Your friendly neighbourhood sh.it.head
Gamer, book and photography nerd, francophile // Gamer, geek des livres et de la photographie, francophile
I find it's just a lot of effort to go through visual customization for very little benefit, I have spent more time creating rootless podman images for certain apps, custom scripts, keybinds etc.
What I mean to say is there's likely many people who customize functionality of their systems one way or another — without ever touching the visual side of things much beside maybe changing the font or turning dark mode on.
I'm not surprised by the corporate network, it's pretty common for those types of networks to severely block inter-device LAN communication. There are two solutions however, for one, KDEconnect has initial Bluetooth support. I think it only support Plasma and Android as of now, and could be documented better, but it does avoid the LAN access problems. The other solution is using a VPN, the easiest off the shelf solution being Tailscale, but I feel this is only worth it if you have multiple use cases for it (I use it for faster Syncthing transfers, Moonlight / Sunshine game streaming. And KDEconnect)
I really wish KDEConnect "just worked", similar to how Apple's devices connect to one another, but I guess this is the price you pay sometimes for an open source cross platform solution.
For sending things to devices I use KDE Connect. I realize it is a fundamentally different application, but it is what I use generally to send / receive links between devices, as well as documents, images etc. It also is good for notification mirroring, and really just integrating Android devices into Windows / Linux computers.
For passwords I used KeePass (and I sync them between devices with SyncThing), but I usually recommend Bitwarden (which is what I used to use). Both are open source, have apps for all platforms, can integrate into your browser if you choose. The main advantage of Bitwarden is that it is open source, all necessary features are free, and you can host the server yourself if you want. It also integrates into some services, notably email aliasing ones, to allow you to generate new emails every time you make a new account.
For bookmarks / history your best bet is the extension everyone else is recommending here!
What are your goals?
I would say it's really a combination of the instances policies and their jurisdiction, and in terms of jurisdiction it also depends on where you live (e.g. you may have more protections under law if the instance is hosted in your country)
There's also nothing stopping you from using multiple instances — siloing your interaction in different types of communities in different accounts on different instances. This may be useful if part of your privacy concerns are having all of your post / comment data on one account on one instance.
Edit: You can also use an email aliasing service to avoid even giving your email out. There are aliasing services such as Addy.io, Simplelogin (subsidiary of Proton AG), Firefox Relay (Mozilla), as well as some email providers which provide (iCloud, Proton, Mailbox.org to name a few)
Passwords I would recommend Bitwarden or KeePass (both of which are in the PrivacyGuides wiki, particularly usefull for KeePass where there are different clients depending on OS)
Email / contacts / calendar I am still struggling on to be quite honest. I am debating right now on Mailbox.org + EteSync OR just using Posteo.de (while it has some security regressions compared to Mailbox.org, it has encrypted contacts and calendar). To be quite honest though the options available in this space are quite frustrating, it is really hard to find a solution that allows for interoperability / data portability as well as E2EE / elevated security.
- JumpDeleted
Permanently Deleted
I would say the only potential "benefit" is if the account contains non-public facing personal information - you are reducing the chance it gets leaked via data breach (assuming, of course, they actually erase your data properly)
But I would say it is at least worth it to reduce that potential risk, but you should also go into it assuming that anything that was publicly accessible has been archived / saved by someone.
- JumpDeleted
Permanently Deleted
I for some reason recall at one point WhatsApp's encryption was actually an audited implementation of Signal's encryption. But that is so long ago that I doubt that holds much weight now ¯(ツ)_/¯
Would it run ok on a SBC, such as a raspberry pi? I don't mind self hosting, but I don't have the space for a full blown server setup in my appartment sadly (as fun as it would be)
I see in the FAQ they mention that "If you would like, you can encrypt your calendar and address book with your password. Therefore, only you have access to your data" (translated by myself into English, sorry if it isn't exact)
Is there any "downsides" to this in terms of interoperability with other calendar / contact apps?
