1. 23
  1. 13

    Some of the ‘alternatives’ are a bit more iffy than others. For any service that you don’t have the source to or can’t self-host (telegram, protonmail, duckduckgo, mega, macOS, siri to name a few), you’re essentially trusting them to uphold their privacy policy and to respect your data (now, but also hopefully in the future).

    And in some cases it seems to me that it’s little more than fancy marketing capitalizing on privacy-conscious users.

    1. 18

      Telegram group messages aren’t even e2e encrypted, Telegram has access to full message content. The only thing Telegram is good at is marketing, because they’ve somehow convinced people they’re a secure messenger.

      1. 6

        To be fair, they at least had the following going for them:

        • no need to use a phone client, as compared to WhatsApp which deletes your account if you access it with an unofficial client. You can just buy a pay-as-you-go SIM card and receive your PIN with a normal cell-phone
        • they had an option for e2e encrypted chats, with self deleting messages (there was this whole fuss with the creator offering a million dollars (?) if anyone could find a loophole)
        • their clients were open source, and anyone could implement their API

        Maybe there was more, but these were the arguments I could think of on the spot. I agree that it isn’t enough, but it’s not like their claim was unsubstantiated. It just so happened that other services started adopting some of Telegrams features, making them loose their edge over the competition.

        1. 4

          Also the client UX is pretty solid imho. Bells and whistles are not too intrusive, and stuff works as you’d expect.

          Regarding its security: It is discussed in the FAQ what security models they offer in which chat mode.

        2. 6

          I’m much less worried about the source code than I am the incentives of the organization behind the software. YMMV, of course.

          1. 2

            Even if you have source code, it’s difficult to verify a service or piece of software (binary) matches that source code.

            1. 2

              Yes, but then if anything feels wrong, it gets possible to find an alternative provider for the same software.

              Still… Hard to beat the privacy of a hard drive at home accessed through SFTP.

            2. 2

              I was checking email SaaS providers last weekend as the privacy policy changes at current provider urge me not to renew my subscription when it ends. I have found mostly the same offers, and to be honest neither seemed convincing to me.

              For example the Tutanota offer seemed questionable: They keep me so secured that the email account can only be accessed by their email client, no free/open protocol is available. Only their mail client can be used, they use proprietary encryption scheme for my own benefit… OK, it is open sourced, but come on… I cannot export my data in a meaningful way to change providers. So what kind of encryption scheme is it? It is RSA-2048+AES, not using GPG/PGP “standards”, and is hosted in Germany, pretty much a surveillance state… This makes their claims questionable at least.

            3. 3

              Any alternatives to reddit? Lobsters is nice, but it’s basically /r/programming: the website, which doesn’t include a lot of the other communities I browse on reddit (gaming, news, and memes). Has anyone tried 4chan?

              1. 5

                Has anyone tried 4chan?

                4chan is ok if you’re into the Imageboard format and can stand (or even enjoy) being endlessly provoked, insulted and made fun of because of nothing. It’s an older format, it has different conventions, so it’s most certainty not an “alternative” to reddit (especially taking their distaste of the latter into account).

                The main problem’s I encountered were a decreasing quality over time (as boards get more popular) and political, especially far-right, injection being thrown into unrelated discussion (slurs about Indians when talking about simple programming jobs were, and I guess still are, popular on 4/g/). Some other imageboards are better in these respects, but maybe it has changed since I haven’t really used 4chan since late 2015, although I still do like the idea in itself.

                1. 1

                  It hasn’t changed. The Indian slur thing was in the last thread I saw in 2016.

                2. 3

                  Gaming: Neogaf and Resetera.

                  1. 2

                    I haven’t found anything, and I’ve been looking since web forums died, about 10 years ago.

                  2. 1

                    TL;DR: “we take your privacy and security very seriously” starts with “we take your privacy and security”

                    1. 3

                      iOS and apple being less evil for their “Security White Papers”, why not, but quoting them as a decent alternative, I don’t know:

                      These Internet services have been built with the same security goals that iOS promotes throughout the platform. These goals include secure handling of data, whether at rest on the device or in transit over wireless networks; protection of users’ personal information; and threat protection against malicious or unauthorized access to information and services. Each service uses its own powerful security architecture without compromising the overall ease of use of iOS. – https://www.apple.com/business/docs/iOS_Security_Guide.pdf page 49

                      This looks like as every company, they do their best to not let the data leak in the hands of bad evil hackers. That does not presume that they do not have a peek on their own.

                      Also, how can one quote MacOS without quoting any BSD regarding privacy?

                      Ok, now I have iOS 10, MacOS, an Apple Home Pod, and I am using Siri everywhere. I am protected by the Apple Privacy Policy, which says:

                      When we use data to create better experiences for you, we work hard to do it in a way that doesn’t compromise your privacy. One example is our pioneering use of Differential Privacy, where we scramble your data and combine it with the data of millions of others. So we see general patterns, rather than specifics that could be traced back to you. These patterns help us identify things like the most popular emoji, the best QuickType suggestions, and energy consumption rates in Safari. – https://www.apple.com/privacy/

                      So data are being gathered and analyzed and used by Apple (but not other companines).

                      Your iOS device can collect analytics about your iOS device and any paired Apple Watch and send it to Apple for analysis. The collected information does not identify you personally and can be sent to Apple only with your explicit consent. Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple, or protected by techniques such as Differential Privacy.

                      The information we gather from Differential Privacy helps us improve our services without compromising individual privacy. For example, in iOS 10, this technology helped improve Lookup Hints in Notes.

                      We now identify commonly used data types in the Health app and web domains in Safari that cause performance issues. This information will allow us to work with developers to improve your experience without revealing anything about your individual behavior.

                      If you give your explicit consent, Apple can improve intelligent features by analyzing how you use iCloud and the data from your account. Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account. – https://www.apple.com/privacy/approach-to-privacy/

                      So apple collects data and use them to improve their services without letting human read the names, but machines can. Google does this too: never any human ever read the name of one of its client, and privacy is preserved right?

                      This does also does not keep Apple from using the data to sell advertizing themself: the data will not be used by 3rd party companies, the advertizing itself will come from 3rd party companies.

                      Apple harnesses machine learning to enhance your experience — and your privacy. We’ve used it to enable image and scene recognition in Photos, and more. Now we’re allowing developers to use our frameworks to create powerful new app experiences that don’t require your data to leave your device. That means apps can analyze user sentiment, classify scenes, translate text, tag music, and more without putting your privacy at risk. – https://www.apple.com/lae/privacy/approach-to-privacy/

                      How can one put in the same sentence “analyze user sentiment” and “privacy”?

                      So that means Apple hold a whole lot of the user’s data and still have access to it. Yet again, it can not do anything against the NSA:

                      U.S. National Security Orders demand that Apple provide information in response to U.S. National Security legal authorities. They are not counted as Device Requests or Account Requests. In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders. Apple reports National Security Orders to the extent allowed by law. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose. – https://www.apple.com/lae/privacy/government-information-requests/

                      To me, privacy is not only about who have legal access to user’s data, but where data is on the first place.

                      1. 2

                        After thought: while it is not yet satisfying, Apple position is still better than:

                        We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online, or which YouTube videos you might like. – https://policies.google.com/privacy

                        So I agree it fits in the “more private alternative to google”

                    Stories with similar links:

                    1. Privacy Respecting Services and Software authored by nikivi 5 years ago | 3 points | no comments