The Fediverse is not perfect, but it actually blew my mind a bit how much it lowered my blood pressure to not see the constant ragebait, and the calm of not being exposed and monitored at all times. I still have Snapchat just for one person, and WhatsApp which is Meta but still E2EE. Other than that, I’m all in on FOSS privacy approved apps and man does it feel great.
It really goes to show no little of the abuse we suffer is inherently the Internet’s fault. Lemmy feels like the reddit I knew and loved of 15 years ago. Sure there’s some assholes I argue with but that’s the normal amount of shittieness not the turbocorpo abuse
When I first joined Reddit, it was so similar to Lemmy in its principles. Relatively progressive, open source, tons of interesting people having real convos about the nerdiest stuff and talking about the world. It was real, and the fediverse has absolutely nailed recreating that sense of community. What a beautiful safe haven we have
A lot of it is hitting critical mass too. Reddit used to be tech enthusiasts and stem students the same way Fediverse is currently. Now any town idiot yahoo from the sticks will angrily yell at you on Reddit for no reason.
But yeah the algorithm is a lot stronger than it would seem.
Some are trying though. Some one tried to be a smart ass saying that us lemmyngs where cool with piratage when it is for random people but not when it is for facebook so we should be ashamed. He got his ass handed by multiple people. Good time.
Not even an insult was thrown <3 it was civilized, I love you guys.
that reminds me of something … one of the greatest milestones of civilization is said to be canalization, and we are indeed all connected through shitposts :)
I made the switch to Linux and Lemmy right around the same time. Once I was free of it all it was like relaxing a muscle I didn’t know had been tense for decades. Android is next… Just as soon as I figure out jellyfin…
TrueNAS Scale’s Docker implementation is currently really mediocre - it’s implemented as an app store style experience - and deploying/managing containers via the CLI isn’t officially supported although it works fine. They do have a more generic container management implementation in beta at the moment.
Dude, it’s super awesome, but telling you it’s easy could potentially push you away from doing it, plus transparency is always the best policy. Additionally, it’s not that it’s hard, really, it does have a learning curve, and it’s difficulty will mostly be determined by how much you like challenges. The best part is that too many of us have already tried, failed, tried again, and succeeded, so you can always lean on us.
I get you, I wasn’t being sarcastic. Going through something difficult has a way of bringing people together, especially if you still love it after the effort.
Oh no, by no means did I think that, no worries bud. I can tell you that, when I started, about 11 years ago with a Synology NAS, I was scared as hell, but I found it so fascinating that I, a complete ignorant on how technology works at the software level, could suddenly own some of my data. I made so many mistakes, list so much data for not following correct backup streamlines, and pissed off a lot of my friends and family when they had to go through 2 or 3 more clicks when I shared something. And it’s great. Jesus, I’ve deployed Joplin and I mich so many times and in so many mixed of bare-metal and containers that I can’t tell you for sure what I have running right now unless I start digging into each of my ProxMox VMs and LXCs to try and figure out where each thing connects to the other. Evidently, I’ve been keeping proper 3-2-1 backups for the last 7 years, and have broken so much stuff over the years, trying UnRaid, truena, OMV, CasaOS, and a whole lot of stuff more. Dude, in all honesty, just make sure your irreplaceable data is safe preferably offline, and go at it. Break stuff, and then enjoy the satisfaction of finally having it running after 2 or 3 sleepless nights, only to break it again by placing a comma I the wrong place because your brain refuses to keep going 🤣🤣.
It’s fun man, that’s the best part, owning your data and flipping the finger at big tech and givernments is just the added value. That’s my opinion anyway.
Yes. It is hardened a lot though, easily the most secure and private. Ubuntu Touch is maybe more private because Linux but it’s barely functional. iOS in lockdown mode is decent, better than stock Android.
I also just switched to Linux! Well dual booting Windows for now but only for gaming really, and until I figure out if Ardour is good enough for me for music production. But still: Microsoft has nothing except my game saves now, no tax documents or web history, etc.
What distro did you go with?
