But that’s not what the terms on both Google/Meta and Deepseek say.

There’s no term in their ToS saying Google/Meta restricts the data collection to forms, which means that if the ToS allowed them to collect them from forms (and as you admitted, we do know for a fact that they do), then it also allows them to collect it outside of forms. The reason I put the search suggestions as example is because it’s one we CAN know (and thank you for agreeing on that), but that doesn’t mean they don’t do other captures at times we DON’T know… and also it’s not the only place, Google owns several captcha mechanisms and capturing input patterns is common on those too (and captchas capture outside forms too!). Another obvious example is Google docs, another is Google translate… and again, those are only the obvious ones, we don’t know if there are non-obvious ones.

In the other direction too, Deepseek terms don’t say it does it outside of forms either. You are jumping into assumptions by saying it acts the same as a traditional keylogger and that the keystrokes are captured for “anything typed”. For all we know the only place they might be capturing is when the user is in very specific steps of the login process, maybe for captcha purposes too, or specific forms for preloading results, etc. There’s no reason you should trust they do it any less/more than Google/Meta does, the ToS in both have the same lack of information in that respect.

You can only make assumptions one way or the other, since the terms are not specific on what exactly they allow themselves to do, in the case of Google/Meta their terms are so generic that they don’t specifically say they do (even though they do, as you yourself admitted), while in the case of Deepseek, even though they are a bit more specific by using the word “keystrokes”, they also don’t specify where/when/why (other than “to give you a seamless log-in experience and for security purposes” …but that’s also unclear wording).

Yes, it’s possible. To be honest, I find it very sad that we have grown so dependent on ISP and big telecom companies to have a working network.

In theory, you could have an infrastructure in your neighborhood and be able to play Quake with your neighbors without making use of the phone line at all, completely free of monthly fees and with a very efficient and fast connection too! you’d just need cabling connecting the apartments/houses and some decent routers controlling/restricting access on each subnet. It’s a pity that’s not a standard thing when designing residences.

Though less efficient and more limited in range, you can technically do it with Wifi and mesh networking too… there are projects like B.A.T.M.A.N (https://www.open-mesh.org/), however, it’s not very user-friendly to set up. I believe there have been some projects that attempted to launch embedded devices to act as mini routers for this, but the spread has not been wide enough to make it worth it, sadly.

I think the argument is that those alternatives already existed before. Twitter was not being prioritized, it was essentially mirroring the content already available in RSS, mastodon, etc. So effectively, there’s now one less place where the news will be visible.

However, I do agree with the move, but only because Debian being a FOSS initiative should stay away from proprietary platforms and promote FOSS, even if it means effectively “shutting off” a portion of users who don’t wanna leave the twitter bubble.

Were they using Twitter to provide exclusive updates not available anywhere else?

My impression from the post is that they are publishing the exact same updates in multiple locations, including mastodon at https://framapiaf.org/@debian …so just because they were publishing in that one extra site to make it accessible to a particular subset of people does not mean all other people were being shut off from receiving updates.

However, I do agree with the move, but only because Debian being a FOSS initiative should stay away from proprietary platforms and promote FOSS.

I don’t know enough detail about ATproto, but I wonder if it’s technically possible to block access to posts without also blocking federation. From what I’ve heard the functionality is more modular than Activitypub (content indexing being a separate service from content hosting) so I wouldn’t be surprised if it wasn’t possible.

Thanks, I did not know. I think you are referring to this: https://www.freevacy.com/news/noyb/trumps-actions-to-dismantle-pclob-threatens-eu-us-data-transfers/6088

To be completely honest… as an European I would be happy if they actually did make it so that no EU-US data transfer were allowed… we need to stop depending on all these US-based services… but like you said, they probably don’t have the balls to pull the plug. Which makes me wonder if that board was actually really any protection at all for privacy or it had always been an empty shell used as an excuse on both sides just to keep up appearances and maintain the plug on.

I honestly think this could be a win for us. Worst case scenario, nothing really changes but some masks fall off and at least some people would stop acting under false pretense (which could open the doors for change). So I’m actually glad he did that.

The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.

What did he do? I know Trump does not like the GDPR, but did he sign something affecting it last week?

The argument stands, though.

Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta… they definitely do collect incomplete strings from search forms (down to individual characters) when they display search suggestions, for example. They might not mention “keystrokes” in the legal text, but I don’t see why they wouldn’t be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.

It’s worth noting that presently mozilla earns $0 from my not using google, and not seeing sponsored tabs.

I thought Google pays (or paid?) Mozilla just to be the default engine out the box, regardless of whether you change it or not.

Another point is that it’s so easy to turn those things off (the sponsored shortcuts too) that I wonder if it would be worth the cost of launching an alternate version behind a paywall while making sure it works only for people who pay (which could be seen as DRM anyway, with potentially massive backslash). So I imagine the end result would not be that profitable (whether they decide to paywall it properly or not). Those who wanna donate and have no ads can do that already, those who want a cleaned up version of Firefox can have that and from neutral and independent third parties which I’d argue is better than if it were Mozilla who did it (and you can donate to Mozilla while using those too)… so I’m not sure it would make sense.

