Skip Navigation
Nostr continues to raise the bar on private, uncensorable online discourse
  • Anyone following anyone interesting on Nostr? Tried it for a while and while the tech is cool I felt it was missing a good collection of people. All I ever saw was crypto scams and self referential memes/discussions about how cool Nostr is - which I agree - but that's not what I'm interested in.

  • Apple is bringing RCS to the iPhone in iOS 18 | The new standard will replace SMS as the default communication protocol between Android and iOS devices
  • Image for the lazy (and yes, of course, Apple's breaking their own accessibility guideline of having text at least 3:1 contrast ratio for text to be readable and instead making it 2:1 by picking the lightest shade of green possible).

  • Apple is bringing RCS to the iPhone in iOS 18 | The new standard will replace SMS as the default communication protocol between Android and iOS devices
  • It’s a terrible move, especially to make it default.

    Subjective, but lets see what you bring to the table.

    It’s just as bad a protocol as SMS in its own way: It’s still tied to a phone number/sim, so you can’t just login to the service via a browser or an app.

    That's how text (SMS/RCS) messaging works. Did you expect something different? Did you expect the SMS replacement to not require a phone number?

    It has lots of failures, worst of all, SILENT FAILURES, where you don’t even know your messages aren’t being sent - just look at the communities around here discussing it.

    I've been using it without issue for quite a while now, but that's just one data point. If you have stats to back up your claim, I would love to see that.

    There’s no common protocol here really, ...

    "The GSMA’s Universal Profile is a single, industry-agreed set of features and technical enablers developed to simplify the product development and global operator deployment of RCS" Source: https://www.gsma.com/solutions-and-impact/technologies/networks/rcs/universal-profile/

    lots of parts work only by decree of each host (e.g. iOS won’t have E2EE with anyone not on iOS, because that requires every cell provider to agree to the config they’re going to use.

    This is how distributed/federated systems work and this is one of their cons. They won't always be 100% compatible as each component is independent but the goal is to eventually reach feature parity. See Matrix chat clients that didn't all have encryption (or other features) on day 1 or XMPP which has lots of clients, none of which support all features.

    This is the 21st century, and this is the best they can do - a protocol that fails with no notice? Without standardized encryption? That’s tied to hardware?

    Please post evidence of this. Again, I've had zero issues and every Android user is using RCS by default now - have heard zero complaints.

    I had a better experience in 2009 running Pidgin on my phone and my laptop using XMPP. That didn’t require a phone number - I could login and see my messages in both places simultaneously… 15 years ago.

    Correct! XMPP is not an SMS replacement and thus it doesn't need a phone number. In fact, you can't "text" an XMPP user, so I'm not sure what you're complaining about here?

    No, RCS is a way to make the plebes think they’ve got a new and better system while still delivering garbage.

    RCS vastly improves over SMS with the following features:

    • High Quality Multimedia Messaging: Unlike SMS/MMS, which is limited to text and potato sized image/videos, RCS allows sending and receiving photos, videos, and other files at significantly higher quality.
    • Rich Content Sharing: RCS supports sharing richer content formats like GIFs, location sharing, and contact cards.
    • Improved Group Chatting: RCS provides a more feature-rich group chat experience with features like group chat names, adding/removing participants, and seeing who has read messages (with read receipts).
    • Typing Indicators: Similar to many messaging apps, RCS lets you see when someone is typing a message.
    • Improved Message Reliability: RCS messages are sent over data networks, so unlike SMS, they shouldn't get lost due to network congestion.
    • End-to-End Encryption: RCS can offer end-to-end encryption for chats, providing an extra layer of security for your messages (availability varies by carrier).

    But keep spreading FUD and hating on something that actually moves the needle forward.

    Love you downvoters that don’t know enough to argue, just drive by and downvote.

