, some time ago). To bypass that (Proton even encourages it because it’s more efficient for their servers), learn Sieve Filters, and that way you can group multiple filters into one sieve (or have all of them in one sieve, if on the free plan). You can use comments in sieve filters.
    • Proton supports the “+” in the address, just like Gmail does. It’s a quick way of creating aliases.
    • The Proton password manager also has some feature of creating aliases (for paid plans) - they call them “hide-my-email aliases”; but it’s limited for the lower tier plans (10 for Mail Plus), and maybe you wouldn’t want to bother with it since you won’t be using it as your actual password manager.
    • Something I learned the hard way, don’t use a short 3-4 characters username / email address (probably hard to find any available anymore, as Proton exists for some time); it will attract more spam from spammers randomly generating email addresses / generating them from a dictionary.

    For Youtube, on Android:

    • I use Youtube in Brave browser, which for the time being can still block the ads, and also keeps playing in the background.
    • When I want to avoid Youtube, for Youtube links, I use UntrackMe (F-Droid), which (among others) redirects to an Invidious instance opened in the browser. Initially I installed it for Twitter, but Nitter doesn’t work anymore.

    Cloud storage:

    • I’d go the self hosted route - NextCloud + DAVx5 (contacts sync), and VPN to access it when out of home (if needed; otherwise, set it to sync over unmetered WiFi connections only, and mark your home WiFi as unmetered). But this is me - I could probably safely use Proton Drive, but wouldn’t have the same flexibility and would force me to a higher cost plan. For you, this means entering homelab territory and it gets complicated. But IF you do, there are other self-hosting apps you could benefit from (ie PiHole, Jellyfin, Home Assistant if you’re into home automation, etc).

    2FA app:

    • Never tried Authy, but I use Aegis and it’s good. Open source, it has backup, export, custom icons for entries, (bulk) import via QR, etc.

    Video player:

    • You could try VLC if you need subtitles support.

  • I follow your blog from time to time and I appreciate it. Just with your recent posts I realized you have an active Lemmy account.

    I was going to continue this comment with “But I don’t get…”, then I stopped and read your blog post again and remembered rule #2.

    I think I get what you are trying to say, it’s good that there are some mod tools to help with modding, but they’re not enough, and even if racism isn’t as visible on Lemmy, people targeted by racism still exist and get hurt. So I guess your point is be more proactive than reactive. People don’t get that, and even if they are well intentioned, they think of all the defederating and banning examples as “good enough”.

    Early adopters are also overprotective with Lemmy and its small community, especially when a newcomer directly questions “how is racism in this community?”. They found their peaceful corner of the internet (relative to major social media platforms), they know it has its flaws, but since the beginning they had to defend to questions like “who owns the data?”, “what happens with deleted posts / comments”, “is defederatation effective”, “what about that Lemmygrad which is hosted by Lemmy developers”, can mods and admins become too powerful", “how long till this gets the same fate as Reddit”, etc.

    I’m not defending the behaviour, just thinking of an explanation. Because frankly, I’m also surprised by the downvotes and backlash you received.

    So I guess what I was trying to say is, “Hi Jon! Keep up the good work!”


  • Signal is modern as in modern, good cryptography. Most of development time went into that.

    With security, you always need to trade-off convenience and bling features. “Lazy as hell” don’t go well with that. I can understand lacking group video calls and ability to run on multiple devices, but not “sticker repository” and “animated emojis”. I wish they didn’t spend time on the Stories feature either, it’s supposed to be a messenger, not a social media platform.


  • Please don’t go the RaspberryPi route for serious self-hosting, you’ll regret it later when you’ll realize it’s not powerful enough for ie NextCloud. It can handle PiHole for example (minus digging through the historical logs / stats via its interface), but when adding more and more services (Nextcloud, Jellyfin, a VPN, home automation, etc), it will be easier to expand via VMs (Proxmox) / Docker on a single machine that you need to maintain, you’d have easier snapshot backups, single point for firewall rules, etc, than adding RPIs. Buy a mini server, you’ll have flexibility, room for upgrade, and the costs and power consumption will be justified when scaling to multiple services.








  • Yes I do, and a price increase of only $10 (so $30 vs $20) can make a big difference in sound quality for a pair of headphones for work (meetings and some music off Youtube). So it’s not even about hifi (at that price range, of course not), it’s about giving a shit and do a little research / testing before settling on a slightly better low end consumer product. Or, given a certain budget, maximise the quality for it, again, by doing some research beforehand, no matter what you plan to buy. But, most people are lazy.

    When it comes to music, it also depends on a person’s tastes. Ariana Grande sounds the same to me weather played on Sennheiser headphones or a microwave oven.


  • No, logins should be harder in order to be secure. Hence the addition of 2FA (which is also incompatible with your proposal).

    As developers, we strive to make things more secure, not less, and unfortunately, good security always comes with the trade-off of less convenience for the user (larger entropy passwords, session expiration, captchas, etc).

    Now, of course, it depends on how sensible the data in that account is. I wouldn’t want this for my email account, for example, or online password manager, which are the entry gates to all my other accounts. The Kagi search engine offers the possibility to login on another device via a session URL which you can copy-paste. And this is fine, if the site / app clearly states the dangers, implemented it securely, tracks and lists the sessions and allows you to invalidate a session for all devices, and you are fine with potentially disclosing the data for that account (forgetting to log out, or disclose the session URL somewhere) - which is not much, as they don’t log the searches, only the daily counts. And their use-case makes sense, people aren’t used to authenticating in order to search something on the internet.

    So, this should be an optional feature offering from the website / app, not built-in in the browser which would make it trivial to be abused by anyone.