1. Proton will comply with legal demands for information
2. Proton intentionally limits what data it has access to

Don’t trust any cloud service to protect you from the authorities, trust the technical limitations you can verify. Proton is pretty good for this, in fact, one of the best. But like any service that wants to continue existing, they will honor legal demands for info.

That makes sense, SMS is essentially free here.

I guess I’m not going to London then…

No, it means it’s a target for vandalism since they aren’t going anywhere.

That’s absolutely correct. Everyone seems to fixate on the encryption, but hackers are lazy and they’ll attack whatever is weakest. In this case that means the storage on the phone after it’s decrypted.

Don’t store classified information on your phone, regardless of what you use to transmit it.

How about this:

1. Tell everyone signal is the best way to contact you because it works on all your devices (phone, laptop, desktop)
2. When someone messages you on signal, be really responsive
3. When someone messages you on SMS, be really slow, and occasionally mention how sorry you are about missing it

vulnerability

My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.

This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.

Perceptions matter.

And this frustrates me to no end.

Yeah, I get it, you don’t want to associate with bigoted people. But I wish people would take a step back for a minute and think. If everyone runs away the moment conservatives take interest in something, that means conservatives get an undue amount of power over you.

If we all largely ignore trolls, bigots, and bullies, they’ll lose their power. I’m not saying to be tolerant of intolerance, I’m saying we shouldn’t let them have power over us. Content moderation should take care of intolerance where it makes sense. On platforms like Signal, this means accepting that privacy means protection for both you and things you dislike. Yes, the platform will be used to arrange drug deals, facilitate pedophiles, and enable Nazis to communicate, but it also protects whistle blowers, people living under repressive regimes, and LGBT communities. Privacy means privacy, and that has value in itself.

Stop throwing babies out with the bathwater.

WhatsApp

Not in the US, pretty much nobody uses it here. Which is really odd to me, since it’s so prevalent elsewhere.

And we should take it a step further and have posts be digitally signed by the author. That way we can detect any db-level tampering.

That depends, is it?

Same, but openSUSE.

Linux absolutely works well on old hardware. I don’t know what your definition of “older” is, but I still use my laptop from 2017.

Woo!

Maybe it is, idk, but if it works it’ll be a pain. If people are willing to switch software, I’m willing to help them.

Oh yeah, that’s a lot more similar.

Yes, that’s not topologically a hole.

As long as you’re confident in being able to distinguish between the two drives (i.e. they have different capacities), you’re good.

The main issue people run into w/ a dual boot setup is Windows clobbering the Linux boot loader (the thing that lets you pick whether to boot into Windows or Linux) and users not knowing how to reinstall it. It will only do that on the drive it’s installed to, so if Linux is on a separate drive altogether, you’ll be fine. I recommend going into the BIOS settings and switching the default boot to your Linux drive, and Linux should detect the Windows installation and give you the option to boot into either one.

LR+PS (Adobe…)

This is probably going to be an issue for you, since neither has a direct replacement on Linux. However, in the worst case scenario (you hate Linux and want to nuke it from orbit), you just need to switch the boot order back in your BIOS.

This one?

It’s completely different. In that case, they were able to set up a fake business to accept payments, which is way more sophisticated than what happened to me. In my case, they just needed my login name and phone number, and I had reused the login name on several sites, so a number of places could have been involved in a breach. All the scammer had to do in my case was:

1. check if I have an account at a major banking institution
2. call me, pretending to be the fraud department
3. get me to give them my SMS code (they’d trigger through the normal “forgot my password” process)
4. keep me on the line long enough to link an external account
5. get me to give them another SMS code (“final authorization” or whatever)

That’s it, just two pieces of information, some smooth talking, and a little luck that I don’t catch on. Corey Doctorow’s situation required quite a bit more setup than that:

1. get Amex to approve them as a mechart
2. create a fake online ordering website that gets enough SEO to show up in search results
3. have someone actually place an order at the vendor so nobody gets wise

That’s a lot more sophisticated than what happened to me.

I’m not a fan, but I understand it and am generally okay with it. I still wish it all happened in the open like Linux.