    I think they're downvoting you because you're wrong - plainly wrong - and in this day and age its much easier to bury (downvote) blatantly wrong information than to reply to it. So I'm replying for everyone else but I will not be downvoting you. FUD should be fought back with evidence, but MAAN is it tiring.

    ONE person had the guts to say why he disagreed with me.

    It's not about guts, its about wasting time, effort, not giving a shit. I slightly give a shit and want people who are less educated on the subject to see the other side of it.

    Nevermind that BorgDrone explained what’s wrong with RCS better than I care to. You drive-by downvoters can’t even be bothered to learn about RCS.

    Nothing to comment on here.

    RCS is garbage. Plain and simple. I will never allow it on my devices, ...

    At the end of the day RCS is objectively better than what exists today in the world of carrier messenger services (SMS/MMS). Is it better than iMessage? I don't think anyone would agree, especially not if you only message other iPhone users. Is it a better out-of-the-box experience for interoperability? Absolutely! And you're being disingenuous if you disagree, but I'm happy to hear you out.

    just like with Whatsapp, Facecrap, Twitter, Instagram, etc.

    We can agree to these being garbage ✊

    All that said, am I actively going to ask people to use RCS? Never! The same way I wouldn't ask someone to use iMessage if I had an iPhone. They're both products developed ultimately to push users into their respective ecosystem to the benefit of Google/Apple/Carriers.

    I'll stick to Signal and Matrix until something better comes along.

  • Removed
    Google Pay is officially dead in the US. Just got the email.
  • As well as losing the ability to send money from person to person. People will have to find another solution for that - Zelle, PayPal, Cashapp, etc.

  • Google Chrome’s plan to limit ad blocking extensions kicks off next week
    1. Firefox doesn't "collect absolutely everything".
    2. DO donate to Mozilla as without them the Firefox, Tor, Mullvad, Floorp, Mull, Waterfox AND Librewolf browsers wouldn't exist.
    3. Librewolf disables SafeBrowsing, which is a security must-have for anyone installing a browser for friends/family - and in many cases even for yourself.
    4. Even the Librewolf developers say "Safe Browsing is still a good security tool and Mozilla's implementation is privacy respecting."
    5. Yes, if you know what you're doing use Librewolf. For everyone else, Firefox is a great move.
  • Volume is too low in calls
  • That's the one. How'd you find it? I always struggle. Is it linked anywhere on their official site?

  • Artificial Refugium rule
  • Looks like at least one type can take flight from the ground, although with some difficulty: https://www.youtube.com/watch?v=kIl_bYFMr8o

  • Toxic Gaslighting: How 3M Executives Convinced a Scientist the Forever Chemicals She Found in Human Blood Were Safe
  • Thank you. not all *@lemmy.ml users are ignorant science deniers.

  • 10 updates coming to the Android ecosystem
  • Fair, that's an actual useful feature that will benefit many.

  • GSMArena | Sony Xperia 10 VI review
  • that's fair, I can see how some wouldn't value 90Hz.

  • GSMArena | Sony Xperia 10 VI review
  • 60Hz refresh rate in 2024? This might be a phone you buy for your parents but with other options available out there, it's going to come down to whatever specific niche this phone fills and whether that's enough compared to the competition.

  • TIL Tony Hawk’s son is married to Kurt Cobain’s daughter
  • Serious question, because I get a similar "TIL" on my mastodon thread and saw this and had a similar thought - would you prefer to see no "TIL" content posted by bots? I don't have any stake, but they do provide 3 benefits that I personally enjoy, as much as I'd prefer it was "organically" generated content:

    1. Some posts are insightful, others I can just ignore/move on.
    2. It provides a way to interact with the broader "fediverse" community about certain topics.
    3. Helps avoid visiting sites like Reddit by virtue of having less content here and looking elsewhere.

    More on topic - here's a pic of the couple, for anyone interested:

  • 10 updates coming to the Android ecosystem
  • I thought you were kidding 🤷

  • Proton Mail Discloses User Data Leading to Arrest in Spain
  • I'm gonna need some evidence before I believe Google isn't analyzing all the data that passes through it unencrypted.

  • Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.
  • Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones.

    A few things to keep in mind:

    1. Apple's build process makes reproducible builds near-impossible.
      • All the effort Telegram went through and it doesn't completely validate the entire build - there are components that are not fully reproducible [0] and as we saw with the recent XZ backdoor, these could potentially be leveraged to hide a backdoor while claiming to be secure - so was anything gained other than "these things are validated but this black box, which could contain malware, was not validated because we can't check them"?
    2. Developing Signal is difficult.
      • Signal is developed by a small team and has to prioritize and coordinate efforts to deliver results - look at how long usernames took or even private contact discovery [1] - nearly 3 years (as a preview) after Signal was created.
      • Signal has no built-in telemetry, any issues are not automatically logged and reported. The end user has to manually submit debug logs and provide an adequate description of the issue for the devs to even attempt to understand what the issue is and how to fix it. Telegram may also have this issue in their very limited private chats, but as most chats aren't E2EE, they can already see all your traffic anyways, making things significantly easier in terms of development speed.

    Considering the two points above, it's not irrational to come to state the following:

    1. Signal has been prioritizing a fully end-to-end encrypted (E2EE) platform that shares zero data with anyone but the intended recipient and this decision has slowed down their development speed. Non-E2EE chat solutions have existed for decades and can iterate and progress significantly faster as they don't have to work on difficult privacy/security/encryption related issues.
    2. Telegram has not been prioritizing a fully E2EE platform and by default do collect most of their user's data. This makes it much easier to develop Telegram and is why E2EE group messages don't even exist on the platform - the Telegram devs have spent more time talking about privacy and security than actually implementing it

    Given the two statements above, assuming both projects need to balance resource constraints, it's safe to conclude, :

    • Signal has spent zero effort working on reproducible builds on iOS because its impossible to completely reproduce a build and would take development resources working on enhancing the platform for minimal gains, as Telegram has proven [0]. Signal has instead placed their efforts on reproducible builds on a platform where it is possible [2].
    • Telegram, instead of working towards implementing security and privacy by default, have decided to work on security theater by working on reproducible builds for iOS that are not even completely reproducible.

    Signal refused to add reproducible builds for iOS, closing a GitHub request from the community.

    It was closed because they use Github for bug reports, not feature requests [4]. The dev even pointed them to the right place. That said, I do agree it would be great if there was some progress made on this front for Signal, but realize its a huge effort and may be best avoided for now as the iOS client still needs some "catching up" to do, compared to the Android version.

    And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

    Agreed.

    Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

    Telegram collects all your data by default in a way that's accessible to anyone with enough privileges to their infrastructure.

    [0] https://core.telegram.org/reproducible-builds#step-6-comparing-the-appstore-build-and-the-version-built-in-the

    [1] https://signal.org/blog/private-contact-discovery/

    [2] https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

    [3] https://github.com/ali-fareed/darwin-containers/commits/main/

    [4] https://github.com/signalapp/Signal-iOS/issues/641#issuecomment-1276308990

  • its true tho
  • 100% agree. Would be nice to be able to just "dock" into a USB-C cable and have a working "PC" at my disposal. Appreciate the response.

  • Android 7.6 features
    signalupdateinfo.com Signal for Android v7.6

    Signal news and updates. We post about new and upcoming features to keep you up-to-date with your favorite E2EE messaging app.

    Signal for Android v7.6
    • Group call reactions 🎉
    • Double-tap a message to edit ✍️
    • Link preview images no longer show in the 'Shared Media' section 🏞️
    • Improvements to missed call handling 📞
    • Updated permissions popup UI 🍾
    2
    its true tho
  • genuine question, what do you expect out of a mobile OS that you can't do now?