I’m also looking into making a home server to ditch streaming services and so I dont need 250 GB of music on my. phone. Got to be able to afford the RAM though…
Mint. I’m not a “tech genius” and it was presented as an easy intro to Linux. I feel no need to distro hop, getting by just fine with my little minty penguin thank you very much!
Mint is pretty legit. Their Cinnamon desktop is looking a lot prettier these days too.
I landed on Fedora KDE because I need gaming features like VRR, and still wanted features like Secure Boot & a distro with a lot of users and documentation.
It is actually verified e2ee. However, they do keep a ‘spare key’ for every single user and chat, you know, in case they need to help you, the good guys at Meta.
Also, their e2ee is built on the signal protocol. Now, their server code and client code are not open source, so they could have left all types of doors open for their benefit. Also, the Metadata is not encrypted at all, something they actually brag about for some reason.
And just to be clear, I am a genuine 'everything-meta-hater" (and Google, MicroShit, Crapple, Crapsung, etc.), but spreading misinformation doesn’t help preaching about privacy and security.
That verified if their backups were end to end encrypted though right?
It’s also interesting what was out of scope:
Limitations
The following components were not in scope; NCC Group was therefore unable to evaluate and identify issues with them:
• Third-party and proprietary HSM vendor implementation.
• Backup encryption implementation.
• Side-channels in the access, creation, modification and deletion of backup data on third-party cloud storage.
Dude, you seem to be under the impression that I’m somehow defending meta, and you’re evidently in battle mode. I said my piece, provided the evidence as requested. I guess this is where I drop off of this convoy for ith you, buddy. Make of it what you will. Have a good day.
No, I am not in battle mode. I just read the link and found it interesting and responded with things I saw in it.
What I didn’t do, was realize you sent TWO links, and I failed to read the second one. But believe me I am not trying to argue in any way. I am just responding.
The second link was also just for backups.
Again, I am just saying that they are not able to demonstrate that they are actually implementing this, AND that both of those links are for backups only. Thats all.
And I totally get what you were driving at: it doesn’t matter, they have a “spare key”.
I don’t think it will. It’s just another outside audit (no idea if país by meta or not though). It is E2ee, that’s the bottom line. Now, the implementation is what dictates what that’s worth. It’s no different than client-side scanning or Microsoft co-pilot. What’s the point of having e2ee if someone else can get access either before encryption or by a third party, like meta, having a master key to decrypt anyway?
The first thing was if there was any indo of e2ee being implemented, there’s plenty, even Cloudflare audited them at one point if I recall correctly. But, nobody knows how it’s implemented, except for meta, and that’s where the lack of trust resides, because we all trust meta as far as we can throw our cars.
As far as I’m aware Moxie Marlinspike made the encryption before it was acquired by Facebook. One of the founders of WhatsApp now finances Marlinspike’d Signal messenger.
In theory Meta only sees who you communicate with, but not what you communicate.
(I wouldn’t be surprised if the bastards are trying to undo the encryption if they already haven’t.)
They have had some third party audits. It is not totally convincing to me as being trustworthy, but I see it as more of an acceptable necessary evil. Better than Discord, Snapchat, Facebook Messenger, probably even SMS. My wife’s whole family uses just WhatsApp, and so do some businesses even in her country. Believe me though, anyone I can get on Signal, Matrix, Session, etc, I do.
There have been third party audits, but the conclusions have been that you can’t know if it’s implemented correctly or at all. Nature of closed source. Because you can’t know where the keys are.
I get the doing business in their country. That is so difficult to overcome. I will not do it. Foot down on that one, and it does make it hard. My wife’s family does the same as you mentioned. I just tell them they are literally paying for fascism. They don’t care. Or you can pick from many of the ills of Meta products (energy use, AI, misinformation, or even simply making someone a billionaire by contributing nothing to society).
I’m working on it and avoid it when I can as I mentioned. The only reason I mentioned it is that it’s one of the last vestiges of apps I don’t fully trust. I treat it like SMS or email, I don’t send anything I don’t expect could be audited by the government with the right subpoenas.
But sometimes I’m in a weird position. If I need to order food in my wife’s country, I am not going to be able to contact the restaurant without WhatsApp. Then I, as a white American who doesn’t know them, am going to explain to the delivery guy the reasons why they shouldn’t support American fascism, in their native language that I am not 100% fluent in?
