• 8 Posts
  • 31 Comments
Joined 15 days ago
cake
Cake day: June 23rd, 2025

help-circle
  • I’m surprised this article doesn’t mention privacytests.org by name, but it reaches a conclusion that may as well:

    If you see a dumb checklist trying to convince you to use a specific app or product, assume some marketing asshole is trying to manipulate you. Don’t trust it.

    Thankfully there’s a good recommendation in the very next paragraph for all things (messaging apps, browsers, etc):

    If you’re confronted with a checklist in the wild and want an alternative to share instead, Privacy Guides doesn’t attempt to create comparison tables for all of their recommendations within a given category of tool.

    Also: shots fired at XMPP throughout, as the poor protocol limps along trying desperately to catch up to the encryption baseline that was set over a decade ago by the first versions of Signal.

    Ultimately, both protocols are good. They’re certainly way better choices than OpenPGP, OMEMO, Olm, MTProto, etc.

    Why OMEMO is “bad” is indirectly answered earlier:

    The most important questions that actually matter to security:

    • Is end-to-end encryption turned on by default?
    • Can you (accidentally, maliciously) turn it off?

    If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

    Similar discussions have skewered the federated Delta Chat for having an even worse version of this issue.





  • This narrows the possibilities down to three four interesting options.

    1. Mozilla did this, and you’re the first person to talk about it online
    2. Your OS did this, and you’re the first person to talk about it online
    3. A protected browser page got hijacked by malware on Linux
    4. You did this and forgot, somehow

    Some other comments have been annoyingly dismissive, but I hope you push onward to figure out what the hell this is. Because if it’s one of the first two, it’s a big deal.









  • There seems to be something a little… off here. VP looks like it’s a tech demo for a patent held by another company.

    The new VPN service is operated by the American company VP.NET LLC, which in turn is owned by TCP IP Inc

    And TCP IP (a terrible name for people who want to look it up) is exclusively proud of owning a patent it thinks is worth a lot of money. From its site:

    We own the intellectual property that enables hardware-guaranteed network privacy—addressing a critical market gap worth $562 billion by 2032.

    To me, it sounds like the CEO is trying to sell the company itself as a product to a larger investor. And that other privacy considerations, like jurisdiction, never factored into this.

    Then I got to this part of the article, which seems to confirm those suspicions.

    The idea to use SGX as a privacy shield comes from Andrew Lee, the chief privacy architect at VP.net. As the founder of Private Internet Access, which he sold to Kape a few years ago, Lee has a long history in the VPN space. However, he believes this new concept is a breakthrough.

    So this company is run by somebody who sold out before.