1. 20

    Here’s what I’m doing to adjust to the new era of dystopian surveillance capitalism:

    • Replaced my old MacBook Air with a Thinkpad T14 running Linux (currently Fedora, which has less spyware and advertising than Ubuntu)
    • Firefox + UBlock Origin is my primary web browser. Configured so it mostly doesn’t “phone home” to Mozilla.
    • Ungoogled Chromium (from the flatpak store at flatpak.org) is my backup browser, for web sites where Firefox has issues. Guaranteed never to phone home to Google.
    1. 6

      I’m interested in why you installed “ungoogled chromium” from the flatpack store?

      I personally install it from RPM fusion. (Which you might wanna install if you want to watch any video/listen to any music on fedora)

      $ sudo dnf info chromium-browser-privacy
      Installed Packages
      Name         : chromium-browser-privacy
      Version      : 88.0.4324.150
      Source       : chromium-browser-privacy-88.0.4324.150-1.fc33.src.rpm
      Repository   : @System
      From repo    : rpmfusion-free-updates
      Summary      : Chromium, sans integration with Google
      URL          : https://github.com/Eloston/ungoogled-chromium
      License      : BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC
                   : and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
      Description  : chromium-browser-privacy is a distribution of ungoogled-chromium.
      1. 3

        No good reason, I think it was recommended as an installation method by the blog post where i read about the browser. Thanks for the information. I am still getting used to Fedora.

        1. 2

          What kind of sandboxing does the flatpak-ed package get you? It’s a useful point to remember – a while back (I’m not on Linux anymore so I don’t have a more recent data point) a lot of applications from flathub were packaged without much sandboxing at all, e.g. they still had full access to the user’s home folder.

          1. 2

            Fedora has an “app store” GUI called Software. It is far more user friendly than using the “dnf” command in bash, at least if you are coming from MacOS. On my laptop, since I installed it, UnGoogled Chromium shows up as an installed application in Software, together with a lot of useful information, including an indication that it is sandboxed, with the following permissions: Network, Devices, Home Folder, Legacy Display System.

            1. 1

              Oh, thanks! I couldn’t find an explanation of what the “friendly” names mean but assuming the most obvious mapping to Flatpak permissions (here) I think it would go something like this:

              • Home Folder means it has unrestricted access to the home folder (which is slightly better than --filesystem=host but, as XKCD famously put it, not that good…)
              • Devices means it has unrestricted access to things like webcams
              • I’ve no idea what Legacy Display System maps to – presumably either --socket=x11 or --socket=fallback-x11?
              • Network is obvious, I guess :-)

              This is actually a little better than I expected, I think?

            2. 1

              This page is a little clickbait-y but still somewhat true: https://flatkill.org/2020/

              Long story short, yes isolation is still an issue on flatpak

        2. 4

          Can you clarify the first point of replacing MacBook and its impact on privacy as you see it?

          1. 31

            MacOS has telemetry that cannot be disabled. You cannot modify the System folder. Apple wants to be an intermediary in everything you do, they want to see all your data. You are encouraged to store your data on the Apple cloud, which is not end-to-end encrypted, so that they can hand your data over to the government without your knowledge(*). You are encouraged to download apps from Apple’s app store, and even if you don’t, MacOS phones home about apps not installed from the store. I don’t want to use these services, but the UI has built in advertising for these unwanted services that I can’t disable.

            (*) https://www.theverge.com/2020/1/21/21075033/apple-icloud-end-to-end-encryption-scrapped-fbi-reuters-report

            Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit. Here’s an experiment that you can try. Go to an apple store and buy something using cash (so that Apple doesn’t know your identity). When they ask for your email address, refuse to give it to them. See how that goes for you. My experience is that they try to inflict as much pain as possible, but with negotiations, it is possible to leave the store with your merchandise and a receipt. But it is not easy. I try to use cash for everything (although I’ve made exceptions during the pandemic), and the apple store has by far the worst experience.

            We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about. The pandemic, of course, but now that we are getting vaccinated, instead of that being a reason to be less anxious, you are now supposed to be anxious about getting and protecting your vaccine passport, without which you will be denied access to services. And of course we are supposed to be anxious about surveillance capitalism. This all sucks. I want to minimize the number of things in my life that generate anxiety: deal with the problem once, then stop thinking about it. The rational thing is to get rid of all my computers and phones, and unplug from the internet. I’m not ready for that yet, so I’m replacing my gear with new gear that doesn’t surveil me. Hopefully that will allow me to stop thinking about those particular issues.

