poVoq

poVoq, 20 hours ago

Because there is a lot more metadata than just IP addresses.

poVoq, 19 hours ago

You seem to be unaware of how Matrix works. It is inherent to the protocol that room metadata is shared with other servers. It is not fixable as it is working as intended. This feature is nice for censorship resistance, but it is pretty much a nightmare for metadata privacy.

poVoq, 18 hours ago

Like all of it. It is not a “leak” if it is working as intended.

Anyone can spin up a Matrix server, join a room with it and the Matrix network will happily push a complete copy of the room metadata (all the way back to the point the room was first created) to that new homeserver.

poVoq, 18 hours ago

There is a lot more metadata than just avatars and reactions. Accounts and their room membership over time, timing of messages (and thus online times), individual interactions between specific users (based on the timing of their messages) and so on. That is all in the unencrypted metadata of a Matrix room and can’t be moved to the encrypted message part like avatars and reactions.

poVoq, 17 hours ago

No, because Matrix stores all this info and gives it freely to other servers retroactively(!). Also with network layer sniffing (which is anyway much harder to do) you can only see which home-server talked to with other homeserver and what clients talked to their homeserver. If you have the full room meta-data you can easily make a social graph of which account talked to whom when and where.

poVoq, 17 hours ago

Yes it is a problem for both public and private rooms as this info is stored and shared retroactively. Lets say one of the participants of a private room gets compromised or you invite someone that has their account on a compromised homeserver. This then results in the entire room meta-data history (since the room was created) being shared with that compromised homeserver which can then easily analyse it in detail.

poVoq, 16 hours ago

lol, why are you even posting on a privacy community then? And using Tor doesn’t help at all in that case.

poVoq, 15 hours ago

Obviously you need someone joining the room for the room metadata to be shared between homeservers. But that is really only a minor barrier and once that has happened the worst case scenario takes place immediately. On other messengers (federated or not) a newly joining member has very limited access to past room metadata. Not so with Matrix, where a joining homeserver get full retroactive access to all the room metadata since the room’s creation. If you can’t see the problem with that, you really need to stop privacy LARPing 🙄

poVoq, 14 hours ago

Well then, your assertion that Matrix gives it freely is false.

My point is that it should never give out that data, or even store it permanently in the first place. This is just a fundamentally bad design from a privacy perspective, and other messengers don’t do that.

This is false, too. Historical event visibility is controlled by a room setting. (And if you don’t trust admins of a sensitive room to configure for privacy, then you’re going to have bigger problems, no matter what platform it’s on.)

This is not false, what you mean only hides it for normal users, but it still ends up in the database of all participating homeservers and all the admins of those have full access to it. I happen to run a Matrix homeserver myself…

poVoq, 3 days ago

Mostly fine, but at this point I would wait for the new Battlemage GPUs that should come out soon.

poVoq, 3 days ago

As much as I think these animals should not be held in captivity, seeing Beluga whales in Valencia years ago left a deep impression on me.

They have a large underwater window where you can try to interact with them if it isn’t too crowded. Maybe I was more impressionable back then, but these animals are incredibly smart, almost an alien experience.

poVoq, 4 days ago

Systemd is very useful for managing (rootless) Podman containers.

poVoq, 5 days ago

You can compile it from source.

poVoq, 6 days ago

Hmm, interesting project from a technical perspective for sure, but I am not exactly sure why anyone would use it for anything other than testing some Linux distribution.

I mean unlike Waydroid, which helps to run “that one Android app” you need on a mobile Linux device, there isn’t really “that one Linux app” you need to run on an Android phone.

poVoq, 6 days ago

Hmm, yes maybe running GNU/Linux on a Lapdock could be an interesting usecase for this. Didn’t think of that, thanks!

poVoq, 6 days ago

Its a slippery slope thing. Sure, technically it doesn’t break e2ee, but it basically forces app developers to integrate a trojan into their app that scans messages before they are encrypted and send. Right now it is “only” for images, but once this is in place and generally accepted, what is stopping lawmakers to extend it to scanning all messages?

poVoq, 7 days ago

Looks like a normal, perfectly good road. Sincerely, a European.

poVoq, 7 days ago

davidrevoy.com/…/xppen-artist-pro-16-gen-2-review…

Edit: ah, I should read the OP 🤦‍♂️

poVoq, 8 days ago

No, he was literally trapped there on a flight stopover trying to get from Hong-kong to Equador without passing airports in countires that would have arrested him. Russia was probably one of the countries he was least interested in staying.

poVoq, 9 days ago

And in addition they run big adverts on caring about privacy, while in reality they do the same shit as all the other tech companies, but just use their monopoly power to push out surveillance advertisement competitors.

poVoq, 9 days ago (edited 8 days ago)

Especially from a privacy record, they actually have a far superior history than essentially every other hardware manufacturer out there.

