Melody

Get Ready, Player 2!

S/MIME is insecure, outdated, depreciated, and should be discontinued; yet people don't want to adapt or grow or change.

Because some organizations do use S/MIME; all email software is required to implement it, that is if they want to be adopted and used by said influential organizations.

OpenPGP and PGP in general is secure but suffers from usability issues and is often wrongly painted as user-unfriendly. (it's really no worse than S/MIME, installing and managing keys is exactly the same hassle as it is with S/MIME.) The main issue is that some people are too lazy or resistant to change to adapt to it.

Lack of detailed audits...only in this case specifically...does not imply lack of security and/or privacy.

The protocol that Signal uses, which is in fact firmly audited with no major problematic findings, plus the fact the client is OSS is generally enough to lower any concerns.

The server side software in production for Signal.org is not OSS. It will not be. You are required to trust the server to use Signal; because the protocol and the client renders it factually impossible for the server to spy on your messages. The server cannot read messages; or even connect who is messaging who if the correct client settings are used. (Sealed Sender).

Non-OS stats software in general is not automatically lacking in privacy or security, particularly not in this case where the affected software does interact only with software that is verifiably open-source and trustworthy in general due to the protocols and how they are implemented correctly in a verifiable manner.

E2EE is, theoretically, secure. It certainly prevents a government from hoovering up your data when they casually cast too wide of a dragnet while "chasing a criminal". ...At least, when it is implemented honestly and correctly.

Now if governments wanted to properly backdoor some E2EE implementation; all they really need to do is compromise one end of the conversation. Of course, they want to be able to do it auto-magically; through delivering a court order to a single point; and not through busting down the door, or capturing the user of, one end or another of the conversation and compromising the device.

The question therein lies; do you as a person want the government to be forced to bust down a door? Some people think they should be forced to break doors and others do not feel that it is necessary. There are many diverse stances on this question; all with unique reasons.

It's clear to me that E2EE works properly...the governments would not be trying to "end Encryption" if it did not work. Therefore it stands to reason that E2EE is not compromised, if a government is forced to pass a law in order to compromise the encryption or turn it off entirely. That proves it works.

I just logically proved Encryption works, without even taking a stance on the matter. For the record however; I do support Encryption. I think this law undermining it is a massive governmental overreach that will quickly lead to that same government finding out how critical Encryption actually is to their people. Just give it time.

All that being said; I'm going to be watching carefully.

I still think they have time to backpedal, make it right, and clarify. I don't permit my installations to talk to their data collection services anyways; via network policies. I have no problem tightening those screws and forcefully disabling their telemetry in other ways as well.

If I have to migrate; well; I already have LibreWolf installed. I might try a few other forks next; to see which ones 'just work' with the web properly to protect my privacy while still allowing all websites to work properly as intended so long as I give that website appropriate permissions as I see fit.

I don't believe that anyone misunderstood the wording.

The problem lies within the broad meaning of the chosen words. If you are angry, you have absolutely every right to be.

Regardless of Mozilla's intent here they have made a rather large mistake in re-wording their Terms. Rather than engaging with a legal team in problematic regions; they took the lazy way out and used overbroad terms to cover their bottom.

Frequently when wording like this changes it causes companies to only be bound by weak verbal promises which oftentimes go out the door whenever an executive change takes place, or an executive feels threatened enough.

Do not be deceived; this is a downgrade of their promise. It is inevitable that the promises will be broken now that there is no fear of a lawsuit. There's nothing left to bind them to their promises.

The Mozilla foundation wasn't ever intended to remain "financially viable"; it was supposed to remain non-profit. They should be "rightsizing" and taking pay cuts instead of slipping a EULA roofie into their terms of use.

It is not only true; it is required by the WMF. Wikipedia and Wikimedia will go dark before it compromises those values.

Wikipedia can always be revived by it's massive worldwide community; on Tor even. Trump taking down the WMF servers won't help; the databases probably get backed up daily and would likely end up on torrents within moments of it being taken down.

As an editor with advanced rollback rights on Wikipedia; I can agree with the above statement.

It is Extremely Difficult; even with slighly escalated rollback rights such as mine; to push an agenda on Wikipedia.

WP:NPOV is a good read and the editing community and contribution culture on Wikipedia enforces it strongly.

EnWiki itself for certain has some very strong Page Protection policies that prevent just any editor from munging up the encyclopedia or changing history.

It's safe to say that Wikimedia cannot be bent or broken easily by special interest groups...Vandalism and PoV pushing is quickly quelled by sysops on Wikipedia. There are more of us editors than Elon could ever possibly hope to take on.

Not even Elon Musk gets to ignore Wikimedia policies. That will never change. They are written in blood and sweat and cannot be manipulated. The entire foundation is set up in a way that it always, eventually, cracks down on corruption and greed. Not even a cabal of admins, bureaucrats and Wikimedia Stewards can help you.

YES PLEASE!

Let the branches be forced to fight it out like a bunch of children in front of the SCOTUS; who will probably gleefully say "AHAHAHAH NOPE! You both get nothing, and I keep all of this power to myself."

This 100%.

The more valuable and critical a government employee knows they are; the more effective they can be by doing this.

Everyone in any federal agency who is resisting and who is being ordered to do something they object to should be falling to this maliciously compliant default to the maximum extent they can afford to do so. Gum up the works; extend out projects, stretch deadlines out, passively resist every step of the way and insist that every possible reasonable rule be followed to it's exact and literal definition...even if it's not common practice or expedient.

Exhaust the servants of the tyrant of their every resource; run these liaisons ragged; overload them with petty questions and minor, but critical, decisions; especially if they're bogged down. If you can make them quit or get fired by the cheeto in a non suspicious way; all the better. Making it impossible to keep a liaison in your department will keep them guessing if they keep quitting on their own due to extreme stress and overwork.

Anybody who is a Political Appointee should be considered a hostile co-worker automatically and kept out of every loop possible. Make them battle for every inch of information or status updates and give as little information as you can while only answering explicit questions. Bonus points if management is in on the game; and can ping-pong any information requests around violently across all the various managers and supervisors who each only leak a tiny tidbit of information.

This just means you wrap your signal links in a URL shortener.

A slight hassle; but all the more reason to hate the muskratt.

We should be quietly linking anyone with a need to send a signal link to a nice privacy respecting URL shortening instance somewhere that will basically delete the link in 3-7 days unless told otherwise to keep it around by the user at creation.

Heck; host your own URL shortener while you're at it.