As #Meta announce #e2ee messaging on FB, an Apple engineer explains why encryption matters to cloud based services including #Facebook: basically, they inherently “favor attackers”:
“when it comes to security, centralized data repositories disproportionately favor attackers. The one-time breach of a company or service lets criminals steal the personal data for many—or all—of its users at once”
🇩🇪Riesenerfolg gegen freiwillige #Chatkontrolle: Auch auf den Druck meiner Klage hin stoppt Meta die verdachtslose #Chatkontrolle deiner Direktnachrichten über Facebook und Instagram und führt sichere #E2EE Verschlüsselung ein!
🇬🇧Huge success against voluntary #chatcontrol 1.0: Under pressure from my lawsuit, Meta stops indiscriminate scanning of your direct messages via Facebook and Instagram and introduces secure #E2EE encryption!
A welcome move by Meta to rollout end-to-end encryption as default on Facebook and Messenger, despite political pressure from governments around the world.
This will protect the privacy and security of millions of people.
Update: i went to reddit because there was an AMA from proton . There, they said: *The only reason why our Linux clients are lagging from a development is simply that it is extremely difficult to hire Linux Desktop developers....
I've been testing out the rclone Proton Drive integration for a bit. As it is today, the rclone approach is currently too slow, especially using the "mount" approach which lets you access Drive files on-the-fly only downloading data as needed.
Using an "sync" approach (where data is stored both locally and in Drive) might be a better approach, unless you expect rapid syncing of files.
Considering the setup efforts, I cannot recommend Proton Drive for Linux in a productivity context.
Alternatives to Proton Drive on Linux there is @filen and Tresorit, which are both fully #e2ee. I've been using both for a while and both are decent.
Filen is the cheapest alternative and feature wise pretty close to Proton Drive - but they have a sync client for Linux. They do not have a possibility to access files "on-the-fly"; all data must be synced locally. And sharing data via URL need to happen via the web portal. Sharing data between Filen users was read-only access last time I checked.
Tresorit is fairly expensive, but also a lot more feature rich, especially on the sharing side. The Linux client supports both synchronising files between local storage and the cloud as well as a "drive mount" where all files in the cloud are available and only downloaded once you access it - or uploaded directly if you store something there.
Both Filen and Tresorit are fairly efficient in regards to uploading and downloading data via their sync clients. Using the web portal is slower, especially on larger files. This is naturally and not unexpected; the data is decrypted first on your device when the data has been downloaded from the cloud storage. Proton Drive is no different here.
Filen is a more properly open source based product. Tresorit is non-open source and built on top of Microsoft Azure services.
Even with Advanced Data Protection activated on #iCloud,
Apple can still access your iCloud Mail, Contacts, and Calendar. The encryption applies in transit and on their servers, but it's not end-to-end. Apple holds the keys.
I've been wavering on choosing a cloud provider to sync my data with. I really was hoping to use #ProtonDrive, but I really need a #Linux client. I was using #Google dive, but I really do not like how their system works.
So, I am going to go with #Dropbox I am not particularly excited to use them, but just yesterday, my wife needed an ID which she did not have. If my data was in the #cloud, I could have just shown it on the phone.
I'm trying to export all my emails from @Tutanota, but guess what, it keeps "crashing" and asks me to report the bug.
Tutanota is no different than any other vendor-lock-in platform. One of the side-effects (read "reasons") that user cannot use any client other than Tuta's is that the only way to export your data is via their own client. Something that conveniently crashes left and right without clear reason or without telling which email is causing the issue.
@Mehrad@Tutanota
TUTA FOLDER DELETION 1/5:
A folder that is deleted containing at least one message is moved to a Trash subfolder, selecting "Clear folder" to permanently delete individual messages in the Trash folder does not affect the subfolders.
When a folder is deleted and moved to a Trash subfolder, the Trash icon changes and a plus sign appears in the lower right portion of the icon.
@Mehrad@Tutanota
TUTA FOLDER DELETION 2/5:
Select the Trash icon with a plus sign and a list of subfolders will appear, permanently delete a folder by selecting the ellipsis icon to the right of the folder name and then select Delete.
@Mehrad@Tutanota
TUTA FOLDER DELETION 3/5:
This will remove the subfolder from Trash and the list of folders where a message can be moved to, this is where you were seeing folders appear that you thought were permanently deleted. The dot at the beginning of the folder name indicates it is a subfolder, in this instance it appears to be a subfolder of Trash.
@Mehrad@Tutanota
TUTA FOLDER DELETION 4/5:
Folders that have been deleted and moved to a Trash subfolder will appear in the list of folders where a message can be moved to with a dot in front of the folder name and appear directly below the Trash folder. Messages can be moved to these subfolders.
@Mehrad@Tutanota
TUTA FOLDER DELETION 5/5:
Folders and subfolders that have not been deleted will appear in the list of folders where a message can be moved to and appear directly below the Spam folder. A subfolder will have a dot(s) at the beginning of the folder name.
Permanently deleting a folder containing at least one message is a two step process.
I've not been able to find much info about how the RCS standard works and whether it's end-to-end encryption; Apple seems to think that its encryption needs to be improved to bring it up to iMessage's encryption standard.
“#Apple has no intention to support #Google’s proprietary extensions to #RCS that allow for #E2EE end-to-end [#encryption, which is a feature of Apple's #iMessage]. […] Apple caving and deciding to support [RCS] will expand, rather than contract, the amount of messaging that is not E2EE.”
On 14th November, Members of the European Parliament’s ‘Civil Liberties’ committee voted against attempts from EU Home Affairs officials to roll out mass scanning of private and encrypted messages across Europe. It was a clear-cut vote, with a significant majority of MEPs supporting the proposed position.
@majorlinux Unfortunately, the problem with #Sunbird is that it does not have true #E2EE: they log into your Apple ID on a Mac Mini in a datacenter, and then decrypt and re-encrypt the messages on that Mac. The messages are encrypted in transit, but it is not end-to-end in any manner. This was confirmed in MKBHD's video.
This is kind of disappointing to me, because true E2E encryption is possible, I worked on my #pypush project which implements the #iMessage protocol from scratch (no Mac), #Beeper bought it so hopefully should be available in the future.
Great not just to see sanity prevail over #ChatControl and #E2EE, but especially to see expert & community feedback being clearly received and used, to see a parliament explicitly reiterate support for privacy and encryption, and to see all that getting a good broad majority behind it.
Imo, the EU might consider dubious ideas at points, but the various layers are mostly quite good at collecting feedback and dropping bad plans.
Und die Abstimmung zur #Chatkontrolle ist durch, wie erwartet.
Es wurde für den bereits bekannten Kompromisstext gestimmt und für ein direktes Mandat im Trilog.
Was heißt das? 1/x
#Chatkontrolle #E2EE ist zumindest in interpersoneller Kommunikation geschützt. Allerdings werden verschlüsselte Hosting Services nicht ausgenommen, hier gibt es also Verbesserungsbedarf 5/x
“If enacted, these reforms [to the Investigatory Powers Act] pose a threat to companies’ ability to keep our data safe and increase the risk of criminal attacks. We urge the government to engage with civil society and tech companies, and to reconsider these potentially dangerous proposals.”
Yes, Proton Drive for Linux is currently not being actively worked on/update: they lack developers, see post
Update: i went to reddit because there was an AMA from proton . There, they said: *The only reason why our Linux clients are lagging from a development is simply that it is extremely difficult to hire Linux Desktop developers....