Trump legitimately believes his purpose is to put forth the rules that make his voters happy… so in that way, negotiation is more of a sign of weakness and would tank his numbers.

https://jmp.chat/

And SMTP/IMAP do not support end-to-end encryption, so a malicious server can still spy on you even if it uses TLS.

But I dislike that it requires even going that info

I never understood this stance… do people really think a corporation is going to risk their entire company over your anonymity when their country’s government does not allow this? Nobody is going to jail for you.

Plus, if everyone could easily sign up anonymously, then like they said, it would be overrun with bots and the reputation of their IPs would quickly deteriorate to where most other email providers would just block them, making the service almost worthless.

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

How would you know?

You probably wouldn’t have heard about it simply because it’s illegal to publicize a secret subpoena/warrant. Such orders are given as National Security Letters with a permanent gag order, going so far as to preventing the recipient from even seeking counsel; it’s a massive abuse of power and due process in the US.

I don’t consider those to be useful anymore because a court can compel them to keep the canary up in secret, and I’m pretty sure that’s already happened more than once before.

I think real intelligence by definition requires empathy and humility, which is typically the opposite of such dogmatism in my opinion.

“As a rule, strong feelings about issues do not emerge from deep understanding.” -Sloman and Fernbach

Yes but I think you still need a unique fingerprint in order to tie that data to a single person… and there are much less people who use ad-blockers than those who don’t, so to me it’s an extra bit of identifying information; obviously this puts the privacy-conscious user in a difficult position and I don’t know that there’s a perfect answer.

why change the title

As I mentioned, I felt it was more transparent to say where the money comes from and let people draw their own conclusions. Of course there will always be dissenting opinions no matter which title is used, I think that just comes with the territory, and I’m ok with that; I don’t think there is a single right or wrong answer. I’m sorry that you disagree with my choice. I encourage you to make similar posts wherever you’d like with your own desired title.

Thank you for your perspective.

I don’t think it was meant exactly that literally. If you use online banking then of course you have to allow whatever they require for it to work. But for non-necessary services that have an account feature… any time you use those of course will have more of your information out there to sell and track.

In the context of fingerprinting I disagree. The vast majority of the world population do NOT use an ad-blocker (supposedly maybe 15% do at most)… so having an adblocker can be used to narrow you down even more IMO. Many extensions can have this issue afaik, especially if it modifies the DOM.

Original title was “F-Droid Awarded Open Technology Fund’s FOSS Sustainability Grant”. Not trying to be tinfoily but I thought it would have been even more irresponsible to not make it clear where the money really comes from as I think most people aren’t aware.

Either way, please do your own research and draw your own conclusions and I promise I have no intentional agenda in reporting this… besides transparency.

hah, there’s nowhere near enough infrastructure to handle that.

Yes however they have also had servers seized before… I think it’s not unrealistic for some to believe they could be compromised after that.

I have read the spec, used the service and also implemented my own clients before, that is why I’m so confused by what you’re saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.

I don’t understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you’re implying new users simply can’t join a room? That makes no sense to me… I’ve certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine… so what’s the deal? And isn’t verification off by default?

End-to-end encryption ensures that only the intended endpoints can read the messages

But who/what gets to decide who the intended recipients are? Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?

What do you have to say about this then?

In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.

Perhaps we have a different definition of “impersonate”… not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)… but I would love to be proven wrong.

Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.

Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.