There is no good reason to risk any amount. It is ridiculously idiotic; like having a wallet on the outside of your car to pay for parking tickets… sure, it’s a tiny bit more convenient and as long as you’re either driving or parking your car in a garage most of the time it’s unlikely the money will be stolen, but who the fuck thinks it’s a good idea? Also note the risk of the reverse; Cryptocurrencies are a juicy target and lot’s of code has been found exploitable over the years. I’d be just as worried about an exploit in that part leading to a breach into the messenger security… It is a fundamentally stupid idea to combine these.

Disabled != Not even in the binary. Buffer overflows regularly lead to executing “disabled” (read: behind an “if” statement) code.

Disabled != Not even in the binary. Buffer overflows regularly lead to executing “disabled” (read: behind an “if” statement) code.

Payment does NOT belong in a messenger, way too high a risk of an exploit in one leading to control over the other.

Payment does NOT belong in a messenger, way too high a risk of an exploit in one leading to control over the other.

Haven’t watched the video, but I’ve had interactions with Daniel Micay and… Not exactly pleasant. Very sure of having the one true way™ and unwilling to consider people may have slightly different threat models. Got accused of being an astroturfer for CalyxOS instead (Have never used it, my arguments aimed at Puri.sm-style hardware switches). Am still using Graphene, because it comes closest to my needs, but the whole thing sure left a bad taste in my mouth (and I steadfastly abstain from conversations where Micay is likely to get involved). But then, I’ve similar experiences with OpenBSD, Exherbo Linux, and pulseaudio and systemd. There is a type of developer that manages to force their vision on a project with singular zeal, but is very unpleasant to even slightly challenge. Your only real choice is to subscribe to that vision to a potentially uncomfortable degree, or to dismiss the project.

No “Please do not” feature will ever work. Make sure something cannot be done, then bolt on an additional “well, here is a bone” opt-in feature (incl. the option to send fake data), if you really need to. Everything else is hoping, quite unreasonably, the “threat” of a lawsuit is sufficient to stop companies from violating your expressed preference. Hint: If they gave a damn they’d not do that shit in the first place.

Professionally I am an “Architect” and not much involved in system config (anymore), what I describe below is how I do things for my own, private, servers: Not a big fan of docker, it too often means “cobbled together by a dev not understanding security implications” aka “Institutionalized ‘works on my machine’” (of course there are exceptions!). Generally I like using Ansible, because it feels close to how I learned things (ssh, manually), while still making things reproducible (Infrastructure as Code). But, again, not too big a fan of using other peoples “roles”, because you never know how well they actually understand what they’re doing. I read them for a rough understanding, but usually opt to write my own, based on careful reading of a given software’s config manual.

That applies to science, hypotheses, experiments, etc. and there I fully and wholeheartedly agree. But being one of thousands to implement a Bubble Sort has marginal educational value unless you are truly surprised it’s not exactly efficient. It might very well differ between different universities; in mine the “science” in “CS” was mostly absent until you started working on your PhD, and the rest wasn’t even good engineering, just “trying to filter out as many students as possible, as quickly as possible, by all means necessary”. They openly admitted that, and in my case they succeeded, by killing the joy of understanding and burying it under ten feet of “now reimplement this thing that has been proven worthless sixty years ago”.

I dropped out of university (I couldn’t stand being one of literally thousands working on the exact same problem, at the same time, that thousands more had solved in prior years, for decades; I wanted to solve new and real problems). I registered as “looking for work” with the appropriate government agency and their first reaction was an exasperated “Oh my! You’ll need a good coach…”. Not the most encouraging reaction… Well, they did send me a bunch of local companies with internships, entry level jobs, etc. I applied for an internship starting next month at a really small shop that did “everything web” and during the interview they asked whether I could start tomorrow 😛 (Obviously they were a coder short for an important project, but they were very happy about my knowledge and skills). I seamlessly transitioned into vocational training with the same company, which was mostly pro-forma given my background (So instead of “university drop-out” I had something to put on my CV). Later I was on loan to another, mid-size, company (which didn’t know I was still, technically, a trainee) and they offered to hire me directly. I came clean about my trainee status, switched companies, finished my training, and was hired by that same company on the spot. Stuck with them a couple of years, until they didn’t promote me from “technical project lead” to “software architect” because they only had one opening and someone else was picked (Looking back I think I would have made the same choice, so I hold no grudge), and given the company’s size that meant there likely wouldn’t be another opportunity for some years, which irked me 😛

IIRC there are non-google app stores from amazon and samsung, but to me using them would defeat the whole purpose of de-googling in the first place, so I stick to the f-droid “store” where all apps available (which is few, compared to what the walled gardens offer) are free (as in both gratis and libre, though some still have “anti-features”). Some of them accept bitcoin donations, etc. Regarding minecraft in particular, there is a clone called freeminer available, but I haven’t tried it.

That may well be, it would make sense in light of the GDPR… I haven’t dealt with a European Registrar in a long time.

Well, if eliminating parties is on the table, I’d have to recommend shooting yourself (better: pack your head in a lot of explosives, less chance to accidentally survive), so good ol’ rubber-hose cryptanalysis doesn’t work either ;-)

I salute a fellow connoisseur :D

A note on the privacy: If you want to have any sort of legal guarantee to stay in control of the domain, then the registrar needs to have your real name and contact info. Many offer not publish those in whois queries, usually naming that “feature” something like “privacy protection” and charging extra for it :p

Got a couple, one is my realname.my_country, which I use for anything “official”. Then I got a couple ones for experiments, and their primary requirement is being cheap and easy to get, which turned out to be .space: https://www.get.space

:D /me offers a hug The world is a dark place, but don’t let discourage you :)

As I said, I have reservations about Signal, but I have not found one where I have fewer, so… As to “the” openPGP “app” and literal missile launch codes, it really depends on what exactly that app is (there are many implementations of RFC4880) and on what environment it is running. Most likely it’s adequate for normal people though ;) I use GnuPG 2.x on QubesOS, and OpenKeychain on GrapheneOS, but I’m a cryptology-nerd who enjoys coming across slightly paranoid ;)

Fair enough, I was feeling a bit cheeky ;) I guess you really mean digital, electronic, semi-instantaneous, text-based communications, aka “instant messenger”. I tend to be very careful with recommendations, they always can turn out to be bad advice… For what it’s worth I use either email with GnuPG or Signal. I have a long list of caveats for both, but I do use them…

A face-to-face conversation, held in a proper SCIF (Secure Compartmentalized Information Facility), with no decorations, transparent furniture, the best sound isolation you can buy (think bottom of a salt mine and still wrapped in isolating material), no windows, no air-conditioning, shielded from thermal imaging, bring no devices at all, and all participants stark naked (ideally you’d add body cavity search and MRI); That way you can avoid most eaves-dropping.