> Signal is the only WhatsApp/Messenger alternative I've managed to get friends and family to actually move to.
And what good did that achieve, practically? In effect, your friends and family:
- still use a centralised service with Signal (subject to enshittification/changing the deal overnight/acting as a single point of control and failure)
- still use WhatsApp because they really have no choice: that's where everyone else is (and so, there is no avoiding Meta's data collection on them and indirectly, on you)
- gained nothing compared to WhatsApp+E2EE (being centralised, both Signal and Meta can infer your social graph, the nature and volume of exchanges you have with your contacts, and hence the nature of your relationships, Signal only "pinky swears" it's not looking at it, and that's a very lame "guarantee").
I can't speak on the technical implementation differences between WhatsApp and Signal, but there's a huge trust difference. One platform is owned and run by a trillion-dollar corporation with a long history of privacy violations, data breaches, coverups, and security issues, and the other isn't. Whatever issues Signal Foundation has had, they certainly pale in comparison to Meta's. That's enough of a reason for anyone who cares about privacy and security to choose Signal over WhatsApp any day of the week.
This doesn't fly in light of recent history: first, Signal has some trust issues of its own (I mentioned a couple user-hostile acts in sibling comments), but that aside, do you remember how much praise WhasApp was getting in its early days? There is no guarantee the same can't happen to Signal (though it's pretty clear that it will become a major target for takeover and under significant scrutiny and influence would it ever grow past a certain point).
> Whatever issues Signal Foundation has had, they certainly pale in comparison to Meta's.
At this point I would trust a vibe-coded messenger app over anything produced by Meta. Security and privacy are completely opposed to Meta's business model and track record, regardless of how WhatsApp was once designed, and especially regardless of what their PR army claims. The idea that the same couldn't hypothetically happen to Signal is pure fantasy that's not worth entertaining in this discussion.
Meta sees your entire social graph by design, and stores the name and participants of groups you create. You (meaning: experts) can independently audit and through reproducible builds verify that Signal does not do this by design, while nothing about WhatsApp can be audited in the same way. Meta is also a plainly for-profit company with bad track record, while Signal often gets flak from (IMO mistaken) radical nerds but otherwise has a very good reputation.
The privacy fatalism in your comment here and in other comments is plainly incorrect.
What you say is barely different from what the opponents to generalized https were saying back in the days "true your ISP can see all your traffic, but they are the good guys, you are their customer after all".
With SSL, we no longer have to care, and that's much better that way. Signal has all the same means of (meta)data harvesting and analyzing as Meta. It can't be made different: this is built into their very centralised service. All I'm saying is that we should aim for better, and have guarantees baked into the protocol to avoid absolute metadata centralisation. Federation is a good start.
What do you mean signal “pinky swears” it’s not looking at it? It’s E2E encrypted and the code is open source - am I missing something? How would they possibly look at it?
Precisely. The metadata and some basic packets analysis suffices to reveal if you are at home or at work, sending text or images, traveling/from approximately where to where or still, on the toilet or working, etc, all without breaking the glamorous post quantum ratchet encryption.
Spent like $2000 NZD on a new XPS 13 to replace my old XPS 13 from ~2017 - a device I loved. The new one was a piece of hot garbage. Overheat and throttled playing League of Legends - a game that has ran adequately on every other piece of hardware I've owned since 2011?
I couldn't understand how a 2022 device would run so much worse than 2017 device and assumed it was faulty. Returned, given a replacement, same issue. It is quite literally not built to hand the heat from the Intel chip doing very minimal stuff. I refuse to use a laptop that sounds like a jet engine when Microsoft is doing basic background stuff.
Returned and ended up buying a used 15 inch T-type Thinkpad with an AMD chip recommended by Reddit for $500 NZD. Runs great, cool, and quiet. It's much bigger and bulkier that the Dell but I don't mind.
Note: Not a Thinkpad fanboy, work has given me an X1 Carbon that I dislike for the same reasons I didn't like the new XPS 13 - it's useable, but it's still much hotter and louder than I would like.
That brings back memories of me using an XPS 13. In theory it was a great notebook, but in real world it has lots of annoying issues. I then bough a Macbook and never looked back.
I use divestos and I saw this coming when they failed to port to lineageos 21.0. I suspect they simply couldn't muster the effort (or funding) to continue.
Relocking the bootloader is a bad idea unless you know it doesn't verify integrity on boot or have some way of updating the keys used (AFAIK, only Pixels properly implement that)
Yeah, I was using it on my previous phone (and will probably switch to it now).
Relocking the bootloader isn’t really necessary unless you care about the evil maid attack. I’m slightly worried about it because I travel a lot and want to be sure that my phone stays intact in the unlikely case it’s seized at the border or something. (Of course, the data is encrypted, and you could reflash the OS when you get the phone back, so relocking isn’t strictly necessary but still nice to have IMO.)
I do have a Pixel; I think later OnePlus models also implement that but yeah, the support is really scarce.
I've been using this for a couple of years on my home-server.
It's an Obsidian knock-off. It's pretty janky and the documentation is lacking. It's open-source which is nice... But the company behind it is ??? I don't know. They are Chinese but I couldn't find much about them.
I use it because I can self-host it, it has most of the features Obsidian has, and I can use it in a web-browser from anywhere - which is the biggest feature for me that Obsidian lacks.
It seems like they borrowed heavily from Notion, Obsidian and RemNote, as far as I can tell (wouldn’t call it a knock-off though, since there are sooo many apps in this space that you don’t really know who came up with what anymore). But the app doesn’t feel janky to me at first glance, it definitely feels more responsive than Notion and less “slippy” than RemNote. Although it is quite noisy with all the tooltips popping up immediately.
