Buying other hardware that you (well… not me ;) can inspect and verify, e.g RISC?

For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what’s actually personal on a verifiable processor, e.g browsing and reading emails, and what’s not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that’s the main idea behind them both, i.e knowing, as a community, how it works all the way down.

Neat.

Warning disclaimer : I’m not a cryptographer.

I actually tinkered with https://github.com/open-quantum-safe and it’s actually quite simple to become “post-quantum” whatever. The main idea being that one “just” have to switch their cryptographic algorithm, what one uses to encrypt/decrypt a message, from whatever they are using to a quantum-resistant (validated by NIST or whomever you trust to evaluate them) and… voila! The only test I did was setting up Apache httpd and querying that server with Chromium and curl, all with oqs, while disabling cryptographic algorithms that were not post-quantum and I was able (I think ;) to be “safe” relative to this kind of attacks.

Obviously this is assuming a lot, e.g that there are not other flaw in the design of the application, but my point being that becoming quantum-resistant is conceptually at least quite simple.

Anyway, I find it great to demystify this kind of progress and to realize how our stack can indeed, if we do believe it’s worth it now, become resistant to more threats.

RPi with minidlnad, all devices at home from computers, phones, tablets, video projector, even VR HMD, can play content with e.g VLC.

Very quick to install (basically have a media directory with your videos inside) and still very flexible, e.g new content is added simply by copying from any other device with access, e.g scp which itself can be a script after downloading something.

I keep track of parts of such a solution at https://fabien.benetou.fr/Content/SelfHostingArtificialIntelligence namely TTS, STT, LLM, etc. There is also a recent HomeAssistant article https://www.home-assistant.io/blog/2024/06/07/ai-agents-for-the-smart-home/ which is quite interesting… but also concludes that they don’t believe it’s ready for prime time for most.

If you have specific use cases in mind, happy to give more pointers for solutions I believe might fit. That being said I’m not personally convinced as I don’t use any assistant on a daily basis. Still I believe FLOSS alternatives are interesting to consider for any topic.

Look at /r/deGoogle and you will, sadly, see a lot of people that have a problem stopping.

A typical example is how services from Google, e.g Google Docs, Meet, etc do everything they can to avoid not logging in, and while having to do so, prefer to use a GMail acccount, or “at least” a Google account (which might not require a GMail email).

So… a drug no but a dependency hard to ignore for a lot of people, the same way some people feel “forced” to use WhatsApp.

You are extremely privileged if you never felt that way.

To not rely on it anymore? Not be tempted?

I suggest to delete it but giving yourself a grace period, e.g 1 year where you redirect emails until you are sure you updates most people and services accordingly. After that period, better to delete and this way hope that Google doesn’t have any of your data anymore.

What if your domain registration lapses and someone else grabs it?

Registrars do warn quite a bit but indeed you can add a yearly notification 1 week ahead in your calendar.

What if you can’t afford the cost five years from now?

You are in quite deep trouble then because the registrar itself is relative cheap, e.g $10/year. It also does not seem to increase significantly. If you can’t afford that you probably should focus on basic necessities first. If you are serious about it though, just like with the yearly notification, set $1/month just for this.

What if you just don’t like the domain name someday?

I mean… you change it? Just like when you went from person@gmail.com to person@mydomain.tld . That process is a bit annoying but as you’ve done it once, it will be easier.

All of these reasons will be problematic and some can result in identity theft and significant fraud. It’s definitely not a decision to be taken lightly, particularly if you have a lot of online accounts.

It’s not a light decision BUT it’s also not such a big deal. If I want to go back to person@gmail.com I can just do so any moment I want (well person-something@gmail.com to be precise). I will keep a 1 year grace period for the transition, start with the most critical accounts first, e.g government and banking then social media, then random accounts based on my history. It’s annoying but it’s a matter of hours over few weeks at most.

The only challenge is to be methodical and giving up on the idea that you’ll update 100% of the account. Getting 99% of the account that truly matter is enough IMHO.

PS: for actually sensitive data, and assuming you somehow didn’t manage to get the grace period YET still are smart enough to think ahead, multi-factor authentication will keep your accounts safe. Honestly I don’t think the overlap though between somebody who cares enough about that AND let’s domain expire is very big though.

Clarifying privacy from whom could help identify possible solution.

Because without privacy you can’t be a proper human being. You need privacy in order to have the safe space to develop, to dare try, to explore without the constant judgement of others. If you can’t be a proper human being, can you genuinely have democracy?

It’s both a per-requisite for humanity and what the political system that is often considered as the most just.

That’s why I care.

“e” stands for the Euro currency, thought EUR was a bit much and was too lazy to look for €. Apology for the confusion.

never really gotten into the whole “Internet of Things” thing.