            1. 12

              Great answer, especially this parts resonates with me:

              I want to minimize the number of things in my life that generate anxiety

              1. 15

                I recently got sent a mac by my employer for compliance reasons, and the process of setting it up was quite a trip. I felt like I spent twenty minutes answering “no” to various forms of “OK but can we collect this piece of personal information? How about if we phrase it slightly differently?” before I could even use the machine at all.

                In the end they refused to take no for an answer re: my mobile phone number, and after an experience like that I don’t actually have much confidence that they take my consent very seriously for the other pieces of information that I did not agree to.

                Luckily in my case the compliance concerns can be addressed by simply doing my development inside a virtualbox VM running on that machine over SSH.

              2. 8

                You are encouraged to store your data on the Apple cloud[…] You are encouraged to download apps from Apple’s app store, […] Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit.

                Also, you are encouraged to buy into the non-Mac hardware ecosystem (iPhone, Watch, etc.) with their own app store “soft” lock-in (using Things/OmniFocus on Mac? Why not buy the iPhone version!?).

                Technically, one can use a Mac and avoid the rest of Apple’s ecosystem (by running Chrome, Thunderbird, open source apps, etc.) - but most people will eventually get sucked into Apple’s marketing vortex. I know because I did; which is why I avoid touching anything Apple with a ten foot pole.

                1. 7

                  This is every business’ strategy. One man’s lock in is another man’s products that work together well.

                  1. 2

                    Does only sound like purchase realization when you’ve locked yourself into that ecosystem.

                    1. 1


                      Can’t edit anymore, but that was meant to be rationalization.

                2. 13

                  if you don’t like the telemetry done by MacOS, that’s totally fine, but there is no need for the hyperboles, like “they try to inflict as much pain as possible”. them knowing your email address is better for their business. of course, it is worse for your privacy. but it’s just a business decision that you can dislike, not them trying to inflict you pain like some james bond villain with a lake with sharks :-)

                  also, in general, you will have to trust the company that makes your operating system. not because they are trustworthy, but because if they were evil, they could just read everything you do on your computer and you would never know. so simply pick one that you can trust the most. (and it applies to linux distros too. i don’t think anyone is reading and understanding every fedora patch).

                  1. 13

                    not them trying to inflict you pain like some james bond villain with a lake with sharks

                    It’s a figure of speech

                    you will have to trust the company that makes your operating system

                    A company doesn’t make my operating system, but even if one did it’s open source, which MacOS is not

                    1. 1

                      Shell and coca cola are exemplars of making the world a better place.

                      Mind explaining? Was this an irony?

                      1. 1

                        I think you replied to the wrong comment.

                    2. 1

                      james bond villain

                      I think this reasoning is problematic and completely ignores wolves in sheep’s clothing. How many James bond villains have ever really existed ? We agree that sharks exist but what about the following

                      1. The nigerian prince scammers don’t really say hey want your money for personal benefit, but dress up the message in the language of victimhood.
                      2. Sexual predators feign weakness, especially if they are older men before making the victim unconscious.
                      3. Pedophiles work in charities or armed forces but present themselves as pillars of community.
                      4. Religious people commit evil on completely innocent people but dress it up in the language of love, justice and purity. You don’t think of nuns who steal babies as human traffickers.
                      5. Communists preach egalitarianism but practice slavery under the guise of enemies of egalitarianism.
                      6. Pharma companies preach healing but sell addictions.
                      7. Under the guise of freedom of speech, pornographers exploit people from towns.
                      8. Shell and coca cola are exemplars of making the world a better place.

                      The list goes on and on. Almost every idea which seems innocent enough is abused by wolves in sheep’s clothing and not james bond antagonists. Maybe there is no such thing as sheep and we are all wolves. Heck even the open source contributors are abused under the guise of openness and community, while the parent company seeks funding.

                      Social media companies, including Google, claim they are making the world a better and connected place while allowing sexualisation of pre-teens and enabling predators on their platforms. They are selling private user data, allow non-state actors to influence elections, let unverified stories to run amok, abuse copyright protections and run behavioral experiments on users. How difficult is it to enable age verification ? You can always store sha(government-id) or use credit cards to verify age.

                      We merely have to ask the question are Google and Apple, wolves in sheep’s clothing ? The answer is obviously yes. Apple is a tobacco company. In what ways can they be stopped ? I don’t think limited liability is the answer.

                      1. 3

                        It’d probably be a good idea to strip out some of the more, um, controversial items from your comment to avoid a hellthread here litigating offtopic matters.

                    3. 7

                      We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about.

                      No offense, and I honestly mean that, but it feels as though you’ve got a little more anxiety going on than most of us. One valid way to deal with anxiety is to accept that some things are just facts of life in the modern world. For example, I use an ad-blocker, I don’t use Chrome, and I choose devices and services that are at least reasonably secure, but I gave up trying to control every piece of data I own because the attempt was causing me much more anxiety than just going with the (admittedly unfortunate) flow.