It isn’t American fascism of course. It’s everywhere.
But I get it, I find myself in the same boat traveling and visiting family. It really is pervasive. So in your scenario you can’t just go pick it up yourself?
I know there are other ones though: Everything in some places works like this where they want to do a call back - deliveries, doctors appointments, services. WhatsApp has almost, if not completely, replaced the phone, so even getting a local sim doesnt help.
I simply refuse to play along. I wont do it. Somehow we seem to work it out.
The what’s app is encrypted to get to your phone so transmission is protected, however to view your message it is unencrypted (obvious) and at that stage WhatsApp will parse it for key stuff such as Child Sexual stuff, or other threats they have determined they look for, that then triggers a data send back to the mother ship. The problem with this is if the Government wants to silence a political opponent or journalist they can go to Meta and request a search other than CSAM. So end to end encryption via any META product is a joke
I don’t, I use Signal whenever I can. WhatsApp is for businesses that use it, and the people who refuse to go to Signal, or can’t figure it out. Like my mother in law tried but got confused and so far have been unsuccessful troubleshooting why long distance. But I still need to talk to her.
The Fediverse is not perfect, but it actually blew my mind a bit how much it lowered my blood pressure to not see the constant ragebait, and the calm of not being exposed and monitored at all times. I still have Snapchat just for one person, and WhatsApp which is Meta but still E2EE. Other than that, I’m all in on FOSS privacy approved apps and man does it feel great.
haha, the “lowered my bloodpressure” bit is sooo relatable :)
It really goes to show no little of the abuse we suffer is inherently the Internet’s fault. Lemmy feels like the reddit I knew and loved of 15 years ago. Sure there’s some assholes I argue with but that’s the normal amount of shittieness not the turbocorpo abuse
When I first joined Reddit, it was so similar to Lemmy in its principles. Relatively progressive, open source, tons of interesting people having real convos about the nerdiest stuff and talking about the world. It was real, and the fediverse has absolutely nailed recreating that sense of community. What a beautiful safe haven we have
A lot of it is hitting critical mass too. Reddit used to be tech enthusiasts and stem students the same way Fediverse is currently. Now any town idiot yahoo from the sticks will angrily yell at you on Reddit for no reason.
But yeah the algorithm is a lot stronger than it would seem.
Some are trying though. Some one tried to be a smart ass saying that us lemmyngs where cool with piratage when it is for random people but not when it is for facebook so we should be ashamed. He got his ass handed by multiple people. Good time. Not even an insult was thrown <3 it was civilized, I love you guys.
that reminds me of something … one of the greatest milestones of civilization is said to be canalization, and we are indeed all connected through shitposts :)
Here it’s us, real people rage-baiting you on employer time!
You guys have employers?
Shitposting from under the bridge in the Canadian winter sucks so wage labour it is.
Ah yes, organic rage bait instead of Ai swirls fancy wine
I made the switch to Linux and Lemmy right around the same time. Once I was free of it all it was like relaxing a muscle I didn’t know had been tense for decades. Android is next… Just as soon as I figure out jellyfin…
checkout Gelato for jellyfin if you are low on disk space
Jellyfin is the shit. Lemme know if you have questions.
No questions in particular as of yet. Still assembling hardware. I’m going for a server built on a NAS
I strongly recommend TrueNAS Scale. It’s built on Debian, and has full docker implementation.
sadly it was announced that TrueNAS is becoming closed source Closed Source TrueNAS
TrueNAS Scale’s Docker implementation is currently really mediocre - it’s implemented as an app store style experience - and deploying/managing containers via the CLI isn’t officially supported although it works fine. They do have a more generic container management implementation in beta at the moment.
This will be the hardest thing you will do in your life that you will never regret.
I love how encouraging the self hosted community is.
Dude, it’s super awesome, but telling you it’s easy could potentially push you away from doing it, plus transparency is always the best policy. Additionally, it’s not that it’s hard, really, it does have a learning curve, and it’s difficulty will mostly be determined by how much you like challenges. The best part is that too many of us have already tried, failed, tried again, and succeeded, so you can always lean on us.