  • New German research shows EVs break down at less than half the rate of combustion engine cars.
  • Even without a source I can see how ICE vehicles are cheaper to repair (assuming you don't have some high-end expensive car. I had a relatively "new"-ish engine replaced in my ICE vehicle (I'll let you guess the make/model) for just under $2,200, this is including labor.

    ICE vehicles are "old tech" and everyone knows how they work and where to source cheaper (new or rebuilt) parts. All bets are off if you're working directly with a dealer when trying to save money.

    I'm looking forward to owning an EV at some point, but will definitely need to find someone who's competent whenever any major issues appear. Hopefully by then they're significantly more common and the industry has more people that are competent at that type of work.

  • Memos - Easily capture and share your great thoughts. Open Source and Free forever
    www.usememos.com Memos - Easily capture and share your great thoughts. Open Source and Free forever

    A privacy-first, lightweight note-taking service. Easily capture and share your great thoughts.

    Memos - Easily capture and share your great thoughts. Open Source and Free forever

    cross-posted from: https://lemmy.ml/post/10866175

    > Check out the live demo at https://demo.usememos.com/

    3
    Memos - Easily capture and share your great thoughts. Open Source and Free forever
    www.usememos.com Memos - Easily capture and share your great thoughts. Open Source and Free forever

    A privacy-first, lightweight note-taking service. Easily capture and share your great thoughts.

    Memos - Easily capture and share your great thoughts. Open Source and Free forever

    Check out the live demo at https://demo.usememos.com/

    20
    Merge movies with different resolution on different paths?

    I know this works if I have, for example:

    movies/ - movie1 - 1080p.mkv - movie1 - 2160p.mkv

    but what if I have:

    movies/ - movie1 - 1080p.mkv movies2/ - movie1 - 2160p.mkv

    Because I'm out of space on the driver under "movies". Do I need to have them in the same parent folder?

    3
    Edit Message in Signal

    cross-posted from: https://lemmy.ca/post/6601917

    > > Edit Message > > > Now you can edit a message even after it has been sent! Fix a tpyo, include the missing ingredient in grandma's chocolate chip cookie recipe, or add the punchline to a joke if you hit the send button too quickly. The choice is yours. > > > Messages will always show when they have been edited, and you can tap on the "Edited" indicator to see the full edit history for any edited messages. > > > Update the past in the present to prevent future confusion today! > > Got this today on Signal beta. Editing is one feature I really wanted in Signal. > > Anyone else got it?

    4
    Signal's Meredith Whittaker: AI is fundamentally 'a surveillance technology'
    techcrunch.com Signal's Meredith Whittaker: AI is fundamentally 'a surveillance technology' | TechCrunch

    Why is it that so many companies that rely on monetizing the data of their users seem to be extremely hot on AI? If you ask Signal president Meredith

    Signal's Meredith Whittaker: AI is fundamentally 'a surveillance technology' | TechCrunch

    > Why is it that so many companies that rely on monetizing the data of their users seem to be extremely hot on AI? If you ask Signal president Meredith Whittaker (and I did), she’ll tell you it’s simply because “AI is a surveillance technology.”

    3
    Was thinking of creating a honeypot

    but before I do, I figured I'd ask if anyone's aware of any tools/software that covers my basic needs of setting something basic that may alert me if there are any intruders in the network?

    Needs:

    1. Fake ssh login that can trigger a script so I can take care of the rest.
    2. Fake network share (cifs/samba) that can trigger a script if anything tries to access it.

    Would be great if there are any docker images I can just pull, make some minor edits, and run.

    Thanks!

    18
    Clima: A beautiful, minimal, and fast Android weather app
    codeberg.org clima

    Beautiful, minimal, and fast weather app.

    clima

    Just found this today and thought I'd share.

