This is incredibly important. Signal is considered the “gold standard” of encrypted and private communication for a reason.

Some photographer took a picture of a politician in the Trump admin using a Signal clone. That signal clone allowed the user to archive chats to a third party.

While I agree in theory, in practice open source has a similar amount of expected trust as closed source can have in many cases. I use all sorts of open source software without reading the code. I ain’t got time for that.

I can trust that software from a lot of organizations are trustworthy even if it is closed source, but I can’t trust any open source repo without reading the code. I habe to use other ways to evaluate it, is it probable that someone has audited it? Is it popular? Is it recognized as safe and trustworthy? Is the published and finished build the same as the one I would get if I built it myself?

But yes, you can never be 100% certain without open source and auditing it yourself.

I do trust that my travel pass app from a government organization doesn’t install malware / spyware on my phone. I can’t trust a random github repo even if it is open source.

We had some emergency law that was almost passed recently. As in it passed the first of two rounds. The second voting round is just a formality, all laws are just passed after the first in practice. Luckily some law professor raised the alarms and it did not pass the second time. So within a couple of hours margin it was stopped.

The law gave the government the ability to force people to do a lot of stuff, work any job at any place in Norway. If you do not comply you could get up to three years in prison. It would not be a problem with the current or any government in the near future, but it is a law. And we can’t have laws that rely on trusting politicians. Because we might have politicians with anti democratic tendencies in the future

I think certain arguments work, and certain don’t.

I live in a very high trust society, Norway. This has a lot of advantages, but also some downsides.

We trust eachother, our neighbours, our government and our media. Which is fantastic, and well deserved. The government deserves the trust.

This makes it hard for me to make people realize how important privacy is, because they trust organizations with their data.

During COVID, Norway made their own app for tracking who met to prevent the spread. Of all the apps in the world, Norway wanted to push about the least privacy friendly app in the world. This from a country with the highest press freedom and rankings for democracy. Most people though it was fine, because why not? We trust our government.

https://www.amnesty.org/en/latest/news/2020/06/norway-covid19-contact-tracing-app-privacy-win/

Luckily someone protested enough, and it got scrapped for something better.

When I try to convince someone I have a couple of angles:

1. You trust the government and organizations with your data today. But do you trust the government in 30 years? Because data is forever. The US has changed a lot in a very short time, this can happen here as well

2. You have a responsibility for other peoples privacy as well. When you use an app that gets access to all your SMSes and contacts you spy on behalf of companies on people that might need protection. Asylum seekers from other countries for instance.

I have been thinking about how or if I would track my own children. I do not have any at the moment though.

I think the only system that would work with tracking and still be ethical is a system with accountability.

They need to know that I would never check unless there was an emergency. So we’d have to have some sort of immutable log that they can check regularly. So they know if I checked their location. It should not be like a panopticon. in which they don’t know if the parent is checking their location or not. That changes behaviour. Even with the trust that I would not check, just me having the option would alter behaviour probably.

Youth and kids are independent individuals with their own rights to privacy, autonomy, right to select their own friends and acquaintences, right to freedom of expression and movement, right to make mistakes, etc. If they are thought right and have a high trust bond with their parents, preferably with little judgement, then it will probably be fine and most issues can be solved.

Just came across https://d-shoot.net/kagi.html . Seems like there are more good reasons to avoid it besides it also using Yandex as an index.

I have been sick a lot lately, so have had a lot of time on my hands. I don’t have a search for Kagi or something. I wanted to use Kagi though, so I was disappointed when I realized that they want to continue this practice.

What are you implying with it being suspicious? In what way?

If Kagi pays a Russian company for a service, that company pays taxes to the Russian government.

Russia spends 32% of its budget on the Russian military. So for every dollar they get in taxes, one third is spent on the Russian military.

With a corporate tax rate of 20% that means 6.4% of Yandex profits go to the military. Since Kagi is mainly a paid service, I don’t want my money to go to the Russian military, and I guess a lot of other people don’t want this either.

https://www.reuters.com/world/europe/russia-hikes-national-defence-spending-by-23-2025-2024-09-30/

The Russian people are not to blame, and I am sure a lot of great people work at Yandex and at different companies in Russia. That said, Russia chose to attack a peaceful democratic country, they are currently sanctioned by a lot of western countries in hopes that it will pressure their economy enough to force them to stop the war.

There isn’t much we can do to stop the conflict besides hurting them economically and supporting Ukraine. If we continue to use Russian products and services then that does not work. Unfortunately this affects everyone in Russia.

I have no idea, but they amongst other indexes use the index from the Russian company Yandex

Obligatory mention that Kagi also use the Russian search index Yandex. This aids the Russian economy and the Russian war effort.

Edit: I recommend reading my in depth explanation here https://lemmy.world/comment/15520236

I know we should not objectify people, and I rarely do.

That said… As a heterosexual man I got to say that this is one of the first times I have truly seen how handsome Elvis was. God damn.

I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.

My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.

Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.

There are another important reason than most of the issues pointer out here that docker solves.

Security.

By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)

If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.

Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the “distroless” containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.

Reproducability is also huge efficiency booster. “Here run these this command and it will work perfecty on your machine” And it actually does.

It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.

The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.

Banking compatability by country. In my experience even banking apps not mentioned also work. https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/