Simon Müller

use Tor Browser.

If your concern is fingerprinting, that is undeniably the best there is out of the box.

If you want Tor Browser without having to use the Tor Network, Mullvad is basically just that; Tor Browser without the Network.

SimpleX is quite a promising project, uses Double Ratchet End-to-End-Encryption (from Signal), and has a very interesting protocol and model to provide quite strong metadata protection, especially in regards to whom you talk to and groups you’re in.

If your threat model requires exceptionally strong Metadata protection, SimpleX is probably going to be your go-to

Though, for a more lenient threat model, where still good, but less laser-focused metadata protection is enough, Signal will probably do just fine.

Personally I use Signal, but I also have a SimpleX Profile, an XMPP Account and Matrix. (preferred in that order)

Yes, they self-implemented that.

So unlike Heliboard, you don’t need to import Google’s Swypelibs.

Its great, same as their standalone Speech-To-Text Application.

Just FYI, Heliboard (continuation of OpenBoard) has all of the above. Just note that you’ll need to import Google’s Swype library once to use Swipe-To-Type.

This is a deliberate decision to force people to turn off tracking protection.

No this is a hilarious fuckup where they forgot to move twitter.com, pbs.twimg.com and more off of the Twitter domains, so Firefox started blocking it because to Firefox it looks like Social Media trackers.

Mozilla already pushed a fix.

I won’t properly reply to this, I’m biased cuz a friend of mine works on this 🥴

That’s just fine.

If all that you wanna do is download stuff, maybe try https://cobalt.tools

It pretty much just grabs the raw URL to the content for you, without the UI and fluff (in the case of Instagram) so you can just do a little “save as…” and it’s worked quite reliably for me to view content my friends sent me.

The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.

The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)

It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?

And again, Durov’s claims are entirely assumptions, and that coming from someone that has had [various](https://mtpsym.github.io// different vulnerabilities and weird bugs on their platform

That already exists, but it’s weak in terms of encryption.

Musk himself hasn’t actually provided any sources either, all his statements made on Twitter recently are basically pulled from thin air, almost like vague references

It isn’t google-free in the sense that it ships https://microg.org

Unless you enable SafetyNet, none of Google’s code runs.

Proton and Wire didn’t share any decrypted ciphertexts, Wire shared a ProtonMail address and Proton an iCloud Address that they had set as a recovery method.

Personal info like where they live came from Apple.

Most info came from the fact that they made the move to link their personal iCloud Mail as a recovery method.

Infinite wisdom.

there are additional cookies with duration as high as 1825 days, not 180… So which is it?

Whatever the browser reports is what they are actually doing.

In Firefox, enter the developer tools, navigate to the “Storage” tab and open the “Cookies” dropdown. For any given domain you can now look at the “Max Age” or Expiry date.

the metadata still isn’t.

That doesn’t quite work in the case of Signal

The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn’t encrypted.

Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn’t realistic.

*: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling…especially if you wanna stay sane whilst having a threat model

approximately 9 months, sometime in summer of last year

I’m curious about all the people in this thread saying regarding phone numbers considering I do have an account that’s just an email alias and thats it 🤔

the Voice Server Backend is basically done, currently there’s ongoing re-works of the desktop client (limited demo at https://revolt.chat/app IIRC), as well as closed betas for iOS and Android native apps.

There’s also a slew of Third-Party Clients and an open Client-Server API.

Just remember that this project is built by people in their free time, not a VC-Backed company.