I get you, I wasn’t being sarcastic. Going through something difficult has a way of bringing people together, especially if you still love it after the effort.
Oh no, by no means did I think that, no worries bud. I can tell you that, when I started, about 11 years ago with a Synology NAS, I was scared as hell, but I found it so fascinating that I, a complete ignorant on how technology works at the software level, could suddenly own some of my data. I made so many mistakes, list so much data for not following correct backup streamlines, and pissed off a lot of my friends and family when they had to go through 2 or 3 more clicks when I shared something. And it’s great. Jesus, I’ve deployed Joplin and I mich so many times and in so many mixed of bare-metal and containers that I can’t tell you for sure what I have running right now unless I start digging into each of my ProxMox VMs and LXCs to try and figure out where each thing connects to the other. Evidently, I’ve been keeping proper 3-2-1 backups for the last 7 years, and have broken so much stuff over the years, trying UnRaid, truena, OMV, CasaOS, and a whole lot of stuff more. Dude, in all honesty, just make sure your irreplaceable data is safe preferably offline, and go at it. Break stuff, and then enjoy the satisfaction of finally having it running after 2 or 3 sleepless nights, only to break it again by placing a comma I the wrong place because your brain refuses to keep going 🤣🤣.
It’s fun man, that’s the best part, owning your data and flipping the finger at big tech and givernments is just the added value. That’s my opinion anyway.
Jellyfin truly is the shit. Now if only I could somehow hook it into authentik and traefik for sso without pulling all my hair out… 🤪
I got a cloudflare tunnel going. Easy peasy.
do you know what to replace android with?
GrapheneOS :)
isnt that still android
Yes. It is hardened a lot though, easily the most secure and private. Ubuntu Touch is maybe more private because Linux but it’s barely functional. iOS in lockdown mode is decent, better than stock Android.
I also just switched to Linux! Well dual booting Windows for now but only for gaming really, and until I figure out if Ardour is good enough for me for music production. But still: Microsoft has nothing except my game saves now, no tax documents or web history, etc.
What distro did you go with?
I’m also looking into making a home server to ditch streaming services and so I dont need 250 GB of music on my. phone. Got to be able to afford the RAM though…
Mint. I’m not a “tech genius” and it was presented as an easy intro to Linux. I feel no need to distro hop, getting by just fine with my little minty penguin thank you very much!
Mint is pretty legit. Their Cinnamon desktop is looking a lot prettier these days too.
I landed on Fedora KDE because I need gaming features like VRR, and still wanted features like Secure Boot & a distro with a lot of users and documentation.
As far as you are told. There is no verification that is true.
But there is a nearly continuous stream of occurrences where Meta is caught lying.
It is actually verified e2ee. However, they do keep a ‘spare key’ for every single user and chat, you know, in case they need to help you, the good guys at Meta.
Can you show me where it’s verified? Did someone get to see the code?
https://www.nccgroup.com/media/fzwdxklh/_ncc_group_whatsapp_e001000m_report_2021-10-27_v12.pdf
https://eprint.iacr.org/2023/843.pdf
Also, their e2ee is built on the signal protocol. Now, their server code and client code are not open source, so they could have left all types of doors open for their benefit. Also, the Metadata is not encrypted at all, something they actually brag about for some reason.
And just to be clear, I am a genuine 'everything-meta-hater" (and Google, MicroShit, Crapple, Crapsung, etc.), but spreading misinformation doesn’t help preaching about privacy and security.
That verified if their backups were end to end encrypted though right?
It’s also interesting what was out of scope:
Dude, you seem to be under the impression that I’m somehow defending meta, and you’re evidently in battle mode. I said my piece, provided the evidence as requested. I guess this is where I drop off of this convoy for ith you, buddy. Make of it what you will. Have a good day.
No, I am not in battle mode. I just read the link and found it interesting and responded with things I saw in it.
What I didn’t do, was realize you sent TWO links, and I failed to read the second one. But believe me I am not trying to argue in any way. I am just responding.
The second link was also just for backups.
Again, I am just saying that they are not able to demonstrate that they are actually implementing this, AND that both of those links are for backups only. Thats all.
