The article doesn’t seem to answer the “why” question too comprehensively… just mentions some performance differences.

I saw a Tesla in Europe with a bumper sticker like this: “I bought this car before Elon went crazy”. So I would not neglect the cultural factor.

PM’s apps perform the encryption on your own device because it’s your device that runs the apps. That is e2ee, but still only in the two scenarios I mention and even then it’s also vulnerable to targeted attack. PM could ship malcious j/s if it wanted (the likely case being to comply with a court order). It’s better if your own non-j/s FOSS MUA handles the crypto, which is actually easier if you don’t use PM.

If mailbox.org works the way anonaddy works, then that’s not e2ee. The msg payload is seen by the server that does the encryption, in the very least. The sender’s ESP would have already seen the msg.

Indeed, which is more reason to not blindly block dynamic IPs.

Consider self-hosting HALF the service. Something like this:

Outbound

local Postfix on dynamic IP → relay (optional and configurable) → recipient

You can configure Postfix to use a relay depending on the recipient. E.g. if you need to reach alice@outlook.com, MS will reject your dynamic IP. But if you have bob@outlook.com, you can tell Postfix to relay via MS servers using your bob@outlook.com account for all *@outlook.com recipients. And yes, you can still use a different vanity address in the FROM: field, like Gobbel2000@nerds.org, if that’s what you want to be known as. You can freetype whatever your want as the FROM: address if you use a good MUA like mutt.

You can even hack postfix to send over Tor. And you can make it possible to support *.onion email addresses, which is something that no non-self-hosted service offers.

When I email someone for the 1st time, say it’s alice@someunknownneverseensvc.xyz, I first configure my mail server to relay to @someunknownneverseensvc.xyz over Tor. If that fails (and it often does), I configure Postfix to directly send to that server from my dynamic IP (or VPN if I have that running). That’s the default, in fact. If that fails, then I can cave-in and compromise my privacy by relaying through a 3rd party, if I choose. Most importantly, I am in control. If I really want to send the msg but I really do not want an additional MitM, I may be able to create an acct on @someunknownneverseensvc.xyz and then use that as a relay to recipients on that host.

Rise-up has an onion SMTP server. So if you have a riseup acct you could use their onion as a relay.

Inbound

(your acct @ rise-up or disroot.org or danwin1210.de or autistici) → POP3 onion using fetchmail → local Postfix → dovecote or procmail → local files read by your MUA of choice

You avoid a lot of complexity and labor by not maintaining a WAN-listening server. Though you still have a fair amount of effort in configuring your junk, you need not do all the configuration up front. You can do it on a piecemeal per-outbound msg basis to spread your config effort out over time. Of course you need to use a forwarding service or do some DNS arrangements if you want an address that does not tie you to an ESP.

This approach relieves you of the reliability problem… you need not maintain a server always online, up, and listening. But of course you lose some privacy because all your inbound traffic is seen by your ESP. At least you can potentially circumvent your ESP on outbound mail.

BTW, you might want to crosspost to !email@lemmy.sdf.org

(update) my complaint with Postfix: no Tor support out of the box

Postfix needs some hacking to get it to work over Tor. As old as Postfix and Tor both are, they should work together out of the box.

side note: downside is, your data there is more snoopable, less so with something like proton.

Can you elaborate? AFAIK, Protonmail only gives e2ee in 2 rare situations:

• Both parties use PM
• The non-PM user has a PGP key and the PM user is competent enough to add the key to their PM address book. (This is where Hushmail is superior to PM, but HM is not gratis)

In all other scenarios (no e2ee), PM traffic and data-at-rest is just as exposed as conventional non-PM.

True, but sending from a static IP that is linked to you yields less privacy. I’ve decided: fuck these email recipients who demand I compromise privacy in order to give them the convenience of relying on IP reputation. Sure, google and MS servers refuse email from me, but I prefer that anyway. I use postal mail for such recipients (and yes, that’s most recipients).

They apparently stole the brand of a FOSS router firmware (an openwrt alternative).

Bit annoying that their README does not actually state a basic overview of what their app does. It’s quite hidden in small print above the file list… easily missed.

Corporations certainly would bend to consumer demand if consumers were wise enough to boycott and make demands. But the question is whether consumer wisdom would ever advance on a scale to make that happen. I think I have little hope of seeing it in my lifetime.

There are 35 million Mexican adults (38%) without a bank account. So living unbanked is at least an option, and more than ⅓ find it viable.

