At this point I have to wonder whether the “Signal is CIA funded” narrative is not just butthurt Russian trolls mad at the fact it’s also used by spies and informants for secure communication.
It’s probably also media’s fault for this. They only publish when a bad person does a bad thing on the internet with it, not all the millions of users who don’t do bad things. That would be boring.
The reason we don’t recommend Ungoogled Chromium and instead recommend Brave on the privacyguides.org website is because they have proper build infrastructure managed by the Brave. With Ungoogled Chromium the binaries are produced by third parties, vary in version etc. People claim they would only use “open source software” but they do download binary versions nevertheless and don’t compile that code themselves. This increases the risk of a supply chain attack, where a malicious binary is submitted and nobody has really knows until it is too late. The other issue is they disable CRLSets because of “google hate” which we think actually increases the likelihood of a MiTM attack occurring because rogue certificates are not detected and invalidated as quickly as they could have been.
The reason is they have proper build infrastructure managed by the Brave. With Ungoogled Chromium the binaries are produced by third parties, vary in version etc. People claim they would only use “open source software” but they do download binary versions nevertheless and don’t compile that code themselves. This increases the risk of a supply chain attack, where a malicious binary is submitted and nobody has really knows until it is too late. The other issue is they disable CRLSets because of “google hate” which we think actually increases the likelihood of a MiTM attack occurring because rogue certificates are not detected and invalidated as quickly as they could have been.
I always understood it as they don’t parse the actual details of emails (the body) to generate an add profile. It doesn’t mean they don’t track what websites you’re visiting whilst logged in though.
My guess to this is that it’s not accurate, for example email chains, or someone mentioning something that you have no intention of buying. As the email body is very unstructured it would be quite difficult to interpret whether those keywords should be added as an interest, having said that, with advanced AI that can parse context of a sentence they may just start doing that again if they can with accuracy.
One of the things I dislike about KeepassXC is that it exports to a unstructured CSV file, whereas Bitwarden exports to JSON. It’s a lot easier to use something like jq to parse a JSON structure, if you want to import it somewhere as opposed to dealing with CSV files.
I also found the importer for Keepass CSV in Bitwarden didn’t import my “notes” and I had to individually check that for each record.