deadcade
@deadcade@lemmy.deadca.de
- Comment on Apple Confirms Governments Using Push Notifications to Surveil Users 6 months ago:
Most “standard” messaging apps (that includes signal, telegram) use the “OS provided” push service. On Android, they use firebase cloud messaging, a component of google play services.
Degoogled Android means not having any notifications, unless the app supports UnifiedPush, runs in the background 24/7 (which drains battery), or runs in the background occasionally (which delays notifications).
If the app runs in the background occasionaly, you can “burden” the people on the other side by being slow to respond.
- Comment on Microsoft is finally making custom chips — and they’re all about AI 7 months ago:
Idk man I don’t see Apple going all in on AI like Microsoft right now. You should give them at least a little credit for their own terrible ideas.
- Comment on 'Signal tests usernames to avoid using phone numbers.' Great move? 7 months ago:
WireMin is a massive scam, please don’t use it. It’s been advertised on several Lemmy communities with unsolicited posts and comments, and it promises things it can’t do, like offer any type of privacy.
- Comment on [deleted] 7 months ago:
WireMin markets itself as a decentralized service. The question was “why use this”, so I mentioned the pros of using decentralized services. I did not ignore the question. WireMin should not be used. Other (truly) decentralized protocols like Matrix, XMPP, or anything running on ActivityPub have benefits over services owned by companies like Signal or Telegram.
However, most people are locked into a platform by their contacts, and their contacts choice of chat application. If most (or all) of your contacts are already on Signal, there’s no good reason to use anything else.
- Comment on [deleted] 7 months ago:
Ah look at what we have here, reposting memes on the twitter account. You are the developer of WireMin, this is a blatant advertisement disguised as a review.
Oct 27, 2023 at 3:51 AM UTC: lemmy.deadca.de/post/94628 | lemmy.world/post/7388906 | archive.ph/f8fY5
Oct 29, 2023 at 4:04 AM UTC: nitter.net/WireMin/status/1718478766547324992 | twitter.com/WireMin/status/1718478766547324992 | archive.ph/u8XxG
- Comment on [deleted] 7 months ago:
As a 3-month user of WireMin, I am quite familiar with the ‘Spaces’ feature; it is definitely their standout feature. Here are a couple of things you can do in the WireMin Space: *proceeds to list off features*
This is not a review of WireMin, this is blatant advertising. Advertising of a service that is a scam.
- Comment on [deleted] 7 months ago:
There is a great benefit to using decentralized services. They cannot be taken down by any entity, and control over data is in the hands of server hosts, rather than one company. Once running and popular enough, a decentralized service will continue to exist. With so much infrastructure owned by so many different people, no single person can “decide” to take it down.
That said, WireMin is still a scam, please read my other comment for more info. Use whichever chat application works best for you.
- Comment on [deleted] 7 months ago:
(I can’t believe I’m replying to a spam account) In case you can’t read my linked comment:
It’s not open source. There’s no way to actually verify any of their claims.
As others pointed out: “Contact Us” with gmail, facebook, twitter, or instagram. Any company (or individual) remotely advocating for privacy would be using (semi-)private services, even when advertising their own alternative.
The terms of service / privacy policy includes:
WireMin establishes a self-organizing network only by a number of active instances of WireMin apps. WireMin, as a protocol, utilizes advanced security and time-tested cryptography to provide a private messaging tool and social network. All of those are achieved in a democratized network without relying on a cloud service or back-end server.
No single bit of user data will be collected. WireMin is not even capable of doing that.
No user information will be provided to us, not a single bit.
however, it also contains
WireMin collects minimum device information
and
Occasionally for WireMin App on mobile devices, an additional device notification token (e.g. iOS devices) may be collected, to enable push notifications. Again, that information is collected without exposing user identity or the device’s IP which eliminates the possibility of user tracking.
It is impossible to not receive user information, and impossible to receive such notification token without knowing the device IP. User/device info gets provided to the app developers when someone downloads their app from the app store or play store. To actually use the push notification token, it requires server infrastructure. A push notification token is useless without having a centralized server to use it. Not having any servers means you can’t use the token, and having the token spread across different servers to remain decentralized would be dangerous, as the token could be used to fake notifications from the app.
Added to that, the blatant spam and advertising that’s happening in posts like these or comments under other posts related to chat applications. Your post is part quoted “update log” and part advertisement written as if it’s a review.
- Comment on [deleted] 7 months ago:
WireMin is a scam, unable to deliver on their promises. I already explained this on one of the previous ads that was posted: lemmy.deadca.de/comment/599111
Please use FOSS decentralized software, such as Matrix.
- Comment on Discord file links will expire after a day to fight malware 7 months ago:
Depends on how it’s implemented. Anyone using a “media proxy” will see their discord bridged media probably fail to load (outside of possible caches) after a day. Anyone who has their bridge configured to reupload discord media to their homeserver should see no change.
- Comment on Linux vs Windows tested in 10 games - Linux 17% faster on Average 8 months ago:
(Not so) fun fact, a lot of Windows viruses work under Wine on Linux. If you have ransomware bundled with your pirated media, it will likely also encrypt your Linux files.
Use Bottles as a Flatpak, isolate all your applications from each other and from your host system.
- Comment on Steam News - Introducing SteamVR 2.0 8 months ago:
I did buy an index and I wouldn’t be able to go back to full “inside-out” camera tracking. Just doesn’t work for some games.
- Comment on Steam News - Introducing SteamVR 2.0 8 months ago:
This is a very rushed update. SteamVR on Windows will be lacking some features a lot of people got used to, but it runs. (Main one I ran into so far is screenshot management, but a lot of the big picture mode UI is not accessible due to a controller being required to push buttons)
SteamVR on Linux however, is a complete mess. It was also a mess on SteamVR 1.x, but 2.0 broke so many things. Launching any of the included apps such as room setup, changing settings, taking screenshots. I really hope they add the last 1.x version as an update branch for compatibility reasons, 2.0 is simply not ready on Linux.