    ---

    Features:

    ✅ Beautiful, minimal UI ✅ 8-day forecast ✅ Imperial units support ✅ Dark and light themes ✅ No ads or trackers

    40
    Not everything is secret in encrypted apps like iMessage and WhatsApp
    www.washingtonpost.com Not everything is secret in encrypted apps like iMessage and WhatsApp

    Read this to find out if Apple, Google, or your phone company might be able to see everything in your family group chat. Spoiler alert: Yeah, maybe!

    One feature of apps such as iMessage and WhatsApp is that your texts or voice calls are scrambled and private from everyone.

    With end-to-end encrypted technology, no one but you and the intended recipients can know what you wrote or said — not hackers, the app companies or the police.

    Except, not everything is end-to-end encrypted in end-to-end encrypted apps.

    That could mean what you type in chats are saved on company computers that corporations such as Apple or your phone provider could read. Details such as the timestamps of every text to your boyfriend might not be under lock and key, either.

    That’s not necessarily bad. Each end-to-end encryption choice has trade-offs. More privacy and security could also make it harder for you to use an app, or can shield activity of terrorists and child predators.

    The mess I’m describing — end-to-end encryption but with certain exceptions — may be a healthy balance of your privacy and our safety.

    The problem is it’s confusing to know what is encrypted and secret in communications apps, what is not and why it might matter to you.

    To illuminate the nuances, I broke down five questions about end-to-end encryption for five communications apps.

    Is the content of every message automatically end-to-end encrypted?

    • WhatsApp: Yes

    • Apple’s Messages: No

    • Messages by Google: No

    • Meta Messenger: No

    • Signal: Yes

    The biggest encryption caveat is for the built-in texting apps on iPhones and most Android phones in the United States. Those are Apple’s Messages app, also known as iMessage, and the Messages by Google app.

    If you use Apple’s app, texts that you send and receive are only end-to-end encrypted if everyone else in the chat is using that app.

    If the text you see is in blue, the contents of messages are end-to-end encrypted for everyone in the chat.

    Even if Apple wanted to read your texts, it doesn’t have a key to unscramble those messages. (There’s a caveat in the next section about backup copies.)

    But the dreaded green bubbles are Apple’s warning. If you’re in a group chat with three people using Apple’s chat app and one person on an Android phone, no one’s texts are end-to-end encrypted.

    Each of your mobile phone providers might save every word of your communications. Those companies could, in theory, read your messages, lose them to thieves or hand them over to police with valid legal orders.

    Google’s chat app has the same encryption loophole. (For most people in the United States, Messages by Google is the standard texting app on Android phones.)

    Your texts in Google’s chat app are only end-to-end encrypted if everyone else is using that app.

    Google shows if your texts are end-to-end encrypted with signs such as a lock icon under texts and another on the send button.

    Are backup copies of your messages automatically encrypted, with no option for the app company to unscramble them?

    • WhatsApp: Yes

    • Apple’s Messages: No

    • Messages by Google: Yes*

    • Meta Messenger: No

    • Signal: Yes

    WhatsApp and Signal don’t let you save copies of your texts or call logs to the app makers’ computers.

    That means they don’t have saved message copies in a cloud that crooks could break into.

    But if you buy a new phone and forget your password, WhatsApp and Signal can’t really help you transfer all your old texts.

    If you back up copies from Apple’s chat app and Meta Messenger, the companies have the keys to unscramble what’s written in encrypted chat copies. Again, these unscrambled text copies can help in criminal investigations or they could be stolen or misused.

    Apple recently introduced a choice to fully end-to-end encrypt backup copies of iCloud accounts, which means not even Apple could unlock your scrambled backup texts.

    If you pick that option, Apple can’t help recover your chats if you forget your account password.

    This risk is why Apple makes this feature a pain to turn on, and requires you to list a plan B if you forget your password, such as a personal contact who knows your decryption code.

    WhatsApp has an option to save backup copies of your messages to Apple’s or Google’s cloud. WhatsApp doesn’t save those backups.

