So for the PineTime the most popular firmware is https://infinitime.io/ and by default you get
Watchfaces for telling the time
Steps (displays the number of steps of the day and the daily goal)
Heart rate (controls the heart rate sensor and display current heartbeat)
Music (control the playback of the music on your phone)
and the PineTime is relatively slick, large bezel but frequently people told me, surprised if they knew me, they though I had an Apple watch, which was a brilliant moment to open up the discussion about open source, free software, open hardware.
Meanwhile Watchy has e-ink and the 3D printed frame is very bulky. It's definitely a lot more noticeable and I received few compliments for it. By default its firmware is https://github.com/sqfmi/Watchy and...
time (+ weather if connected to network, not mobile phone, via WiFi not BT)
Steps
... and that's about it. Honestly the Watchy ecosystem is a lot less lively than InfiniTime. Sure you get some different watchfaces but that's about it in terms of popular customization AFAICT. Basically I'd only recommend it if you only want a watch for time and if you are adamant about e-ink.
Linux on desktop, self-hosting and GrapheneOS too.
I have a few smart watches, namely PineTime and Watchy by SQFMI but... honestly I don't wear them anymore simply because I try to be as minimalist as possible. In fact just yesterday afternoon I was wondering if I could do without GrapheneOS because I might actually NOT need a phone.
So... what do you want out of watch?
I can recommend both but honestly it depends on your need.
That being said I imagine Google messed up the whole landscape with its Manifest V3 situation.
Also I imagine after a certain expertise threshold, one can relatively easily re-create an addon themselves. I'm thinking people who are familiar with Tridactyl or GreaseMonkey might not be as sensitive as this problematic.
FWIW I don't recommend starting a post about selling data where the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. https://docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
since Mozilla seems to potentially give itself a license to all your data, apparently.
That's not correct, you mean some data from your browser usage. I think it's important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it's far from perfect, and as somebody linked else there are limits (e.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in "normal" situations it's enough for me.
Anyway that's just my perspective on the matter, on your problem specifically after a brief ~5min search I haven't found exactly what you are looking for but here are still some examples of what I do find helpful :
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
Yes, absolutely, yet the fact that we even know who they are proves that it's definitely an odd case. It's important to remember it but it's definitely not a normal situation.
I haven't but I did built relatively large projects before (e.g. browsers) and basically it depends mostly on 2 things :
are you in rush? If not just let it run over night, if you are then delegate it (if you can afford it and matches your threat model) to a cloud provider (rent a couple of instances for however long you need, that's where the hourly pricing matters)
is the build system properly setup for reproducibility, e.g runs in a single container on AMD64? if so just start it and move on, otherwise be prepared for an indefinite amount of tinkering
I think it's interesting to do but honestly as someone else mentioned, builds are signed. In fact at the end of https://grapheneos.org/install/web#verified-boot-key-hash you get the verified boot hash. The goal is precisely to check that you actually get what you are supposed to have running. Basically the big picture of reproducible builds is that you do NOT have to do it and can STILL verify that you have exactly, up to a single bit, what should have.
I'm using a 10 years old Razer Blade Stealth 13 on Debian and so far no only minor problems with it.
Consequently my advice is :
do you actually "need" a new one or do you just "want" one? if the later then could be 2nd hand
if you do then share either what your "main game" is or what its requirements are, because e.g Slay the Spire runs on nearly anything
do not buy something brand new unless you are ready to tinker, consider something a year old
whatever you do, check online review specifically on Linux installations, that will let you know if something somehow (typically inconsequential, e.g. LED tweaking) requires proprietary software
consider buying directly from a Linux pre-installed vendor, this way you are 100% sure it will work (but it's typically not cheap)
Be mindful that such a program would have to be safer than the situation without. A program on a public repository that isn't used by any distribution, isn't audited, hasn't a lot of comments (and thus eyes on its code) might be a disproportionate risk compared to the default settings of a popular open source distribution IMHO.
Hi there, how about keeping history of past messages? I mean if all participants leave the channel, can they all keep history using e.g. localStorage and when they come back, see what has been shared until now including when they were away thanks to history of that channel from others?
It doesn't have to be though. It could be BOTH convenient AND private. It's only because we, as a society, didn't fully understand the "cost" of "free". We thought it was just so nice to get a good search engine without having to pay. We didn't grasp that it was the beginning of surveillance capitalism. We didn't understand that this business model would be so successful every company, from news ones like Meta, to "old" ones like Microsoft or Amazon, would try to be hybrids, both selling stuff and but also re-selling data to advertisers.
So no it's not a false choice, it's a corner we strategically got pushed into.
I believe, maybe naively, that initiatives like https://uattest.net/ or even https://www.taler.net/ are trying to show that it can be both convenient and private, but NOT while relying on surveillance capitalism which is precisely investing a lot of money to bring the maximum convenience, including free (hard to beat) but at the cost of privacy.
trust that they won’t add any collection without telling people.
It's open source so you can inspect it. If you don't know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g. firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don't think that's a worthwhile bet.
FWIW not on income but on top wealth, Musk has $792 Billion (ffs...) so ~$1000B and we are 8.4B Earthlings so ~10B. If we were to spread equality his wealth (which I'm all for) it would "only" gives each of us ~$100. Conclude from that what you will but to me it's just a reminder of just how many people we are. A lot.
PS: this isn't about income and it might be totally different there. If you have a better metric and approximation I'd be all ears.
I think that's precisely what this is questioning : is this helping fund critical FOSS?
What if a fraction of that money instead went to Signal infrastructure? Wikimedia? FSF which initially made GNU PG? FSFE? NLNet which supports Delta Chat? Sovereign Tech Fund? etc rather than individuals?
I don't think anybody is criticizing that hard working people contributing to a good project are well paid. I believe the question is rather what's the cost to OTHER projects when there is 1 project, not an umbrella projects which funds others (again like NLNet or the Sovereign Tech Fund).
What model are we reproducing and what's the risk?
FWIW the question isn't new. It happens also with Mozilla with the compensation of its C-suite staff, not the "random" software engineer.
No and honestly I don't think it matters. Set the age of your OS to 18 (assuming you are 18) and move on. What's the issue?
That being said if you are really interested in the topic and use this as an "excuse" to learn check out https://jsandler18.github.io/ and don't worry if you don't have an RPi to run it, you can use QEMU. After that you can dig into https://wiki.osdev.org/ really a fascinating journey.
So for the PineTime the most popular firmware is https://infinitime.io/ and by default you get
and the PineTime is relatively slick, large bezel but frequently people told me, surprised if they knew me, they though I had an Apple watch, which was a brilliant moment to open up the discussion about open source, free software, open hardware.
Meanwhile Watchy has e-ink and the 3D printed frame is very bulky. It's definitely a lot more noticeable and I received few compliments for it. By default its firmware is https://github.com/sqfmi/Watchy and...
... and that's about it. Honestly the Watchy ecosystem is a lot less lively than InfiniTime. Sure you get some different watchfaces but that's about it in terms of popular customization AFAICT. Basically I'd only recommend it if you only want a watch for time and if you are adamant about e-ink.