But it would make sense to have a donation pool specifically to fund Firefox development. That would be something interesting, considering Mozilla does other things besides Firefox. But I expect they don’t do that because they probably fear all donations will move there and they don’t want to lose funds for other things. We might need to create a separate organization if we want an independent fund for Firefox-based browsers.

I think there are situations that fsync does not cover very efficiently, to the point that it can cause timing issues that lead to some bugs / incompatibilities. The timing issues might be rare, but that doesn’t mean the overall efficiency is the same. It would be interesting to see benchmarks of fsync vs ntsync.

It’ll probably release on March, since there’s a release every 2 months and 6.13 was on Jan 20th.

They will release the first RC at the end of this week, so maybe someone will make an AUR package already (but no idea if current Wine can already take advantage of it, though).

Most methods for syncing a file also let you sync a whole directory of files (for example syncthing).

So if your main issue is keeping them on sync across devices, keep different kdbx files in the same directory and sync that.

However, I’ve found that switching between databases is not very convenient with most keepass clients. So I tend to only keep separate files when the context is really different and I won’t need to be switching back and forth (eg. personal vs work).

This specific comment thread is focused on that because that was the topic started by the choice of words of the first comment.

The conversation would not have continued in that direction if instead of doubling down there simply were an admission that what really was meant to say is not that Proton betrayed some hypothetical anti-Trump principles they had, but that they have proven now being sympathetic towards Trump and this made people feel unsafe (and some branches of the thread implied that conclusion).

What’s being argued is that this is not surprising. This is as silly as thinking that Zuckerberg is a betrayer because of the recent changes in moderation policy, as if Facebook was ever on the side of any particular political ideology other than their own interests.

What makes you think tuta is against all and every policy coming from the far-right including the ones that align with their stated goal of digital privacy? If (hypothetically) tuta had some level of relationship with a left-wing party (pick your favorite) and made a post about how they are happy about certain changes that party is pushing that are beneficial to privacy, would that be a betrayal of their own principles? I would say it’s not, regardless how many alt-right customers might “feel betrayed” if they had some parasocial alt-right image of tuta.

I think the “he” there was @anonymous@lemm.ee, not the CEO of Proton.

The comment from anonymous implied that there was no real betrayal. Just because someone fights for digital privacy does not mean he’s on the same side for other topics. Feeling betrayed and actually being betrayed are not the same thing.

But those are small fries, not “the provider of games”

They have less to loose, then. That’s just as dangerous, if not more.

I’m a small fry too, would you run a binary I send you without any form of sandboxing?

we don’t run games as root

No, we typically run them with the same user that stores all our useful private data and that we typically type our passwords with.

Also, why are you OK with that level of sandboxing? don’t you want more “control”? You say containers are bad, but using user roles to protect parts of the system is ok? why are you not running all as root if you want “control”?

we are speaking about Wine, so what they see is limited to WINEPREFIX

Not really, by default you have access to other drives (Z:\ being /, the fs root), wine is not a perfect sandbox, it’s not designed for that… and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what’s being pursued. You’d be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of “control”.

Currently, in order for Android app to appear in the official Store, developer has to allow Google to repackage their app and sign it with Google key. So while we can inspect what is there in the code of the app in git, we don’t really know what lands on our phones if installed via Google Play

You can still open an APK and decompile it… it being signed with a specific key is no different than the digital signatures some attach to their emails, it’s a way to prove authenticity, not a way to encrypt the message… you can open the email without having to even care about the signature.

We have no control over what they put in those containers

Most games on Steam are proprietary software you don’t control to begin with. It seems reasonable to keep them encapsulated in containers (+1 if you run Steam on flatpak or so) rather than granting them the capacity to run amok in the entire system, which we would have even less control over.

It seems contradictory to want to remove barriers that are preventing the software from taking more control, and at the same time complaining about how they are having too much control.

Or open about:profiles (which you can put conveniently in your bookmark bar).

The reality is that being “anti-Nazi” is also a neutral stand. This is in the terms of service of Proton:

Unauthorized activities include, but are not limited to:

[…] 4. Harassing, abusing, insulting, harming, defaming, slandering, disparaging, intimidating or discriminating against someone based on gender, sexual orientation, religion, ethnicity, race, age, nationality or disability;

I don’t think Proton is ok with Nazis, but I feel people wanted them to be also “anti-Trump”, even if Trump does something to benefit privacy (which, as you hinted, is a neutral action that also benefits anti-Nazis).

Is “staying out of politics” even possible for a company?

I feel even just the creation of a company already has political repercussions (and I don’t mean that as in them being necessarily bad).