And I totally get what you were driving at: it doesn’t matter, they have a “spare key”.
I don’t think it will. It’s just another outside audit (no idea if país by meta or not though). It is E2ee, that’s the bottom line. Now, the implementation is what dictates what that’s worth. It’s no different than client-side scanning or Microsoft co-pilot. What’s the point of having e2ee if someone else can get access either before encryption or by a third party, like meta, having a master key to decrypt anyway?
The first thing was if there was any indo of e2ee being implemented, there’s plenty, even Cloudflare audited them at one point if I recall correctly. But, nobody knows how it’s implemented, except for meta, and that’s where the lack of trust resides, because we all trust meta as far as we can throw our cars.
As far as I’m aware Moxie Marlinspike made the encryption before it was acquired by Facebook. One of the founders of WhatsApp now finances Marlinspike’d Signal messenger.
In theory Meta only sees who you communicate with, but not what you communicate.
(I wouldn’t be surprised if the bastards are trying to undo the encryption if they already haven’t.)
not that it really matters, but it was a few years after the acquisition.
They have had some third party audits. It is not totally convincing to me as being trustworthy, but I see it as more of an acceptable necessary evil. Better than Discord, Snapchat, Facebook Messenger, probably even SMS. My wife’s whole family uses just WhatsApp, and so do some businesses even in her country. Believe me though, anyone I can get on Signal, Matrix, Session, etc, I do.
There have been third party audits, but the conclusions have been that you can’t know if it’s implemented correctly or at all. Nature of closed source. Because you can’t know where the keys are.
I get the doing business in their country. That is so difficult to overcome. I will not do it. Foot down on that one, and it does make it hard. My wife’s family does the same as you mentioned. I just tell them they are literally paying for fascism. They don’t care. Or you can pick from many of the ills of Meta products (energy use, AI, misinformation, or even simply making someone a billionaire by contributing nothing to society).
Makes it hard.
I’m working on it and avoid it when I can as I mentioned. The only reason I mentioned it is that it’s one of the last vestiges of apps I don’t fully trust. I treat it like SMS or email, I don’t send anything I don’t expect could be audited by the government with the right subpoenas.
But sometimes I’m in a weird position. If I need to order food in my wife’s country, I am not going to be able to contact the restaurant without WhatsApp. Then I, as a white American who doesn’t know them, am going to explain to the delivery guy the reasons why they shouldn’t support American fascism, in their native language that I am not 100% fluent in?
It isn’t American fascism of course. It’s everywhere.
But I get it, I find myself in the same boat traveling and visiting family. It really is pervasive. So in your scenario you can’t just go pick it up yourself?
I know there are other ones though: Everything in some places works like this where they want to do a call back - deliveries, doctors appointments, services. WhatsApp has almost, if not completely, replaced the phone, so even getting a local sim doesnt help.
I simply refuse to play along. I wont do it. Somehow we seem to work it out.
Lol, story of my life. But the best part is looking at people’s faces when you say ‘I don’t have whatsapp’ 🤣
deleted by creator
E2EE but with a caveat that they can do on device detection of unencrypted messages and flag content back to mothership
What messages would be unencrypted in this scenario if it is E2EE? I’m not sure what you’re trying to say.
The what’s app is encrypted to get to your phone so transmission is protected, however to view your message it is unencrypted (obvious) and at that stage WhatsApp will parse it for key stuff such as Child Sexual stuff, or other threats they have determined they look for, that then triggers a data send back to the mother ship. The problem with this is if the Government wants to silence a political opponent or journalist they can go to Meta and request a search other than CSAM. So end to end encryption via any META product is a joke
Hm yeah that blows.
Why use WhatsApp instead of Signal? I don’t go near WhatsApp because of Meta, so I genuinely know very little about it.
because in some countries it’s been the default means of communication for over a decade, which means a network effect.
I don’t, I use Signal whenever I can. WhatsApp is for businesses that use it, and the people who refuse to go to Signal, or can’t figure it out. Like my mother in law tried but got confused and so far have been unsuccessful troubleshooting why long distance. But I still need to talk to her.