Thank you so much for your suggestion, this seems like it fills the issues I had when researching mailbox.org
How reliable is the syncing? I currently sync a lot of things with Syncthing, and while it is great to not rely on a shady centralized cloud service, decentralized syncing also has its own problems (potential sync conflicts in my KeePass databases mostly)
It definitely seems like an interesting option though! Thank you so much :)
This is sadly what I was fearing running into, but I thought I would ask here nonetheless to see what other options people have even if they require some compromises on my goals
Do you self-host or do you pay? Just curious what your experience has been with the two options :)
Thank you for the suggestion!
I feel like the major one for me (that hasn't been listed) is Ape Escape. Growing up i played the (arguably worse) remaster of it for the PSP. Genuinely interesting to play a platformer so different yet so clearly reactionary to Mario 64. And it's also just interesting how they handle the analog sticks in terms of controls
Like many games of the era the controls are frankly janky, but they are just so much fun
If you don't mind me asking, what makes gnome more adaptable in terms of functionality than KDE?
For iOS devices the most up to date client is "Strongbox". I don't think it is FOSS, but is compliant with the standard. It's sadly a freemium app, but is quite well made in my testing. It cannot sync with syncthing, but does support several cloud services, its own service (which uses iCloud), and local file transfer over LAN. They also have a version of the app with all network connectivity removed for security (if you prefer)
This is perhaps overkill, but you can also encrypt the contents of your online cloud storage with CryFS / Cryptomater. This is particularly useful if you wish to store sensitive documents (healthcare, finances etc) in a cloud environment in case of catastrophic destruction of property (destroying computers / on site backups of data).
In this case you can also backup your keepass file in this encrypted virtual storage medium, on top of the prexisting encryption of the database itself.
My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.
Overall I like this setup because it's decentralized and does not rely on a third party server structure. The only "weak" point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you're capable)
I used to use Bitwarden, and I highly recommend it. I really appreciated it's ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following
- I don't have the money to pay for it (uni student)
- I prefer a more self-hosted approach (I will consider using vaultwarden in the future when I have more money)
- I wanted to move away from using a browser extension for password management on desktop. KeePass' auto type feature is really good, and a more secure input method than a browser extension autofill.
The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.
My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn't too great, but autotype doesn't work on Linux if you install with flatpak, and you can't prevent screen capture of the app on Linux (only on Android and Windows from my understanding)
Edit: I also tried gopass, it's really fun to have an entire CLI based password manager, but frankly the state of mobile companion apps are appalling. The Android option only is good if you use a dev version, and the iOS one I thought was just ok. I also dislike the metadata leaking that is inherent to the format, and that PGP is the main form of encryption for the time being (some clients were looking at using AGE at some point). Overall it's a cool but flawed concept, and I feel my other two recommendations are superior.
I think it's important to see these types of efforts, while I'll never go out and buy a MacBook the effort isn't wasted since it gives current users more freedom and future people buying used laptops more options for Linux compatible hardware.
Without a project like this, that hardware will end up being e-waste a lot sooner than it should be, when Apple drops support. At least to me I see an ethical and moral imperative for projects like this, but I also understand people's grievances with Apple.
I think you summed up my thoughts on the matter much better than I could have. In particular, the “digital” / “corporate” right to be forgotten is distinct and much more specific in its scope than a broader right, and is a rather important consumer protection in my opinion.
One of the advantages of Relay is that it is agnostic of your email provider, making it easier to switch providers without having to change the email on every account that has an alias.
Considering this, I'd be tempted to go with Addy.io instead of ProtonMail / SimpleLogin (subsidiary of Proton AG).
If you're concerned with having to trust a third-party to process your emails however, Proton may be the better option with built-in aliasing. Mailbox.org is another option recommended by privacy guides with built-in aliasing.
If you're concerned with Mozilla's TOS change however, you may also be concerned with the Proton CEO implicitly supporting the current Trump presidency, believing that the Republicans will do a better job reigning big tech in (While I'll agree that the democrats are not anti-corp, that died with Bernie, I think it's foolish to believe the republicans will be better). They also pulled their entire media presence on Mastodon, and recently integrated Zoom despite explicitly stating that it has privacy issues in their blog.
I think some people are being a bit extreme in their characterization of Proton AG right now, but it definitely feels like they're making some peculiar choices when looking at their guiding mission of privacy / security.