this post was submitted on 08 Jul 2025
14 points (93.8% liked)

Privacy

3124 readers
51 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 8 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
14
How checklists lie with facts, and are bad for figuring out privacy of apps etc. (soatok.blog)
submitted 1 day ago by SweetCitrusBuzz@beehaw.org to c/privacy@lemmy.dbzer0.com
22 comments fedilink hide all child comments
 

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

you are viewing a single comment's thread
view the rest of the comments
[–] XLE@piefed.social 6 points 1 day ago (1 children)

I'm surprised this article doesn't mention privacytests.org by name, but it reaches a conclusion that may as well:

If you see a dumb checklist trying to convince you to use a specific app or product, assume some marketing asshole is trying to manipulate you. Don’t trust it.

Thankfully there's a good recommendation in the very next paragraph for all things (messaging apps, browsers, etc):

If you’re confronted with a checklist in the wild and want an alternative to share instead, Privacy Guides doesn’t attempt to create comparison tables for all of their recommendations within a given category of tool.

Also: shots fired at XMPP throughout, as the poor protocol limps along trying desperately to catch up to the encryption baseline that was set over a decade ago by the first versions of Signal.

Ultimately, both protocols are good. They’re certainly way better choices than OpenPGP, OMEMO, Olm, MTProto, etc.

Why OMEMO is "bad" is indirectly answered earlier:

The most important questions that actually matter to security:

  • Is end-to-end encryption turned on by default?
  • Can you (accidentally, maliciously) turn it off?

If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

Similar discussions have skewered the federated Delta Chat for having an even worse version of this issue.

[–] moonpiedumplings@programming.dev 1 points 8 hours ago* (last edited 8 hours ago)

If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

Please see my comment about this issue. Signal does not pass this test due to not having (working) reproducible builds.