Yeah and this still wouldn’t cover something like xz-utils because I would only be aware of end user projects and not the libraries behind them. I’d have to draw up entire dependency graphs.

I was going to say that Cloudflare uses nginx but I found that’s no longer true.

F5 is American, they just had a Moscow office.

However the creator of nginx, Igor Sysoev, is Russian.

I think you’re asking if it’s possible for your government to be a man-in-the-middle? Depending on which government you live under, the answer is likely no but more importantly the answer will always be; it’s not worth their effort to find out what you’re watching.

YouTube’s public key is signed by a certificate authority whose public key (root) is likely installed on your device from the factory. When you connect to YouTube, they send you a certificate chain which your browser will verify against that known root. In effect, it’s information both you and YouTube already share and can’t be tampered with over the wire.

Technically, those signatures can be forged by a well resourced adversary (i.e. a government) with access to the certificate authority through subversion, coercion, etc. At the same time, it’s probably easier to subvert or coerce you or YouTube to reveal what you watch.

obscure corporate jargon like KPIs (key performance indicators), KRIs (key risk indicators) which, after having thrown them at me during an interview for a college intern position, made the interviewer wonder why i got so flustered. i would hesitate to throw any acronyms around in any interview, let alone for a college student.

by the way, i got the internship. the acronyms weren’t even used in my position.

Yeah, it’s pretty understandable to associate telemetry with wrongdoing. There’s been so much of it that it’s easier to switch it off.

There’s a lot of useful, non-personal data they have legitimate reason to collect. Namely, app profiling data for profile-guided optimization which can improve the performance of the browser by analyzing how it runs on actual devices.

The biggest issue most people have with it is the dynamic DNS feature, which is automatically enabled and contacts their server to create the record. If you turn this off before connecting the router to the internet, you’re probably good.

The simplified DoH client also only allows either Cloudflare or NextDNS, which aren’t the most privacy-oriented options. Still, it’s possible to set up your own.

Otherwise I’ve never heard of anything major; the devices are cheap and reliable. I’ve had one running constantly for years and only had to reboot it manually once.

I agree. I use Proton and I have exactly one service which supports GPG. It’s a cherry on top but it’s not all that useful.

The big thing is to use a trustworthy service that you pay for. It’s not bulletproof but at least the incentive is there to keep your email private and away from advertisers.

A decent blender. Not anything industrial like a Vitamix, it’s a Magimix which was about half as much but still durable and has replaceable parts. It’s fine for what I need and is lasting much longer than the pile of crap I had before.

Vacuum pack bags for clothes is another one. I like to keep my wardrobe seasonal but I don’t have much space, so packing it down helps.

Also anything reusable: PTFE/silicone baking sheets, rechargeable batteries, reloadable floss handles. All of these have saved recurring purchases, money over time and reduced waste (which made me feel good.)

Funny, that’s in line with the $1 a year WhatsApp was going to charge.

Sounds like just $5 will pay for me and 4 others, so that’s nice.

Nice try, boss.

Yeah, I think that comes from the developer having high standards for hardware security. The effort put in is a waste if the hardware fails. I would have thought Samsung would have been suitable too, though.

What about /e/OS or plain old degoogled Lineage? I like it as a phone OS, it’s just a shame the app ecosystem is so dependent on Google’s services.

Nice to know, I was pretty sure my experience was purely anecdotal.

I can anecdotally say that the more right-leaning people I know are the most anti-FOSS but I’m not sure that applies generally.

Even that comes with a caveat: the people I know disagree with it philosophically, i.e. they can’t see how it can work for the maintainer and won’t donate, yet are as happy as anyone to use something for free.

Just wanted to add a bit about Proton since you mentioned it and I use it quite heavily.

Pros:

• All-in-one platform for storage, mail, VPN, password manager and calendar. Usually works out cheaper than multiple providers.
• E-mail aliases built-in to the password manager makes it a breeze to manage. (Tutanota also supports aliases.)
• Personally, I think the UI is more polished. Not important for privacy but it’s a plus for the non tech-savvy.

Cons:

• All-in-one platform. I’m acutely aware that I’m going to have a headache if Proton is enshittified.
• If you’re not looking for all of the products they offer, it’s just expensive. Tutanota is cheaper for e-mail alone.
• The Drive app needs improvement. Migrating my files was painful and I want automatic Camera uploads. You might be okay with the Windows desktop app.
• The Calendar app has issues when not connected to the internet.
• The password manager doesn’t have a desktop application and managing it through the browser extension or app isn’t great.
• No subject-line encryption support (and other PGP interoperability issues on the free version) but… unfortunately, I don’t get many PGP encrypted e-mails anyway.

Otherwise these two are largely like-for-like for e-mail. There’s no benefit to Proton being hosted in Switzerland and I didn’t move to be warrant-proof or anything silly. The idea is really just moving emails away from an advertising company and paying for a quality service.

Even some shops working with Windows Server are asking "wait, why are we paying for these licenses?"

Then it comes down to whether it's cheaper to rewrite legacy applications or continue to pay for licenses.

Yeah and ARM servers are cheap. You can often get twice the processor cores and memory for the same price.

That doesn't always map to twice the performance, though some benchmarks would suggest it could for certain applications.

Absoutely. I mostly use Firefox because I’m so familiar with it by now but the privacy is generally much better and it doesn’t have a massive monopoly on the web. I’m just a lot more comfortable with it.

When I have to, I use ungoogled-chromium on desktop and Bromite on mobile. I recommend those to anyone familiar with Chrome.

I’ve read not to bother with Decentraleyes. The dependencies are often out of date which mean you’ll hit 3rd party CDNs anyway. Unless its coverage is 100℅, it’s less than useless for privacy as the hit pattern to CDNs might even make you stand out.

Privacy Badger is also redundant if you have uBO.

These two form a “mesh VPN” which use direct encrypted links between any number of devices. You can think of it as forming a virtual LAN where you can communicate with devices, including open ports. A lot of them have clever tricks to overcome CG-NATs, which you seem to be struggling with.

Another option is to just rent a server. You can get massive storage space for less than some VPNs cost and you don’t need powerful hardware if your device supports the codecs you’re using. You could even get a cheapy VPS and reverse proxy to your Jellyfin server through an SSH tunnel or similar. Lots of options here.