and at unsecure communication. Their chats aren't e2ee by default, making it worse than Whatsapp. Also, videocalls in telegram are much worse compared to said messenger
No, WhatsApp is truly e2e encrypted and uses the same Ratchet algorithm in Signal, IIRC. That's why tptacek and moxie were generally positive about it.
I think there's something about key rotation and a default setting where it doesn't notify you if the keys change, or something like that, at one point.
It's most likely e2e up until the moment LEO requests information on a particular user and then Meta updates your app to a trojaned version, that just APPEARS E2E.
It also heavily encourages you to “back up” your messages to them in an unencrypted manner. It will bug you literally every time you enter the app if you opt out of this “feature”.
I’ve been using the beta for some weeks, and it’s fantastic. snappy fast, and makes me feel in control.
I’m not using (and probably never will) any of the non-email features like the calendar, or the chat. But they are relatively hidden away, so they don’t bother me.
Calendar in the mail client is very useful since invitations are sent by mail. You click accept, the recipient knows you did and the event is added to your calendar.
But indeed if you don't use it it does not get in the way, which is perfect.
I also receive pdfs via email, but I don’t want a pdf reader in my email client.
It’s perfectly feasible to write an email client that hands off received events to a calendar application and receives the response to send back. It’s all icalendar components under the hood anyway.
Putting everything together in a single monolithic program that handles email, calendar and contacts is a design choice, not a technical requirement.
And yes, I do use the workflow that your descube receiving and sending calendar events. But Thunderbird’s design is annoying because it’s a all or nothing situation: you can’t just use it as an email client and use some other calendar application.
did they fix the problem where the calendar account must be the same as the email account? My email is on zimbra but since the zimbra calendar is isolated, I use a google calendar from another email account because I can use it with reclaim.ai, share calendars and use it on my phone.
I read mail first on my phone with K9 (the old UI) a few times per day and accept invitations there to put them on my phone, which is always with me. Then I download mail with Thunderbird a few times per week. I use my domain providers POP3 servers. Yes, they bundle a mailbox with each domain. It's also IMAP and webmail but POP3 is better for my use case.
Same here. I want to "receive" each message exactly once, not have it synced automatically all over the place. I only handle my email from either my desktop computer or my laptop, with a simple script to copy it all back and forth whenever I switch the device I am using.
I was on call for my jobs for decades and never had any problems with this method, however it was before smartphones became common. I do not handle email on my smartphone, ever.
This made me remember that for a while I used unison to sync the Thunderbird mail directory of my laptop with my EEEPC netbook (remember those things?) because a cheap 1 kg small machine was perfect to carry around on one week vacations, just in case... Then smartphones happened and killed that use case.
My mail stays on my computer, backed up locally and encrypted to a remote location.
I lose the ability to access old messages from remote but it never was a problem in almost 17 years of self employment. Before that, I already had about 13 years of downloaded emails, from the times when web mail was not a thing. No need to upload my old messages to Gmail, if this is even possible. I just kept using a local mail client. For my personal mail I remember some emacs clients, Netscape Mail (bundled with the browser,) Outlook Explorer then Thunderbird. I might forget something.
Yes, before I ran my own mailserver, I strongly preferred POP3 for this reason -- it let me get my email off of a server that I had no control over and onto a machine that I do have control over.
But after I started running my own server, I prefer IMAP so that all of my email is in one place regardless of what machine I'm using. And it still lives on a machine that I have control over.
That's a disadvantage to me, because I pay my email provider in part for the reliability of not losing my emails, and also because I tend to access my email from several different devices and I want to make sure everything is synchronized. What's the advantage of downloading them all locally?
The reason in the reply of yetanother12345 plus that I don't need to access my mail from multiple devices.
When I'm working I always have access to my laptop with the complete mail archive.
When I'm not working I don't need the mail archive. Access to the latest mail in the POP3 server is enough. Proof is all these years since 1994. Furthermore I didn't have any access to my mail when away from my computer up to my first Android phone in 2011. Nothing bad happened to me and to the vast majority of people, which were handling mail in the same way pre smartphones. I mean: no access when on the move.
