The point is also to minimize potential damages caused by a bug in the software. Just this year there have been multiple data-destroying bugs in publicly released software. If the app runs as a server it’s usually trivial to have it run as a dedicated user, with just enough permissions to do its job.

It’s just good practice, even though the risks might be low why risk it at all?

I know “security experts” from a top French bank who insisted on using telegram instead of signal. So even people who were supposed to stay informed about this stuff fell for the hype and marketing.

I read your comment before the article and I thought you had made the second quote up lol, unbelievable. And people are throwing money at these guys?

OK so this is most likely by design, impressive.

Does the timer “jump” to the correct time after you dismiss the window ? It’s also possible that they didn’t bother testing the app when logged out, and that the popup blocks the UI thread while it’s displayed. In short it could be bad coding and QA instead of intentional enshittification.

Telemetry is not bad in itself. It can be used for bug/crash reports, or usage statistics, without tracking or personal data collection.

That’s because he planted a backdoor into GIT, and now he reviews your bad commits every night.

Same as Windows and MacOS, really. You can follow best practices and conventions, or just install your software wherever you want.

I guess it could, as we have to take meta’s word for it, and a quick google search hasn’t turned up any independent security audit.

They don’t want to ban encryption, they want to block encrypted chat apps, precisely so they don’t have to build backdoors. AFAIK it’s not possible to break signal/WhatsApp encryption without access to the targeted device, and once you have access you can get the messages directly without having to break the encryption.

something like “massive attack set to release new album” would be fine IMO. “Massive attack in Bristol:” is downright irresponsible.

Yes the Steam deck FS is ext4.

Why ext2 on Void?

Shut the fuck up or I’ll go OTAN on your ass.

It’s standard practice in France too. This is not forbidden by RGPD.

Wireguard, like all VPNs, definitely does E2E encryption. What would be the point of an unencrypted VPN?