Also, good luck everyone on the keyboard. It’s supposed to have support for using multiple controllers, but it has been dropping and duplicating keypresses for me.
- Comment on Using Facebook/Meta Messenger on Android 8 months ago:
Short answer: you don’t. It’s either privacy or a facebook app, not both.
Longer answer: Don’t use the facebook app github.com/mautrix/facebook (requires your own Matrix homeserver)
It is much more complicated to host a Matrix homeserver and Facebook Messenger bridge, however, it allows you to use a FOSS chat app on your Android phone. With notifications and if needed, fully outside google infrastructure, or even fully selfhosted, with ntfy.sh for example. Without running any proprietary Facebook code, and without directly connecting to Facebook servers on your Android device.
It is of course unavoidable to have complete privacy, as your messages will still be sent to Facebook, but you avoid almost all telemetry (and all on-device telemetry) by using a Matrix bridge rather than the official website/app.
Another option is Beeper, although privacy with them is questionable, since you’re fully trusting them with your account, and any incoming/outgoing messages. It does avoid Facebook telemetry on device, and is much easier than hosting a Matrix homeserver.
- Comment on Fighting pedophilia at the expense of our privacy: The EU rule that could break the internet 8 months ago:
Please use up to date sources. (Disclaimer: Apple has continued and cancelled this “feature” enough times I’m not 100% sure if it’s currently in iOS, but I’m certain enough to not trust any Apple devices with any photos.)
The hashing algorithm they used had manually craftable hash collisions. Apple did state they would be using a different hashing algorithm, but it likely contains similar flaws. This would allow anyone to get your iPhone at least partially flagged, and have your photos sent to Apple for “human verification”. Knowing how this algorithm works also allows people to circumvent any detection methods Apple uses.
Not every iPhone is going to include a list of hashes of all illegal material, which means the hash of every image you view is sent to Apple. Even if you trust them to not run any other tracking/telemetry on your iPhone, this alone gives them the ability to track who viewed any image, by only having a copy of the image themselves. This is a very powerful surveillance tool, and can be used for censorship of nearly anything.
- Comment on VR still makes 40-70% of players want to throw up, and that's a huge problem for the companies behind it 9 months ago:
Although with most games, the accessibility options need to be there (even when they sometimes aren’t), some games incorporate their movement mechanics into gameplay heavily. Take BONELAB for example. Great game, but simply impossible to play for some people due to the movement. Adding teleporting (or really any accessibility movement option) would simply ruin it though, as the entire game is based around physics based interactions, walking, running, jumping, climbing, etc.
- Comment on As Smartphone Industry Sputters, the iPhone Expands Its Dominance 9 months ago:
As if iMessage, the platform that requires hardware from a specific company, is much better.
- Comment on Unity adding a fee for devs for each time a game is installed, after certain thresholds 9 months ago:
Crackers often only patch out the DRM to redistribute a pirated copy of a game. If it is a game from a small studio, something like Goldberg is enough to “crack” the game, and it wouldn’t remove any of the Unity telemetry.
- Comment on Unity adding a fee for devs for each time a game is installed, after certain thresholds 9 months ago:
Ah yes, because it’s that difficult to spoof a new PC. You can run a tool similar to a kernel level anti cheat “ban bypass”, run the game, and cost the developer up to 20 cents. With a relatively simple script, this can be done many times per hour on a single PC, easily racking up cost for the developers.
This is a bad idea, no matter how you implement it. If it goes through, it will be abused.
- Comment on Whatsapp has begun working on support for third party chats (Telegram/Signal) 9 months ago:
WireMin, as far as I can tell, is not open source. There’s no way to prove that any of their claims are actually true. Plenty of messaging apps have claimed to be “decentralized” and “end to end encrypted”, but those have been false claims a lot of the time.
I would suggest you look into Matrix and XMPP, which are actually decentralized protocols rather than a single closed source app. Since they’re open protocols, there’s actual proof of them being decentralized and end-to-end-encrypted.
Reading through the WireMin privacy policy and ToS, they are making several impossible claims, such as:
“No user information will be provided to us, not a single bit.”
As a somewhat tech-savy Matrix user, I can already tell you there’s literally no way for them to not receive user information, simply by having an app on the app or play store, user information gets sent to them for each download. Many functions in the app also cannot work without a publicly accessible server. Things like notifications, or even receiving any messages at all while the client device is behind NAT.
They even back down on their own statements in that same privacy policy:
“WireMin collects minimum device information, such as version number, platform, etc.”
And they clearly say a push notification token is obtained, which requires server infrastructure to use:
“Occasionally for WireMin App on mobile devices, an additional device notification token (e.g. iOS devices) may be collected, to enable push notifications. Again, that information is collected without exposing user identity or the device’s IP which eliminates the possibility of user tracking.”
While also claiming it is collected “without exposing user identity or the device’s IP”, which is impossible to do. (iirc) The IP protocol requires source and destination IP addresses to be known on both sides (even if I’m misremembering and it’s not the IP protocol, TCP still does).
Although I have not dug through the app, to figure out how it works internally, I can assure you it is not “decentralized”, and will go down or at the very least lack basic features as soon as their servers are shut off. Them lying about such a “large” aspect of their platform also makes me heavily question the “E2EE” claim.
Platforms such as Matrix or XMPP solve most of the issues I noted here by having decentralized servers, but ““centralized”” clients (clients only connect to one server). If any one server goes down, the clients under that server are affected, but the rest of the servers (and thus the rest of the network) is not affected.