• 11 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle











  • I probably wouldn’t bother. I can think of two scenarios you might get spied on.

    1. Through your browser you’ve granted a website access to your webcam (Zoom etc.) and left a tab open. Maybe it could activate it when you weren’t expecting?
    2. Someone has used a vulnerability to take control of your computer to the degree it can access your webcam directly. Desktop linux software doesn’t usually have meaningful isolation between software running as the same user, so at this point they can grab all your data, passwords, take screenshots, etc. and the webcam is just the cherry on top.

    I expect most people don’t do (1) very often, let alone for sketchy websites, so IMO it doesn’t make much difference either way.





  • Honestly I’m glad they highlighted the telemetry. I went through the local report about what’s included and while it’s not an upsetting level of detail, it’s more comprehensive than I would have opted in to if asked.

    Still, as sibling points out it’s in a completely different league from slurping up your IMAP creds, something which has always been local-only data. This is the second time I know of recently where MS has trampled on this kind of local-only expectation - the other was Edge defaulting to sending the contents of textboxes you’re filling out on webpages to the MS cloud for spelling and grammar checks. Thunderbird is still a sound recommendation, and unlike Microsoft, I trust that if I uncheck the telemetry box they’re not going to try to get me some other way.








  • You’re putting yourself in a tough position by asking for both E2EE and the ability to use from a browser. You have to trust the web app each time you open the page, and hope that they haven’t altered the deal to simply grab your data after it’s been decrypted by your password. I have no idea how likely it is that Standard Notes would do that but I’d reconsider the browser requirement specifically if E2EE is non-negotiable for you - an offline open source client program would be a much stronger position.

    For my money, I use local text files and SyncThing but it’s probably not spiffy enough for many people/purposes.



  • IME something like Signal is an easy sell since it’s simple and works well. For all the fair criticism about relying on phone numbers it makes the onboarding easy. For other things compartmentalising helps, e.g., “okay we’ll collaborate using this cloud file storage but I personally will be accessing it through the browser while keeping most of my files in a SyncThing over here”. While I self-host certain things I don’t volunteer to do that for family/friends because it will be too frustrating for everyone if/when I let them down.

    In this kind of situation there’s a fine line between someone who maximises their privacy through tech decisions and someone who makes their “correct” tech choices their self identity. If you drift into the latter, being asked to compromise can feel like an attack, leading to overreacting and coming across as insecure and annoying. Not to psychoanalyse anyone in particular but sometimes I think people need a reminder.