If you’ve already read through this and understand what it means and are still worried about your privacy, I would recommend you switch to LibreWolf - it takes all the best practices of hardening Firefox for security and works out of the box. Unfortunately, this means you can’t play certain videos, it doesn’t auto-update, and some - likely many - websites will break/not work. This is the price to pay for true privacy. If you don’t want that, just keep using Firefox.

Yep! The device has a built-in web server. You connect via it’s IP from any browser and configure it how you want. Here’s what it looks like in homeassistant.

Overview:

Historical data:

I would recommend this product from Shelly https://www.shelly.com/en-us/products/shop/shelly-h-and-t-gen3-1

Doesn’t no app or hub requried, works via wifi or bluetooth, has an e-ink display to conserve battery. I’ve had it since October and its been running without issue. Uses 4 AA batteries which I haven’t changed at all and are still above 75%!

There’s a newer generation (I have the previous one) so I can only imagine its even better.

For anyone considering Session messenger:

The Session developers dropped Perfect Forward Secrecy because it would be hard to work around it.

First things first, let’s talk about what we’re leaving behind: Perfect Forward Secrecy (PFS) and deniability.

Source: https://getsession.org/session-protocol-explained

In plain English, they dropped a security feature for their convenience to the detriment of their users’ security.

For anyone unsure what PFS provides:

The value of forward secrecy is that it protects past communication.

Source: https://en.wikipedia.org/wiki/Forward_secrecy

The Session devs also claim:

Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example.

Reading between the lines, we can interpret that as introducing security through obscurity, which is generally considered bad practice - https://cwe.mitre.org/data/definitions/656.html

What’s wrong with Briar? https://briarproject.org/

Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in.

I think the reason these apps don’t take off is the compromises they make in order to work the way they do. When you do need them, you best hope you’re able to get them and get others to use them as well.

I’m able to play the Italian plumber game, can’t remember the name, on my spare six year old OnePlus 6T Android phone with a Bluetooth 8BitDo controller. my new Google Pixel crashes when I hit the jump button. it really depeyon the hardware. Also runs great on my desktop.

… or having episodes missing or original music removed/changed.

kinda agree with you.

Firefox is not doing well, and greedy CEO’s are not helping the cause. I wish they’d take a playbook from Nintendo’s leadership, show they really back the product, and take a pay cut to help the cause.

I can’t imaging the CEO being significantly impacted if they had to go from $6,700,000 per year to $3,350,000 and could single-handedly save at least 10 engineers at $300,000+ each to continue to work on core features and guarantee long-term success.

Nintendo’s Satoru Iwata on layoffs:

If we reduce the number of employees for better short-term financial results, employee morale will decrease, and I sincerely doubt employees who fear that they may be laid off will be able to develop software titles that could impress people around the world

The flatpak version updates in the background, doesn’t interrupt if its already running, and is immediately on the latest version the next time you run firefox.

Ooh silverbullet looks nice too, thanks. Link for the lazy: https://silverbullet.md/

Significantly overblown. Most of the opened github issues were by the same person. Seems someone doesn’t like it and is trying to spam the issue and frame it as a bigger deal than it really is.

If you’re on Firefox on desktop/laptop, check out Bypass Paywall [0]. It was removed from the firefox add-on store due to a DMCA claim [1], but can be manually installed (and auto updates) from gitlab. The dev even provides instructions on how to add custom filters to uBlock Origin [2], so you don’t have to add another extension but still get some benefit.

[0] https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean

[1] https://winaero.com/mozilla-has-silently-removed-the-bypass-paywalls-clean-add-on-from-amo/

[2] https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters

Because they get your profile picture, name, and email address when you click accept. I went through with it just to test, but definitely getting some data from its users.

You’re right, but security and privacy is about layers, not always 100% effective mitigations, especially not when the mitigation is a function (contact discovery) that requires a private list (your contacts) be compared against another one. For anyone where this is an actual security risk, they don’t have to to share their contacts. They will not know which of their friends/family are on Signal, but they can still use the service.

This feature does protect users in that any legal court order for Signal to present who is friends with who (as almost every other messaging provider has actual access to your list of contacts) is not possible. They’ve been subpoenaed multiple times[0] and all they can show is when an account was created and the last day (not time) a client pinged their servers.

Lastly, I’m not sure if this is even a feature or not but it wouldn’t be too difficult to introduce rate-limiting to mitigate this issue even more. As an example, its very unlikely that most people have thousands (or even tens of thousands) of people in their contacts. Assuming we go just a step beyond the 99th percentile, you can effectively block anyone as soon as they start trying to crawl the entire phone number address space, preventing the issue you’re describing.

[0] https://signal.org/bigbrother/

Not necessarily.

Signal has people who are experts in their field. They engineer solutions that don’t exist anywhere else in the market to ensure they have as little information on you as possible while keeping you secure [0]. This in turn means high compensation + benefits. You don’t want to be paying your key developers peanuts as that makes them liable to taking bribes from adversaries to “oops” a security vulnerability in the service. In addition, the higher compensation is a great way to mitigate losing talent to private organizations who can afford it.

[0] Signal has engineered the following technologies that all work to ensure your privacy and security:

• Post-Quantum Computing Resistance
• Private Stories
• Group calling
• Private admin permissions
• Secure Value Recovery
• Private Stickers
• Sealed Sender
• Private GIF search
• Private Contact Discovery
• Encrypted Profiles
• Reproducible Builds

I upload any suspicious files to virustotal.com.

appreciate the tip!

This is a nice surprise. Didn’t even know this was in development. Can’t wait to test it out!

I plan on making it available inside my own network, not public. This way if someone makes it past my security, I at least have something that might “catch” them in the act and disable my network so I can intervene. Just another security layer.

Fair point, but do note that https://wormhole.app is just a web-client for the wormhole protocol. There’s a reference implementation and there’s - personally - a much better go-based implementation (wormhole-william) that also has a few clients built using its API:

• rymdport: A cross-platform Magic Wormhole graphical user interface
• riftshare: Desktop filesharing app
• tmux-wormhole: tmux wormhole integration
• wormhole-william-mobile: Android wormhole-william app