    For Messages by Google, the company says chats backed up to the company’s computers are automatically encrypted – as long as your Android phone has a screen that you need to unlock with a password or another method.

    Google gets an asterisk because it says it cannot unscramble your backup texts in its cloud. But it can for attachments like photos.

    Meta Messenger has been testing an option for people to turn on fully end-to-end encrypted backups.

    Does the app save your account details in a way it can access?

    • WhatsApp: Yes

    • Apple’s Messages: Yes

    • Messages by Google: Yes

    • Meta Messenger: Yes

    • Signal: Yes*

    Most end-to-end encrypted apps save some “metadata,” or details about you or what you do with the app. They can retrieve the metadata if necessary.

    The app companies aren’t necessarily specific about which metadata they save and can unlock. This information can make you less private– and it can help in criminal prosecutions.

    WhatsApp, for example, may have your general physical location when you use the app and the names of your group chats. Under legal orders, WhatsApp has the ability to log the phone numbers your number communicates with.

    WhatsApp says these details can help identify spammers and aid in investigations of potential criminal activity including people who share images of child sexual abuse.

    Signal is a yes with an asterisk because it doesn’t save much the app can retrieve – just a phone number used to set up an account and the last time the account connected to Signal.

    Are disappearing messages an option?

    • WhatsApp: Yes

    • Apple’s Messages: No

    • Messages by Google: No

    • Meta Messenger: Yes

    • Signal: Yes

    Even with end-to-end encrypted texts, someone on the receiving end could leak them or turn them into the police.

    For extra privacy, WhatsApp, Meta Messenger, and Signal have an option to set texts to automatically delete in as little as 24 hours from the phones of everyone in a chat.

    This isn’t ironclad, either. Someone could take a photo of your messages before they disappear.

    Does the app use the Signal protocol?

    • WhatsApp: Yes

    • Apple’s Messages: No

    • Messages by Google: Yes

    • Meta Messenger: Yes

    • Signal: Yes

    The Signal protocol is considered a gold standard. No one yet has found holes in the end-to-end encryption technology.

    Read more:

    8
    Demo of the new QR code design
    community.signalusers.org New QR code design

    Nice, Username QR codes You can change the color of the background… and the QR code, probably to help with readability…

    New QR code design

    A preview of what's coming! Very excited for this update.

    0
    Text formatting is coming to Signal

    I personally would have preferred markdown support, but this is a long overdue and welcome improvement.

    0
    Setting up a media server with docker, Jellyfin, Deluge, Sonarr and Radarr
    agatsyasingh.wordpress.com Setting up a media server with docker, Jellyfin, Deluge, Sonarr and Radarr

    Hey,if you’re a data hoarder like me, or are someone who just wishes to have a neat way to showcase your media, then this post might be of use to you.To begin with, I’ll offer a concise…

    Setting up a media server with docker, Jellyfin, Deluge, Sonarr and Radarr
    0
    What is Secure? An Analysis of Popular Messaging Apps
    techpolicy.press What is Secure? An Analysis of Popular Messaging Apps

    Results of a technical, design, and policy analysis of encrypted apps from Signal, Telegram, Google, Apple, and Meta.

    What is Secure? An Analysis of Popular Messaging Apps

    Wanted to share this article/research paper. I haven't had a chance to read it, but interested to hear people's thoughts. Will have to catch up after work.

    0
    Excited for the updated Jellyfin admin dashboard
    fosstodon.org thornbill :jellyfin: :tux: (@thornbill@fosstodon.org)

    Attached: 1 image Here is a little teaser of some new functionality coming to the #Jellyfin admin dashboard... a complete overhaul of the activity log! The biggest new feature is the ability to view all the available activity log entries instead of being limited to only 100 entries in the last 24 h...

    thornbill  :jellyfin: :tux: (@thornbill@fosstodon.org)
    0
    KLISHDFSDF ᗪᗩᗰᑎ @lemmy.ml
    Posts 18
    Comments 320