Just be mindful decentralization doesn’t inherently mean there is privacy.
openpgp4fpr:588f6e4eabe8c7b552d00fa641911f722b0f9ae3
Just be mindful decentralization doesn’t inherently mean there is privacy.
Seems like a step up from “Covenant Eyes” with weirdo politicians sharing their porn habits with their children.
At this point I have to wonder whether the “Signal is CIA funded” narrative is not just butthurt Russian trolls mad at the fact it’s also used by spies and informants for secure communication.
It’s probably also media’s fault for this. They only publish when a bad person does a bad thing on the internet with it, not all the millions of users who don’t do bad things. That would be boring.
I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption
These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.
There is no way to do key distribution outside of Tutanota’s service.
Probably another point is that the encryption for Matrix/Element has undergone multiple audits, one in 2016 and another one of their newer rust library. Whereas telegram just has not. There was this also a not too long ago. MTProto is also used nowhere else, whereas a lot of encryption has been influenced by the Double Ratchet which is well understood.
The other thing worth noting is that Matrix is the foundation for other products which many governments use for secure communications.
Keep in mind LocalCDN will make your fingerprint more unique. HTTPS Everywhere is unmaintained and no longer needed… and you certainly don’t need Decentraleyes, thats a duplicate of LocalCDN and is also unmaintained.
If you’re going to use Arch use Arch. It is incredibly dangerous to be blindly trusting things in AUR, when they can be contributed by anyone.
However, it then goes on to say that only moderate or advanced users should use Arch
Yes because there is less QA, there is nobody testing those things before they are released to you. It also requires you to make a lot of selections which unless you know what components to choose (I also use Arch) would be not great for a newbie user.
I find this funny as many corporate servers use Debian, and I don’t really see any huge security issues since the 90’s waving red flags of warnings and issues.
A lot of them are Ubuntu these days, or Centos. In a corporate environment you tend to be running a lot of containerized workloads because you want redundancy, and high availability.
By following this guide, it really leaves no option for beginner linux enthusiasts. I (we) recommend not folloing this guide as it reads like privacy paranoia propaganda piece.
TLDR being there is no reason to look beyond Fedora or Ubuntu for a newbie user. That is the point that it makes. These other obscure distributions don’t provide anything that you need.
Just a reminder, we specifically recommend against Garuda due to their unsafe usage of Chaotic-AUR.
VPNs are still worth it for that purpose, particularly torrenting… Not sure who is saying this but they are wrong.
It is, which is why I’m removing it. You can expect this from CNET, Techradar and bullshit outlets like that.
This is VPN marketing material mouth pieces 101.