Nonetheless, it’s interesting to hear that all banks in Mexico are digital and that not a single one offers offline service. And that not a single digital bank offers logins w/out 2FA, or 2FA by SMS (which includes feature phones), or 2FA by using a card reader. If all that is true, consider posting about it in !smartphone_required@lemmy.sdf.org.

This is extremely reductive and oblivious to the actual realities of banking in various countries.

I think you will be hard-pressed to find a country that does not have a single bank that can serve those w/out smartphones. If you find such a country, plz post about it in !smartphone_required@lemmy.sdf.org and send me the link. Then we may be able to make a case for ppl in that specific country not being boot-lickers, if at the same time being unbanked is illegal.

If you think it’s easy to be “unbanked” then I would suggest that you try it yourself first.

I have been simulating an unbanked life for years now. 5 creditors are threatening lawsuits for non-payment after refusing my cash. One took me to court and it was an easy win for me. I just appeared without a lawyer and pointed to the law.

It’s also worth noting that unbanked is more extreme that simply choosing a bank that does not require a smartphone.

It’s banking:

https://slrpnk.net/post/28294479

The army of corporate boot lickers in the mobile phone context is largely composed of people who think banking on a smartphone is wise, despite the attack surface and despite the bank being empowered to monitor their customers more closely. Banking apps are the most significant culprit for gluing people to Android.

We may never see the day when more than 5% of the population realises the importance of FOSS enough to shake free of their addiction to convenience.

I agree. But you have to start somewhere. The guideline has been converted into legislation in Belgium since last week.

Do you have more detail on what was implemented? I could only find this repairability index, which I suspect won’t be much more useful than energy indexes and nutrition indexes.

This is why I said at the local level. City council cannot change federal laws.

The EU has been grappling with right to repair laws for over 10 years now. It’s a complete shit show.

At the moment, a washing machine maker in the EU is only required to release repair documentation to professional repairers who are insured, not consumers. And they only have to do it in the 1st 10 years, not in the time period that things actually break. At the 10 year mark, they automatically lose the docs and stop making parts.

The law you reference is not yet in force AFAIK. But when it comes into force and each member state eventually legislates, look at what we are getting-- from your reference:

A European information form can be offered to consumers to help them assess and compare repair services (detailing the nature of the defect, price and duration of the repair). To make the repair process easier, a European online platform with national sections will be set up to help consumers easily find local repair shops, sellers of refurbished goods, buyers of defective items or community-led repair initiatives, such as repair cafes.

That’s crap. It’s fuck all. Consumers are not getting service manuals. They are just being told where they can go to get someone else to do the work. We can of course already find repair cafes because they publish their own location. But repairers at repair cafes are just winging it. You cannot bring them a large appliance like a washer. They don’t even have water and drain hookups. And even if one repair cafe made an exception for large appliances, their repairers are not insured and thus cannot legally get access to service manuals.

Everything at the state/fed/intl levels is a total shitshow. This is why I asked in the OP what can be done at the local level.

I should have linked the parent thread. Federal laws are a shit show. In the US, most states have paltry R2R protections typically only covering cars, wheel chairs, and farm equipment.

This is why I am collecting ideas for what we might petition LOCAL govs to do, like city councils.

I don’t think that is true. I never heard of a creativity test or measurement as a precondition to copyright protection. As I understand it, anything you write (regardless of artistic creativity) is automatically protected under an all rights reserved copyright unless you explicitly state otherwise.

I don’t quite follow the connection between retailer size and planned obsolescence. Do you have a Cliff’s Notes? Youtube has become a shitshow since Google now treats Invidious and Tor with hostility. We can no longer consider YT videos to be openly reachable. I am essentially blocked from YT.

(edit) I was able to find a rarely working invidious instance and fetch it. will watch it later.

Oki (formerly Okidata) has always had the ethical higher ground, above Brother, AFAICT. Brother does partake in ink waste shenanigans with their inkjets. IIRC, the only negative with Oki is they write that non-Oki toner voids the warranty – but don’t they all?

⚠ But note that you cannot be in the US. Oki pulled out of the US marketplace.

Considering the price of a Fairphone you have a right to be upset. I suppose the only thing going for your situation is maybe the parts are worth something since they can be used to easily fix other Fairphones.

The old laptop is the same one I use for all computing. So using an SBC would just add to the energy consumption.

But an SBC could be interesting anyway because there could be moments when I would want a phone to connect without the laptop dependency. So I would be interested in hearing how it works. Does the SBC also charge the phone over USB? Does the reverse tethering software exist that can run on an SBC? It would be cool to have this configuration:

phone → USB → SBC → ethernet → router…

Especially cool if the SBC could run Tor and proxy all traffic over Tor (though I suppose that job would best be served by the router).