BTW, when I send mail from the phone I BCC myself so I'll download the message for permanent storage later on.
Not the guy you're asking, but I prefer POP3 over IMMAP for the exact same reasons as you pay a third party: "reliability of not losing my emails, and also because I tend to access my email from several different devices and I want to make sure everything is synchronized"
The difference is that with the third-party approach, the third party is really a risk factor of unknown magnitude (even if trusted and paid). With the "local" approach you are in full control.
While true, an adversarial government can pass new laws to restrict access or installation of software it deems dangerous. Politicians, uh, find a way.
Open source. That means that they'd have to either prevent the downloading of the source, prevent it compiling, or prevent running something that you compiled on your own box. Any of those three seems to be guaranteeing that Europe will not have any leading role in computers for the foreseeable future. Any of those three also seems almost impossible to enforce.
When did personal computers die? Most desktops and laptops are fairly open and although android phones are not as open you can build software on your laptop/desktop for usage on your phone.
You could also use something like pinephone or librem. You wont have access to a lot of android tech but the most important functionality. A web browser, sending sms, email, making calls all work.
Signal didn't publish the source for their server-side from 20 April 2020 to 6 April 2021 while they secretly added a cryptocurrency payment system. Open source is only open if the source is available (and yes -- if their end-to-end encryption system is working properly than even a notional malicious server would not be able to intercept message contents, but could of course provide metadata, and also you have no way of verifying that the app you install via whichever app store you install Signal from was built from any given source).
That's absolutely not true, since Google is now signing app distributions and can easily swap them out. Additionally, there's no guarantee that Signal is shipping the same code to the app stores.
The whole stack needs to be open source and user modifiable, though. Signal is open source, but if Apple is one day compelled to ban non-backdoored versions from the App Store, nobody can use it on an iPhone.
States have access to "a monopoly of legitimate violence". We grant them that in order for them to be able to keep the peace, you know, law and order.
Everything else can be boiled down to this. No matter how many bits of encryption keys are used, someone with a chloroform infused rag and a wrench can visit any of us at any moment. And it's actually part of what we, collectively, as citizens, have granted as a power to the state.
I might be too influenced with Brazil I watched recently, but the monopoly on necessary violence is not without restrictions ( which is why there is an outcry when the outer bands are pushed too far ). Granted, the fact is that the bands are now hidden from public view only to resurface when a whistleblower lets the population know. Still, basic principle remains. There are limits to violence goverment can legitimately engage in.
> someone with a chloroform infused rag and a wrench can visit any of us at any moment
That's where engineering comes into play, maybe materials science to build suitable systems to defend against such physical attacks. And, you can't just ban engineering.
Unless I become Robert Johansson[0], my imagination and capacity for material engineering is not going to be enough to simultaneously have a life and protect against a single sufficiently motivated individual, let alone a nation state putting a lawful (by its standards) order against me.
I’m only even safe from nutcases because the nation collectively has enough experience dealing with people who think they know better.
> someone with a chloroform infused rag and a wrench can visit any of us at any moment.
Phrased like this it sounds like you are implying that the legal system in any EU country has no power over goons with wrenches, and everybody is effectively living in a police state. Why even bothering to pass laws around encryption?
To be precise, the article says that apps like Signal are to be the target of a follow-up regulation scheduled for coming September. It also emphasizes citizens' strong opposition to this prospect.
Fingers crossed, but is it enough? What can we do to prevent this sh*tload?
I think the problem here is with the definition of “secure system”. What is “secure enough”? Considering we’re talking about groups that have resources to buy 0-day exploits, if they want to get in, they’ll eventually will.
Sticking with your analogy, we could probably define a set of standards for baseline IT security for all IT systems…but it probably wouldn’t be very useful. Systems vary so wildly in complexity and scale that coming up with the equivalent of a “code” that fits most systems like we have with electrical installations is impossible.
I cannot endorse the app but it is made by dnscrypt-proxy enthusiasts. Had been removed from AppStore and brought back thanks to support of German incubator
