You said you were done responding, so at least have the dignity of demonstrating a little bit of honesty where it is most apparent.

It seems

Any “privacy” improvements from random instances are not part of the core code structure

The privacy improvements are from the ActivityPub protocol. The author cites them.

Don’t be a jackass and don’t spam.

The trouble with the thing you quoted twice in a row - unnecessarily padding out your post - is that saying “Mastodon may not be perfect” does not cancel out Pixelfed’s massive security issue.

Two wrongs don’t make a right.

Non-malicious servers aren’t supposed to do what Pixelfed did.

Search that specification for “private.” You’ll find precisely one reference to it…

It might be better to look for what the article mentions: “manuallyApprovesFollowers”, and it is explicit about what to do when that value is set to true. I don’t understand how you’re confused by it.

Mastodon, in general, is regarded as careless with safety.

Regardless, two wrongs don’t make a right, and I found the description of how to properly handle a security issue as discussed in the article to be appropriate. For example, collaborating with administrators of large instances.

The “security issue” is created on Mastodon’s side

Are we reading the same article? I realize this isn’t the first time you implied this, but I thought I must have been mistaken.

From the original post: “Importantly, your Mastodon or GoToSocial instance isn’t handing your private posts to any random server, just because it asks.”

Mastodon is behaving. Pixelfed was not. Pixelfed fixed the security issue because it was their issue…

I looked at your comment before reading this article, and you make several bold statements that the article dispels

A fork of Mastodon created a new abstraction for “private posts”

The author of the article links to the official specification which was made for ActivityPub. This does not appear to simply be “some fork of Mastodon”, but if it is, please provide a citation.

they’re trying to blame Pixelfed for not adopting their homemade standard

See previous comment

It’s fixed in 1.12.5

The article also goes into great lengths about how the security update was handled poorly, with inappropriate communication along the way. It contrasts this with a correct update.

I miss those old images that would show you your IP address and ISP name, which were generated dynamically based on the request. They were designed just to be a bit frightening. But, because they were rendered on the server side, there was definitely nothing stopping them from recording your IP address too.

https://imgur.com/aYxadwg

Samsung has retired their messaging app. Google Messages is the only option on Android.

(cc @MoonlightFox@lemmy.world)

Kagi doesn’t just add optional AI features, they are an AI-first company that wants to turn search into an AI agent. They wrote a manifesto about it.

Maybe manifestos aren’t worth much anymore, what’s with Mozilla abandoning theirs, but I tend to believe a company when they tell me what they are.

The nice thing about Fennec is you don’t have to accept a Mozilla license to use it, and those Mozilla services are (AFAIK) disabled by default. In fact, when I look at their settings menu, there is no “data collection” section to speak of.

The not-so-nice thing about Fennec is a little while back, it just didn’t receive any updates. For something like a month.

Just about every browser that’s based on Firefox is going to be slower to update than mainline Firefox, with perhaps the exception of Tor and Mullvad because they work hand in hand.

If I were you, I would just shutter everything about the account except for the Minecraft license. Especially because, if you create a new account to play Minecraft, Microsoft is eventually going to ask you to provide identifying information like a phone number anyway. (At least, this has been my experience.)

I don’t think there’s the best answer here, but that’s what I would do.

What are the chances that your account then gets marked as “insecure” unless Google can effectively figure out who you are?

The decision to cache results is interesting. (When I searched “Mullvad Leta,” this critique of it popped up.) As far as I can tell, though, this is a really promising looking search engine.

Unlike DuckDuckGo and so many other engines, you don’t have to rely on Bing’s results (they usually work for me, but I’ve heard complaints. And getting pointed at the same news aggregators can be annoying.)

Unlike Brave, the results arrive quickly. Presumably, it also won’t hit me with captchas like Brave has in the past.

Unlike Kagi, I don’t have to worry about signing in with an email address and unknowingly funding Brave, Yandex, or whoever they contracted with. (Vladimir Prelovac hid the source data out of what appears to be spite.)

Unlike Google… Do I even need to elaborate? It’s Mullvad. They have a reputation for being the best, not the worst.

Here’s to hoping competitors follow suit.

But the backlash on Reddit could be contained!

• Half of it was on their subreddit, which they have full control over
• Half of it was on r/privacy, which got removed by a Proton fan.

I thought it was open source.

https://github.com/signalapp/Signal-Server

This doesn’t prevent them from running different software or logging requests, but we have unsealed court orders, which is better than most other services that could receive them.