                      Just a thought.

                      1. 5

                        “Don’t worry, be happy” is not a serious answer to anxiety. If you decide to surrender that’s your choice, but that doesn’t mean people preferring to fight a managed retreat and prevent a total rout are wrong to do so. At a minimum they will preserve their freedom longer than you and possibly even retake ground that you have ceded.


                  2. 2

                    How does the T14 compare to other ThinkPads you have used (eg the X1 carbon)?

                    1. 9

                      I chose the T14 AMD w. Ryzen 4750 (8 cores, decent GPU) because I’m doing open source development and 3D graphics (not gaming), and I wanted this much power. Thicker than my old MacBook, but same mass. Easy to disassemble, lots of upgradeable components. The T14s is too thin, cooling system is inadequate for the 4750 CPU (according to notebookcheck): it runs too hot and throttles. Ryzen uses more energy but performance is comparable to an Apple M1 (faster on some benchmarks, slower on others). Fan noise hasn’t bothered me.

                      According to reviews, T14 has a better keyboard than X1 carbon. X1 carbon has a better trackpad, but this trackpad can be ordered and installed in a T14 (many people on Reddit have done this). The X1 is limited to gen 10 intel + UHD graphics, too slow for my requirements. It maxes out at 16GB soldered RAM (not upgradeable), too small for my future requirements. Probably too thin to support the Ryzen 4750 with adequate cooling. The display options are better than the T14 AMD, that’s my one regret.

                      1. 3

                        I replaced my MacBook Air M1 by a T14 AMD a few months ago and like it very much as well!

                        Fan noise hasn’t bothered me.

                        Me neither. The fan is not very loud, definitely much more quiet than Intel MacBooks.

                        lots of upgradeable components

                        Love this aspect as well. I added an additional 16GB RAM (for 32GB RAM) and replaced the 512GB NVMe SSD by a 1TB NVMe SSD. There is still room for one more upgrade, since the WWAN slot can be used for some SSDs.

                        The display options are better than the T14 AMD, that’s my one regret.

                        Especially in Linux. On Windows the screen is quite acceptable with 150% scaling. Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                        1. 1

                          Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                          I remember this problem with the X1 Gen3 which couldn’t scale 2x properly, so I could chose between things looking way too tiny or things looking way too large (and very little screen real estate). The 4K screen in the T14s is much better in that regard.

                          But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                          1. 1

                            But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                            For me on Wayland, GTK 3 applications work fine. AFAIK, they are rendered at a larger integer scale and then Mutter (?) downscales to whatever fractional scaling you use. This is pretty much the same approach as macOS uses.

                            It’s XWayland where it goes wrong, though I think it was with an external screen hooked up, since XWayland does not support mixed DPI.

                        2. 2

                          The AMD variation is near perfect - but there is one downside to anyone, like me, who owns a Thunderbolt device (eg: LG Ultrafine 5k; I cannot go back to non-retina monitors having used this). It has no support for TB3 even with a dock.

                          1. 3

                            It sucks if you already have a Thunderbolt display, but it does drive 5k@60Hz over USB-C with DP-Alt (according to PSRef).

                            1. 1

                              Is there a demonstration of this actually working with any particular 5k monitor (of which there aren’t many)?

                          2. 1

                            The T14s is too thin, cooling system is inadequate for the 4750 CPU

                            I own a T14s, and I can confirm the cooling system is absolutely inadequate.

                            1. 1

                              The fact that the 4K screen is only available in the T14(s) with Intel is the sole reason I got the Intel T14s (which apparently does not run crazy hot as the Intel T14). Also oddly the T14s can be ordered with 32 GB RAM unlike the X1, so you get a rather similar device with better specs and keyboard and a worse (non-replaceable) touchpad.

                        1. 8

                          It should be pointed out that this is (unsurpisingly, due to non-free JS) not organized by the official Emacs developer team, but by the Reddit/MELPA-aligned side of the community.

                          There were debates on the mailing list the last few weeks, and emacs-devel was generally against a web-form, and more interested in plain-text reponses, as is also offered here.

                          1. 10

                            Honestly, I’m a long time emacs user, but I wouldn’t go through the hassle of filling out a text file and mailing it to some mailing list.

                            It’s policies like this that prevent more involvement from the community and that makes younger developers consider the emacs community a bunch of archaic fossils that are getting left behind.

                            Which is a shame. Emacs is a great tool, but it could do with some modern creature comforts.

                            1. 2

                              Oh, I sincerely thought it was the fact that MELPA is mentioned that gave it away.

