iirc syncthing is encrypted, which matters because it will pass your data through a relay if it can’t connect directly.

check out deltachat, it’s an email client with an interface like an instant messaging app

They could make it difficult to open up the camera and extract its signing key, but only one person has to do it successfully for the entire system to be unusable.

In theory you could have a central authority that keeps track of cameras that have had their keys used for known-fake images, but then you’re trusting that authority not to invalidate someone’s keys for doing something they disagree with, and it still wouldn’t prevent someone from buying a camera, extracting its key themselves, and making fraudulent images with a fresh, trusted key.

Every sale to every individual buyer requires separate handwritten notice, each individually attached to a copy of the privacy policy and the data sold, notarized and sent by certified mail in triplicate, with postage paid by the sender. Make it cost so much that the entire industry becomes obsolete.

Google owns Widevine, they would be paying a fee to themselves

Got rid of all of my centralized social media accounts apart from YouTube, moved from Proton to Migadu on my own domain (unlimited aliases! when signing up for a service I can just make up a new username and it gets organized into a folder in my inbox!), and moved my homelab and laptop to NixOS

Personally I would rather they had to make phones a little thicker again to include a properly sealed battery compartment, the new ones look very nice but it’s too hard to get a decent grip without accidentally bumping the edge of the screen.

Maybe the whole back side of the phone is the battery, and the two sides are independently watertight? The charger port and usb controller could be on the battery too, that way you can replace it if it breaks or you want to be compatible with a new fast charging specification, and you could charge it independently if you have more than one.

Every good result they serve you could have been an ad, so they’re incentivised to replace as many with ads as possible.

ah wack, XWayland then? that should at least stop it from snooping on Wayland apps

It could, so while you’re using it you should make sure you don’t have anything sensitive onscreen.

If your desktop supports Wayland at all, you could switch to it while using Zoom, even if other things don’t work as well, then switch back when you aren’t.

If you’re using X, it would be able to read your inputs for other applications and such, but if you don’t do anything sensitive while it’s running it still won’t be able to do anything.

interrobang!

If you put zoom in a flatpak and tighten its permissions, it won’t be able to touch the rest of your system

Good, if someone is selling their labor they should be protected as an employee.

Would be an excellent change if they replaced it with a chronological timeline, but we all know they won’t do that even though their backend already generates RSS feeds and it would barely take any effort to integrate with the frontend

Some games use a “trust” system based on human reviews of your gameplay that affects how you are matched with other players, but there isn’t a respectful way to force people to use just one account so that the trust score can follow the person. The best way I can think is to tie the purchase of the game to that account, which many services do, but that breaks the used games market…

There’s a concept I call “rule zero of cybersecurity”: “the user can and will exploit trust you place in them or anything they can touch.”

You can make it more difficult to exploit the trust you put in the user by hiding it behind obfuscation, but ultimately the user can desolder your secure enclave, reverse engineer your anti-tampering measures, and falsify any check your program wants to do, if it happens on their computer.

Client-side anticheat on Windows doesn’t “work” in the pure sense either, it’s just enough of a pain to bypass that most people don’t because you can’t recompile the kernel to change how it behaves. On Linux, it’s easier to take advantage of the fact that perfect client-side anticheat is fundamentally impossible.

Same with device attestation, DRM, and other client-side verification measures: they’re doomed to be in an endless back-and-forth because what they’re trying to do is fundamentally incompatible with reality.

The correct choice for anti-cheat is to detect cheaters like humans do: watch a player’s actions as they are received by the server, and use your knowledge of typical player patterns to detect if the player is cheating. Your server’s knowledge of the network messages coming from the user’s computer is the only thing you can trust (because it exists on hardware you control), so you should make your decision by analyzing that.

no one has ever wanted to work, you’re supposed to pay them enough that they’re willing to work anyway

Good to know

Windows doesn’t like to acknowledge that other operating systems exist, so (at least from my experience) it will overwrite your Linux bootloader whenever it updates, or sometimes it’ll just do it because it feels like it…