has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, . It works well, but also feeds an enormous amount of to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

I like to think about little hacks to increase my while working on code. Lots of build systems fetch all sorts of things from the network, and send all sorts of data. , , and others have opt-out tracking. One little hack I have going is to force to fetch dependencies over (except from which blocks Tor). gitlab.com/-/snippets/3642145

When discussing alternatives for , I heard: "I tried X a couple times but it didn't give me the results I wanted but Google did, so I stay there". I use multiple search engines and see each one's strengths and weaknesses. This made me realize there is a kind of bias: using one service provides simplicity. When using one, we don't know when that it is providing worse results than alternatives. Then people get the impression "the alternative sucks, I'll stick with the good one" 1/

I see a shift in how people think about in . Now that people are aware of how bad software can be for privacy, I see a lot of pressure to not include useful functions because they might appear to be invading privacy. permissions are a good example: so many people are rightly concerned about location tracking, as represented by location permissions. The first question is ask when seeing a suspicious one is: do I trust that app's people and process to do the right thing?

I'd like to have something that automatically convert links to the preserving version in the browser. Like play links in , etc. There seems to be things like but for me the question is which one to trust, is maintained, works well enough, etc. Once I find a tool that I think it generally applicable, then I work to get it into so its easy for others to make this decision. Is there a browser extension for this that is worth getting into Debian?

The real protections of using a come from putting all your eggs in one basket: force all your DNS and traffic through the VPN provider. Then nobody else sees your real IP address, etc. As long as the VPN provider does everything right, doesn't get hacked, or doesn't have to comply with secret government orders, it does provide a real privacy improvement. But I have a real hard time buying into putting so much trust into one service. I wonder if it is possible to be so good

As lead maintainer of the official client, I hear a lot of criticism that is still at 25. fdroidclient is , publicly audited, with , written in memory safe languages, with a proven record of respecting and delivering . The source and binaries also receive human and machine review. is designed around untrusted proprietary software with non-memory safe code where the binary only gets machine review. 1/2

I find it super frustrating how well constructed PR is. They are masters of taking one little problem, making an a solid privacy improvement to it, then using it to distract people from their giant surveillance capitalism machine. Something like that is only a privacy improvement for people who are fully in Google's ecosystem. Switching to using Google Fi encrypted calling would be a net privacy loss.

There are two semi-related questions that have been repeatedly popping up in my head for the past couple years: 1) now that we know how to do real , are we sure we want a world where wiretapping isn't possible? 2) now that we know how to privately track usage without people, are we sure we want to encourage software development based on tracking data?

Reading about how browser aims to remove unique IDs when counting users makes me think about how hasn't been tracking users from the beginning, and stopped tracking downloads years ago, and seems to only have become more popular. Makes me think that developed by community motivated by doing the right thing is a better way than a or being driven by . Maybe improving the of tracking is missing the point.

image/svg+xml Librem Chat image/svg+xml