KLISHDFSDF

a lot of things it does feel iffy and don’t make me trust it.

Like what? It's open source and has many cryptographer's eyes on it as it's the "golden standard" of encrypted messaging apps.

But's not just a messaging app. Telegram is a public forum (non-private and unencrypted btw) where they know crimes are being committed and are taking no action to mitigate them.

If you let people commit crimes in your house you are a criminal. If you own a mall and let people commit crimes in it, you are a criminal. If you own a boat and let people commit crimes in it you are a criminal. Same concept here. Pavel Durov created a public forum and not only allows crime to happen, but lies to people telling them its secure and private.

If I were a tinfoil wearing kind of person, I'd think Pavel was in on the whole thing and helping some 3-letter agency because Telegram has been a "privacy" scam from the beginning and it seems criminals are too dumb to realize they fell for playbook similar to Anom, just on a bigger scale.

This is a actually pretty worrying

Why?

Telegram is not an encrypted platform, so they're not going after him for providing end-to-end encrypted services. They're going after him because they have full insight into what's going on in their platform and not taking appropriate action and in some cases completely ignoring it. It's pretty common that if you're providing a public platform that you comply with authorities. Signal doesn't have this problem, they have no insight into anything their user base is doing; you can't be asked to enforce things you can't see.

that's really good to know! thanks

I also tried logseq and couldn't really stick with it. Tried a few others like obsidian, joplin, Zettlr, Simplenote, even just vim and vscode with various plugins, but they all had their own drawbacks I couldn't get over, like a lack of built-in cross-platform support, syncing, encryption, not being open source, etc.

I eventually found Notesnook which strikes a good balance for my needs: open source, end-to-end encrypted, easy to use, decent UI, doesn't mangle code/formatting when copy/pasting, feature parity across platforms; I use MacOS, Windows, Linux and Android and they all have clients that have feature parity - even the web client is really good!

The only thing I would say it's currently missing is to release the source code for the server, but that's on their roadmap and actively worked on. It was this commitment to openness that lead me to try it and after some brief time start paying for it.

Mullvad browser is based off the Tor browser, which is based off of Firefox. It's basically a secure/hardened Tor browser minus Tor, which makes it slightly more usable for private.

Source: https://mullvad.net/en/blog/mullvad-vpn-and-the-tor-project-team-up-to-release-the-mullvad-browser

agree with your general sentiment. I've actually been using it and its very rough around the edges, in addition to being "slow" feeling overall, and I'm just testing it out between one other person and myself on other devices. it's not something I can recommend to anyone yet, but definitely keeping my eye on it.

greed incentivizing unethical contraptions.

Crypto is a tool, just like anything else. Is the internet a greed incentivizing unethical contraption? Because the internet spawned Google, Instagram, Facebook, 4Chan, and various other shady and illicit sites and services. Should we hate the internet because of this?

Crypto isn't inherently bad. It's the people trying to take advantage and duplicate the "success" of Bitcoin that make crypto bad. I'm telling you this as a person who used to believe in "crypto" and was an early adopter.

You may be deleting your comments in the hopes that it will pull some value away from Reddit. That’s not true, in fact, the opposite is more likely.

I would disagree.

If reddit was only about linking websites you would be correct, but that's not where all the value comes from. Some of the value comes from the comments. Comments provide insights, provide celebrity interaction (snoop, arnold, bill gates, etc), a sense of community, technical knowledge, stories, warnings, context as well as many other things that end-users find valuable.

Remove the comments, ipso facto, you remove value.

I would trust GrapheneOS, but understand that everyone has their own tolerances for security and the Graphene project is probably at the highest levels.

The GrapheneOS devs were right about F-Droid being less secure when they would sign other dev's apps. This meant that if anyone were to hack F-Droid, they would get full access to every device using an app installed by them. This issue was fixed just last September.

Now that F-Droid fixed this issue, the responsibility falls on each individual developer to secure their signing keys. Should an app's signing key be compromised, it would now only impact users with that app installed. Security is about layers, not 100% foolproof solutions.

That's old info. Apps are now signed by the developers on F-Droid since about a year ago:

but now with reproducible builds F-Droid ships APKs that are signed by the upstream developer(s).

Source: https://f-droid.org/2023/09/03/reproducible-builds-signing-keys-and-binary-repos.html

EDIT: I should note this doesn't address the other issues in your second link (I have twitter blocked, can't see that link) but it does fix the primary issue of the apps originally not being signed by the developer.

There's the Aurora Store on F-Droid that lets you install apps from Google's store without giving any data/account info to Google. Works pretty well!