                              1. 4

                                I use emacs all the time, what’s the deal with MELPA?

                                It’s where I get my packages, but is there some kind of split between Emacs core and MELPA? Are they somehow at odds?

                                1. 4

                                  Basically MELPA is extremely loose about what gets listed, the GNU ELPA thing requires copyright assignment and also you can’t be promoting the use of non-free software (so no package to interface with Google Calendar for example).

                                  This (according to Emacs’ maintainers at least) leads to MELPA stuff being all over the place in terms of quality and also ethical good-ness

                                  1. 1

                                    One of their complaints is also that MELPA allows packages that promotes or integrates with propriatory tools and services that don’t respect the users privacy. My personal problem with MELPA is that their “main” system is built around updating the packages for every new commit, instead of what MELPA stable or ELPA do.

                                  2. 2

                                    Historically melpa’s security policies have been very bad; it took them something like three years to remove packages that were getting loaded from a publicly-editable wiki (Yes, really. No, it’s not a joke.) and multiple years to disable non-TLS downloading of packages.

                                    Nowadays they don’t have any remaining obvious screwups like that, but they have some nasty policies like rewriting the version numbers of packages (very annoying if you’re an upstream maintainer getting bug reports) or requiring Javascript just to view package listings.

                                  3. 3

                                    Yes, but not everyone knows about that discussion, so I just wanted to hightlight it here.

                                1. 9

                                  Interesting that “Scheme” and “Common Lisp” aren’t in the radio options for “languages you write in with Emacs”.

                                  1. 2

                                    I thought the same thing. I was also curious about the ordering of the languages, which didn’t seem to be in alphabetical order, or any order of popularity. It made me unsure whether Common Lisp really was missing, or whether it was me who couldn’t find it.

                                    1. 4

                                      It’s a poorly done survey that should be ignored.

                                    2. 1

                                      When I filled it out, I believe there was a tooltip saying the list came from Stack Overflow’s latest survey. They are in a decent place to know popularity, so I don’t think it’s a terrible choice.

                                    1. 5

                                      One of my favorite pastebins has sadly closed its doors. The root cause appears to be abuse by monero. What pastebins should I try out to replace it?

                                      1. 3

                                        I like https://0x0.st/ , personally. https://uguu.se/ is okay if you only need 24 hours of storage.

                                        Unfortunately, like all free image and file hosting services, it is the nature of such things to be abused until they either close their doors or become crap. The only defense against it appears to be obscurity, or raising the barrier to entry/reducing the usefulness of such things until they become less appealing targets for abuse. The Tragedy of the Commons has seldom been so obviously played out, over and over again.

                                        1. 2

                                          When ptpb.pw was created, ix.io, sprunge.us (defunct), clbin.com, pomf.se (defunct), 0x0.st were the major competitors.

                                          The best replacement of course will be the reborn ptpb.pw. Opportunities for creative discussion on an idealized pastebin implementation seem rare, so I welcome input from anyone (even on the meta-topic of how to gather feedback for various proposals).

                                          1. 2

                                            sprunge.us is not defunct!!

                                          2. 2

                                            Abuse by a group of miners in particular, not Monero as a whole or the Monero community: https://github.com/ptpb/pb/issues/246

                                            1. 4

                                              How exactly was this abused, and why was is abused by Monero miners?

                                              I’ve never heard of this service until today so I’ve no clue how it worked.

                                              1. 5

                                                ptpb is an HTTP service that is conceptually like S3, only without authentication and with an API designed to be usable enough for handwritten curl commands to be practical.

                                                Incoming requests were for configuration files for https://github.com/fireice-uk/xmr-stak related to pool.minexmr.com, as well as the mining binary itself.

                                                This traffic represented >>95% of ptpb.pw’s total traffic, and was sustained for at least 14 days.

                                                Why can only be guessed at, but it makes sense to me that the operators had a distribution issue that they decided to solve with ptpb.pw.

                                                1. 5

                                                  If you’re in control of the pastebin that miners are using to control their rigs, I can think of one way to cover the costs…

                                                  1. 4

                                                    first, break the private key of the cryptography they’re using to sign or encrypt their messages?

                                                  2. 3

                                                    For comparison, typical ptpb.pw usage might be to publish a log file or code to IRC for discussion, small-scale image sharing, etc…

                                                    IMO any large-scale for-profit usage (*coin stereotypes aside) is categorically abuse–operators should find paid services instead.

                                                    1. 3

                                                      0x0.st also mentioned that they receive similar abuse: https://github.com/ptpb/pb/issues/245#issuecomment-471205033

                                                2. 1

                                                  catbox.moe, mixtape.moe, 0x0.st, ix.io, sprunge.se,