Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

OK. I suppose this is the correct answer.

The least bad option [for Signal] is the unofficial flatpak.

Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

By definition an email server is not under your control, so the question of whether or not it runs FOSS is a bit moot and in any case impossible to verify.

In terms of privacy-respecting email hosting, Proton, Posteo, and Mailbox all spring to mind.

Looks great, well done.

Personally, the deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop, where the handy one-click installation goes like this:

# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
  sudo tee /etc/apt/sources.list.d/signal-xenial.list

# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktop

Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?

Sure, but in that case the default encryption could easily be switched off for multiple-drive setups. Basically, the default setting is what’s important.

Ha! Just checked and it turns out this is the exact line that’s already in my screenshot script. Which apparently I pilfered without trying very hard to understand - as usual! Can confirm it works great.

This is a good question. Phone numbers are increasingly used as de-facto ID numbers, everywhere in the world. That’s because, unlike email, they cost money, and in most jurisdictions you can’t even get one anymore without presenting real ID. So: if you have a second phone number, you can effectively have a second persona for any site or app that requires phone-number ID. Seriously, at this rate, it’s going to be all of them.

IMO the best use-case for this is to quarantine your contact list. That is, keep a separate number for social networks and messaging. The number you give to your in-person contacts will be instantly shared with all their cloud services, whether you like it or not. This is what allows Big Tech to triangulate and discover exactly who you know and therefore who you are. If the cloud services cannot trace a number back to any phone ID in their own books, then they can’t do much with it and you will remain at least something of a mystery to them.

its just never on by default

Except PopOS, as I understand it. IMO that is a major point in its favor and against its competitors, given the dominance of laptops today. I see no reason why this is still opt-in, rather than opt-out as on mobile OSs.

Alas no but from your screenshot I learned all about grim. Thanks!

Useful to know, thanks.

For the record, I once had a bad experience with the Debian installer’s version. That is why I will not be trying Debian again. Installation is a moment of vulnerability, when you don’t have ready access to your data, or the network, and this is one extra factor. IMO it really is non-negotiable for a distro to provide a bulletproof installation experience.

To add to the comments, most distros do not offer FDE by default when installing. You have to jump thru hoops. No idea why this is still the case given how many consumer computers are laptops these days, it seems crazy.

The big exception seems to be PopOS, an Ubuntu derivative which is intended for laptops. FDE by default so it must be pretty easy to get that up and running.

Ubuntu itself has a solid FDE option on install, too. It sets up the LVM configuration as already described, no expertise needed. And IME works very reliably.

Sure, but I do think he would be pleasantly surprised by how things turned out. Aldous Huxley saw the future better. This is not a particularly original analysis.

IMO Orwell’s real insight was about the importance of clarity and truth in language, as a protection against political manipulation. That really was revolutionary.

Thanks. Keep up the good work.

It was a good line but his general prediction was, thankfully, wrong. With caveats, we’re not at all where 1984 forecast we would end up. Humans turn out to be more allergic to oppression than he imagined.

Literally “always”, like every single time you open a website or app? No password manager can make SMS 2FA not a PITA. As for your second point, I addressed that. What if you literally don’t care about keeping data in question private? Individuals have different threat models, different priorities and all of this is a trade-off. It’s not absolute. That’s all I was saying. Anyway, I’m done here.

Yes this clarifies things. In summary, without 2FA:

• use a strong password unique to that site (i.e., via a credentials manager) - safe except on that site if absolute morons are running it
• use a weak password unique to that site - safe elsewhere
• use weak passwords and recycle them - you are in trouble

So it’s a trade-off. If everyone was in the first category, then the obvious inconvenience of 2FA would just not be worth the benefit.

If the password is unique, there’s no risk!

Incidentally: not re-using passwords should be the only responsibility of the user. It’s impossible to brute-force a password through a login form, you need full access to the disk. So when sites complain about poor password strength, effectively they are saying “We don’t trust ourselves to keep our server safe”. Pretty insulting to blame the user for that.

It doesn’t help everyone equally. It assumes you (a) re-use passwords, (b) don’t protect them properly. That’s the case for most people but not all.

And I’m not tied to Firefox if, for some reason, I want to stop using it.

Not gonna happen.

It’s that same mistake textbooks often make of burying the lead in an otherwise obscure reference the reader may or may not pickup on.

Exactly. Thanks for clarifying.

Which begs the question, “What is FIDO?”. To which the About FIDO page replies, literally, “FIDO authentication uses standard public key cryptography techniques to provide phishing-resistant authentication”.

Arrghghgh! Orwell was right about people’s incredibly capacity to write with zero clarity.

More generally, IMO what we have here is a classic case of ELI5 vs “ELI know something already”. I use SSH and manage the keys myself but I still can’t find an answer to this question: is a “passkey” just another word for “the private key in a public-private keypair?”

Whenever I look into this, the explainer always either jumps straight into super-dense technical details, or describes it all in term of metaphors as if talking to a small child. Oh well.