My first impression is that they really wanted to include everything (even RemNote-like spaced-repetition flashcards, Notion-like Databases and of course there has to be AI too) and it seems like they did a pretty decent job at that. I also appreciate that there are so many export options, even for Org-Mode (preserving internal links, images, code-blocks, etc.).
I like that it provides a solid, feature-rich alternative to all the cloud-first, closed-source apps in this space. But it may be too distracting/overwhelming for my use-cases with all the advanced layout capabilities and features though. Tana is a similar all-in-one solution that is really well done (and more innovative than this one), but I always seem to gravitate toward more focussed apps.
I assume you want to self host in order to sync locally, right? If that's the case, you can use Obsidian with git plugin and you get sync + versioning (all what git offers).
Logseq is floss(gnu license, closurescript) and almost perfect for me but it's totally mysterious to me what's stopping it from serving a web interface that serves files on the web server. It's an electron app with an HTTP API but for some reason the web demo only opens files clientside with filesystem API
Anyway, one of these days I'll fork it and make it work for me. I also have a perverted desire to change the serialization format from markdown to XML so I can manipulate the graph with other tools that talk xpath, xquery, basex.
They are doing a rewrite of the app to have a SQLite DB storage for notes instead of markdown files. I think once that is released it will be available in a web browser. Currently in alpha testing, I access the application through the browser.
I also installed it on my computer to give it a try, but then as you mentioned I could not find who are behind it other than it's based in China. So decided to just keep with Obsidian
The first profile has a README (zh-CN, easily translated) introducing themselves as a married couple as well as their career trajectory leading to their current company. Googling the company name leads me to https://www.tianyancha.com/company/3153162387 showing the company’s legal structure, the legal names of the couple, their address, etc. (again, zh-CN but easily translated). Looks like I can view their financial reports too if I have a subscription.
The profiles also link to their social media accounts (on their own dev-focused community).
What more is there to know? At least it’s more than the average ShowHN asking for your email and sometimes credit card. I don’t understand these “couldn’t find much about them” claims.
The link you posted gives me "According to relevant legal regulations, access is temporarily not supported in your current location." and "If your device or the Wi-Fi environment you are in is using a VPN service, please disable it and try again."
I'm not using any VPN. Normal internet from Germany
I vaguely recall this being part of a tit-for-tat thing between China and the anti-Chinese. There have been movements to restrict Chinese access to FOSS, because forking FOSS lowers Chinese dependence on the West, along with (ironic) accusations that the "authoritarian" Chinese are limiting access to Western tech products. I thought there was some sort of legislative or judicial outcome that came out of it, but no luck with a quick google.
-----
U.S. restriction on Chinese use of open-source microchip tech would be hard to enforce - October 13, 2023
> U.S. lawmakers are pressuring the administration of President Joseph Biden to place restrictions on RISC-V to prevent China from benefiting from the technology as it attempts to develop its semiconductor industry.
China’s Use of Foreign Open-Source Software, and How to Counter It - April 2, 2024
> Democratic governments also need to reassess which products should not be made open-source because they’re at risk of being weaponized by malign actors.
Whatever the US did, Europe would do. Anybody in the US or Europe working on a FOSS project with Chinese contributors that they're friendly with? Has anything happened recently?
TianYancha is a corporate data aggregation website, it has nothing to do with FOSS. Your post is such a clumsy attempt to steer the conversation into Anti-Americanism/Westernism. Like really blatant lol.
They open sourced it and you can self hosted. I mean, does it even matter where they are from? Why it’s automatically suspicious when you know the authors are Chinese.
True the origin does not matter, but it would be better to have more transparency about the contributors even if it's an open source tool. Because you can still get injected with a malicious code when an update is pushed.
But I agree we should not categorize according to geolocation, but more transparency would be better irrespective of the location in any project.
for web-browser access I host Obsidian with kasmvnc. It is not ideal for use on the phone, but from a tablet it works, and I can host it with Vivaldi in a webpanel for quick edits.
> The fact that some people can’t tell is actually scary.
It really is, and I see more and more of it in Reddit comments, and even at work.
I had some obvious AI writing sent to me by a lawyer on the other side of a dispute recently and I was pissed - I don't mind if you want to use it to help you (I do myself), but at least have the decency to edit so it doesn't read like ChatGPT trash.
> It really is, and I see more and more of it in Reddit comments, and even at work.
I have a morbid fascination with how bad Reddit has become. LLMs have supercharged the problem, but even before ChatGPT became popular Reddit was full of ragebait, reposts, lies, and misinformation.
The scary and fascinating thing to me is that so many people eat that content right up. You can drop into the front page (default subreddits or logged out) and anyone with basic adult level understanding of the world can pick out obvious lies and deliberate misinformation in many of the posts. Yet 1000s of people in the comments are getting angry over obviously fabricated or reposted AITA stories, clear ragebait in /r/FluentInFinance, and numerous other examples. Yet a lot of people love that content and can’t seem to get enough of it.
This loophole is as old as export restrictions. Cutout resellers have been used to skirt these regulations for decades. The scale is noteworthy in this case.
The ban is very forward-thinking and acknowledging the reality of the situation that China is not our friend and there's no reason to be shipping them our best military and semiconductor IP. They are not going to use it to make US/China relations improve or a better world.
I suppose this Sealed Sender issue is problematic for some people, but it's not enough for me to seriously consider jumping ship.