That’s true, there’s always going to have to be some trust, but a provider that takes the time and expense to invest in a privacy audit or defend their clients by not logging and establishing that in court certainly indicates they’re worth having that trust in.
Do ISP’s monitor or sell or pass on your data? Yes.
Do VPN’s? Depends on the VPN. Find one that doesn’t and can back that up with 3rd party audits and legal encounters.
So can a good VPN protect your privacy? No, not by themselves. A VPN is part of an overall toolkit to be as private as you personally would like to be. It can help protect your privacy, that’s all.
It’s really that simple.
That’s an excellent point that I don’t see mentioned very often. Quite aside from the fact that Threads has popular scumbags like Libsoftiktok on it, they have 100 million users.
The existing fediverse is already struggling to moderate effectively. Various communities on Mastodon have already been exposed to vitriolic trolling and tools like fediblock are struggling to deal with it. Over here on the threadiverse, there have been numerous spam and CSAM attacks which, again, the existing tools are struggling to deal with.
If even just 1% of the Threads userbase are bad actors, that’s still one million bad actors all at once. Just the weight of numbers alone is going to swamp most instances.
Sure, but even the most ‘normie’ of my friends have heard of FFox. I think it’s fair to say it’s pretty mainstream even if its not widely adopted. You’re right that they do claim to be privacy respecting and I think they are when compared to the immediate competition. It’s a matter of degree. Are they more private than Chrome? Yes. And that’s a step in the right direction whilst at the same time people like you and I know they could do a lot more.
I don’t disagree with you that Mozilla are not exactly on the ball, all I’m saying is that Brave comparing their privacy hardened fork of Chrome with a non privacy hardened mainline browser is, at best, disingenuous.
Right, but what I said was that those of us who care about privacy know is that FFox is a starting point, not an end point. FFox is a more private browser than Chrome. But Brave is a privacy hardened fork of Chrome, therefore a more valid comparison is between Brave and a privacy hardened fork of FFox.
I think those of us who care enough about privacy issues to even be aware that Brave exists are well aware that out of the box FFox is a starting point, not an end point. FFox vs Chrome is a valid basis for comparison in a way that this simply isn’t. Comparing Brave with LibreWolf or Mullvad is a more valid comparison.
True, but let’s not forget that Lemmy instances are hosted by ordinary people without the finances to employ high price legal teams. If they receive a threatening letter from (for example) Sony or Disney they still have to either acquiesce or find a lot of money very quickly to simply argue their case.
Nope, no issues :) Debian is (as you know) pretty rock solid and Mint is too. It’s pretty much like having a system as reliable as Ubuntu but with none of the Canonical bullshit.
Depends on what level of privacy you want. I’m using Linux Mint Debian Edition with GNOME installed on it and it hits the sweet spot between privacy respecting and Mint’s ease of use.
I think the thing with open source (re: your free labour point) is that it’s entirely voluntary free labour - I know that wasn’t the thrust of your point but there are pros and cons to it. The lead dev could one day say ‘fuck it’ and walk away, but for a project of any size/popularity there’s a lot of people ready and willing to fork it or ask for ownership to be transferred. It’s not very often a very popular bit of code is totally abandoned.
Open source, to me, offers a sort of peer review system. Most people developing open source stuff already care about code quality and privacy, contributors also do and the myriad of people using it have a core set of people who also do. That’s a lot of eyes. There’s also tools to diff code so its pretty easy to spot changes. And I do do that.
But I take your wider point - it all eventually comes down to trust. But that’s true of legal requirements too. And also organisation behaviour. Brave for example have been caught at least 3 times doing very dodgy stuff and yet as far as I can tell they continue to grow. I don’t necessarily accept that one instance of law breaking or otherwise poor behaviour is instant death for a company. If it was, G and Meta would be long gone.
All I can do is reiterate that all of us have different things that we choose to place some trust in and we all have different ways of assessing what leads us to trust. But at the end of the day, there are no cast iron guarantees.
I self host just about every service I can, including search.
You’re asking for a guarantee, which I’ve repeatedly admitted I can’t offer because absolutely no one can provide that. No provider, no service, no software. All we can do is decide what we each consider to be actions/behaviours indicative of trust and use their offering in a way that maximises privacy for us as individuals. I put more trust in software/services that has code that anyone can read, that has been independently audited, that is trusted by the community and possibly tested in a legal environment. You might put more trust in things like privacy policies and other legally binding documents. Neither of us can guarantee anything however. I’ve lost count of the number of companies who’ve violated privacy laws and users only find out years or even decades after the fact.
But I’ll say it again - whats right for me might not be right for you and that’s fine.
That’s absolutely your call mate. I’m not here to tell you you’re wrong. I just know what it is that I personally consider to be active steps towards establishing trust and that I base my opinion on them. If yours and mine don’t align, so be it - to each their own.
Again, I’m not considering them to be intentionally malicious or deceptive, I’m saying without the basics in place, we’re being asked to just trust them.
I’m aware of the limitations you describe and you’re right that there’s no way to 100% guarantee anything, there has to be some element of trust. So the services/software I choose to use have done all the things I mention, or I run them locally. Does that mean they’re 100% perfect? No, of course not but the fact they’ve gone to great lengths to establish at least a basis for trust means a lot to me. Some of them have gone on to be tested in some sort of legal encounter where again, they performed well.
Trust is a personal thing, we all have different perceptions of what makes an org trustable - if Kagi match yours, good for you.
I don’t suspect or accuse them of anything. Quite the reverse - what I’m saying is that without things like open source code, privacy audits etc, we’re being asked to take their word for it all. They might well be the most privacy respecting company ever and they equally might not be. If you’re happy to take their word for it, that’s entirely your call. I’m not trying to change anyone’s mind, I’m just answering OP’s question with my own opinion.
That’s a security audit, looking at its vulnerability to attack.
Deciding to trust a provider - any provider - isn’t just any one thing. So, the most basic step to me is all the relevant code being open source. The next step is getting their infrastructure audited. The step after that is seeing what happens if they get court ordered to provide data.
They do none of that and I’m just too cynical to accept ‘trust me bro’ as a convincing sales tactic.
Because claiming they don’t is not the same as being able to verify they don’t by making their code open source.
It is worth noting though, that Proton doesn’t allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.
Obviously using an apple ID is stupid but Proton could make more of an effort too.