dracs

joined 1 year ago
[–] dracs@programming.dev 1 points 5 days ago

They do have e2e for emails. Any emails between Proton Mail users are always e2e encrypted, as are any emails others send you which they've encrypted with their own maio client. If someone sends you an email unecrypted (most email is), then Proton will encrypt it for you and put it in your inbox. They can't read it after that, but there is some trust required that they don't store/look at the unecrypted email before then.

[–] dracs@programming.dev 2 points 1 week ago

I did pick the DBrand Kill Switch case (including. skin and screen protector) for both me and my partner. It was on the pricer side, but I'm pretty happy with it. Feels quite good to hold and certainly rugged enough to protect it. The skins also stop us from getting each others decks mixed up.

As for a dock, I picked up the Anker one and it's alright. Would have preferred the official one, but everywhere was charging a hefty price for importing it.

I already had a hefty battery pack for travelling. Haven't needed it much myself, but my partner recently made good use of it for an international flight.

[–] dracs@programming.dev 2 points 1 week ago (2 children)

I bought some gray imports a couple of months ago. Cost me about $100 more than Valve's official AU prices, for the 1TB OLED.

My partner and I have been playing them both pretty much constantly since then. Very happy with them.

[–] dracs@programming.dev 1 points 2 weeks ago

The UnifiedPush server is intended to be a single source your phone can keep a persistent connection open to, rather than needing a connection per service/app (this is how Google's Firebase notifications work too).

As Signal doesn't support UnifiedPush, MollySocket keeps a permanent connection open to Signal's servers to listen for new activity and forward them to your UnifiedPush server. This saves your phone keeping a permanent connection open to Signal's servers and draining your mobile battery more.

[–] dracs@programming.dev 2 points 2 weeks ago (2 children)

I'm self hosting both too. MollySocket's docs are pretty clear that it never gets an encryption key for your account, so it can't read your messages. It only gets/forwards alerts that something happened on your account AFAIK. So I'm not sure what data it has that's worth encrypting.

[–] dracs@programming.dev 5 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

For Signal/Molly, it's less that the notification is encrypted as I understand it. It's more the notification content is just "Hey! Stuff happened" for Signal. The app then reaches out directly to the Signal servers to see what's new. So the message content is never sent via the push notification service (UnifiedPush or Google's service).

[–] dracs@programming.dev 9 points 2 weeks ago (2 children)

I've got a few old PCI cards around somewhere. I should pull one of them out and give them a try at this.

[–] dracs@programming.dev 2 points 3 weeks ago

That would require a lot of data privacy concerns to be addressed. Even if it's an explicit opt-in. The current method uses sample text which can't include PII. Using user supplied text would almost guarantee they'd get names and other PII in their data set.

I also imagine it's harder to train the model when you don't know exactly what the user was trying to type. I.e. Was the swipe detection wrong, or did the user delete the word because they changed their mind on what to write?

[–] dracs@programming.dev 3 points 1 month ago (1 children)

The issue isn't a big deal for the average user. The vulnerability required them to first get your username and password, physically steal your Yubikey, spend half a day using $10-15k worth of electronics equipment to repeatedly authenticate over and over, they then could potentially make a clone of the key.

[–] dracs@programming.dev 6 points 1 month ago

She'll independently recycle your matter into more coffee.

[–] dracs@programming.dev 4 points 1 month ago (1 children)

I'd say it's worth doing this regardless to help determine if it's an application or system issue causing them not to go off.

view more: next ›