Honestly… it’s not worth it. It’s fun, sometimes convenient, but nobody truly needs it except in some very specific situations. That being said it’s also now relatively easy and cheap to setup, e.g RPi4 then add a Zigbee dongle (30e) with a Zigbee lightbulb (20e) or switch (15e) or sensor (e.g temperature for 15e), install HomeAssistant in an hour … and voila, you have a setup you can play with and move from any home to any other in minutes. So it’s not a “big” deal to start but again, what for. I personally do it because I love tinkering and want to feel that I can be at the “state of the art” of technology WITHOUT surveillance capitalism, so it’s more an intellectual and more pursuit rather than a pragmatic approach. So I don’t recommend it but I also had to clarify it’s not that complex or expensive anymore.

Looks like you don’t care for zoning… then I imagine whatever beacon paired solely with your phone would do.

So… I’m going to be that person, yes, you already where it’s going : how about no tech? How about a box, wooden, plastic, whatever, where you put the keys inside? Always.

I know it doesn’t sound fancy, and as somebody who is turning the light on and off above his head with a keyboard shortcut I genuinely understand the challenge, but… in terms of privacy it is hard to beat.

Now… assuming you have HomeAssistant (as I do) and still really want to still do that and are ready to setup an “infrastructure” (to be able to do the zoning) this https://www.linuxmo.com/how-to-create-a-bluetooth-tracker-with-home-assistant-and-esphome/ looks like a proper solution that does work and is fine in terms of privacy. It does look like a lot of work to be honest, and it would only work in your house (or office if it’s yours so you can do the zoning there too) rather than going through the network of mobile devices that Apple and Android do… but it would be a start.

I remember a discussion with a friend of mine while I was probably droning about privacy, surveillance capitalism, etc.

She politely listened then said she didn’t really mind or care.

I feel quite strongly about this and as I know she is pretty smart was somehow surprised by her reaction so I tried to illustrate my point more directly. We were in a bar so it went a bit like this :

• A: so, can I ask you how much you earn?
• B: yes, sure
• A: can I tell others here in the bar
• B: I guess
• A: can I instead sell others that information so that they can try to sell you goods and services?
• B: no

So my point was that she associated a problem with privacy with a friend who might be a bit curious. When she started to see it as a systematic commercial endeavor that was unfair to her, she did change her mind.

Maybe a short thought experiment like this could help your brother see what’s troubling to you?

If you don’t have your files on another physical location you can show me, you don’t have a backup, you don’t own your files, you basically give your “digital life” to someone else.

How about prepaid credit cards?

Psychologically speaking I think about the situation as

• a learning process rather than a destination (when you mention “perfect” that’s a warning sign)
• a spectrum rather a binary position (even a king back centuries ago or a rich CEO or a powerful politician today has limited privacy, so it’s about moving positively over that spectrum)
• a worthwhile adventure helping to better learn about other things (e.g psychology, technology, politics) rather only costs

So… yes in fine it’s the same, i.e “more hoops” to go through to do the same things, BUT when framed positively it’s genuinely more exciting, more empowering!

that can help notice a compromised CDN, but not a compromised server.

Not sure I understand the distinction, a CDN is a server, so if OP is hosting code to execute on their server, they would be checked by whatever has already been downloaded and run locally before, i.e a PWA

If the hash is permanently stored in the browser, that is better, but there are also browser updates

I’m rather sure that localStorage persists over browser updates so that can be “permanent enough”

to say nothing of exploits.

I mean… sure but at that point the same apply to native. If you can’t trust the running environment you are screwed anyway.

attacker takes over the server and replaces the JS with a backdoored version, which the users receive next time they reload the page

Isn’t it exactly what hashing of JS libraries is for? e.g https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity that one can see on e.g https://cdnjs.com/libraries/three.js giving you the script to execute, yes, but also a hash to verify that what you receive is indeed what you expect?

So, assuming there is once a trusted loaded version (which HAS to be the case anyway otherwise you can’t start, the same as one would do with a native executable) then there can’t be an arbitrary version loaded next without it being validated first.

PS: I’m not saying this what OP does, I’m saying executing code (Javascript or not) that must be downloaded first is not in itself a security problem.

Still hitting their servers. So not doing much privacy wise

I wouldn’t underestimate how much they are getting, technically but also legally, from a logged-in account using their interface. So using another interface and without having an account can already help a lot. They don’t want “just” the data to improve a profile, they also need some way to server back the ads to, otherwise it costs them but doesn’t bring money back. I imagine in such cases, especially in jurisdictions where ghost profiles are illegal, this does a lot already.