That’s what their marketing department wants you to believe. But basically all independent investigations into that have concluded that Apple is no better, just that they collect all the data themselves rather than allowing you to have it collected by Facebook etc.

If you look into their privacy policy etc. its very obvious that they exclude all their own surveillance advertisement and privacy invasive stuff from the limits imposed on others. If they truly cared about privacy they would not make these exceptions for themselves.

poVoq, 9 days ago

Apple runs their own advertisement network these days. Its pointless to argue that they sell less data when they themselves still collect all of it for their own advertisement purposes.

poVoq, 8 days ago

For example in a country with actual privacy laws that also get enforced… like most of the EU or several east Asian countries.

poVoq, 9 days ago

Mobian/Droidian is also worth looking into and of course Ubuntu Touch.

This community isn’t about Android ROMs though.

poVoq, 10 days ago

They are in the USA, just not of the specific MAGA lunacy.

poVoq, 10 days ago

That’s an interesting point. Where are you quoting this from?

poVoq, 10 days ago

I’m not sure I like the idea of relays instead of instances.

Relay operators hold almost the same power as AP instance operators, but are much less visible to public scrutiny and accountability for their actions.

poVoq, 10 days ago

No, I am European and I am painfully aware of the right-wing ursupation of the originally anarchist term “libertarian” in the USA.

poVoq, 10 days ago

Yes, but open-specifications doesn’t mean open-hardware.

poVoq, 10 days ago

The point is rather that RISC-V is only open-specifications and most available chip designs are not open-source or only partially so in the open-hardware sense.

No one would claim that the Ethernet specifications are open-hardware, yet you see the same (false) claim for RISC-V all the time.

poVoq, 13 days ago

Excellent! Some good news at least.

poVoq, 14 days ago

You might be interested in: github.com/afwbkbc/glsmac

poVoq, 15 days ago

Groups are not (yet) supported by the proposed interoperability anyways… and don’t hold your breath. It will likely take years for Meta and the EU in courts before they stop with their malicious compliance.

There are working WA bridges for XMPP and Matrix though if you are willing to selfhost.

poVoq, 15 days ago

Both bridges require you to log into WA with the official app once every 4 weeks or so. You can put the app in a seperate profile and completely kill its process during this time or have an old device somewhere in a closet that you power on now and then. This is possible now since WA improved their multi-client support (maybe 1 year ago or so?).

That said, don’t expect anything other than basic text chat to work via these bridges.

poVoq, 15 days ago

Not impossible, but without a camera to scan the QR code it becomes quite annoying.

poVoq, 15 days ago

Mostly voice calls. People get really confused if it looks like you are using WhatsApp but they can’t call you through it.

poVoq, 17 days ago

but long-lived public server support is almost nonexistent these days

Uhm, that is untrue, especially compared to Matrix where multiple public servers recently had to shut down because of excessive server resource use.

But yes, like in any healthy federation it is better to run your own XMPP server.

poVoq, 17 days ago

The “problem” with UT is that normal GNU/Linux apps don’t work on it, or only with significant adaptations. This makes UT not really usable for people that want “real” Linux on their phones. I can understand people being unhappy about that as in the end UT isn’t really that much different from Android, which technically also runs Linux.

poVoq, 17 days ago

No, why? Normal open-source Linux apps can be just compiled for ARM and most larger distros have ARM versions with pre-compiled ARM repositories. Newer Linux apps are also already responsive and usually work reasonably well on smaller screens and touchscreens, although some further improvements in that regard could be made.

poVoq, 30 days ago

Heh, their Discord server name has literally “tankies” in its name. Not that I am surprised…

poVoq, 1 month ago

You need to first investigate what kind of protections your banking app has, as that will be most likely the largest issue with anything non-stock Android.