In the meantime, I haven’t seen any way to prevent companies from unethically exerting their will over the public that works any better than involving multiple parties in it that are not necessarily aligned and do your best to prevent collusion

This is just decentralization. This is literally what I alluded to in my root comment. Crypto solves these problems

Governments are centralized control. Just take a look at the current US administration, and the economic sanctions they pushed left and right. You trust them to keep their hands off transactions happening within their own country?

I’ve heard quite a few PyPi and Cargo attacks though, but I bet the main reason why hear NPM so much is simply because NPM is the biggest, and thus the most valuable target

because it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).

how do we create a system for digital payments without introducing centralized control (and therefore censorship)?

watches as lemmy tries their best to say anything except crypto

Very cool, I’ll have to spin up some VMs and test it out myself. Thanks for all the info!

Wow cool! I believe you’re the first person I’ve met that actually used a cluster FS (in their homelab at least). I looked into it myself but it felt like nobody was really using it so I didn’t bother.

Does it involve much more work or is it a fairly transparent replacement to traditional storage options? Assuming one is already using Kubernetes. I’m wondering if it’s worth it to switch to a cluster FS for everything, like Radicale or Tiddlywiki.

haha what a riot! I may be paranoid but I’m not schizophrenic, the voices told me so.

Well it was a blast chatting with you friend, beware of the ip-monitoring governments and stay safe out

Have you tried using Ceph or other distributed storage systems in your kubernetes cluster?

I’m aware of databases that support HA, but the vast majority of self-hosted apps I’ve encountered use file storage, even if they have a database as well. It sounds like you’re proposing shared storage like an NFS share. But if you’re upgrading nodes, at some point you have to upgrade the node hosting the shared storage right? Wouldn’t that take down all services? Unless you use a distributed storage system, but I’ve heard those can get very complicated…

have you found many self-hosted services that suppprt that kind of HA? I can’t imagine services like torrent clients allowing you to stream writes to one node while replicating to the other, though maybe I’m misunderstanding the setup

so it sounds like this is more for group chats, to ensure at least one member is online at all times. Otherwise, if it were just 1-1 messaging, and one person’s phone went offline, the other person would have to wait until it was back online to send a message, right?

It’s important to not go down that route because if you can’t ever trust then you can’t believe you can ever have privacy or anonymity except when you completely retreat from all communication or interaction both electronically and physically.

I do agree that it’s an extreme threat model, so it’s not one I use personally. I guess some people may try anyways though 😅

here’s an article about the proton case: https://www.schneier.com/blog/archives/2021/09/protonmail-now-keeps-ip-logs.html

That was a colorful and fun read, can’t say I can match that. But I think if you are against the feds the assumption has to be that they infiltrated the other party. This is the whole reason why canaries exist. Because many jurisdictions allow the feds to force companies to do things and keep silent about it (gag order). For example, Protonmail was once forced to log IPs to track down the owner lf an email account.

By the same token, if Posteo is able to associate a nonce to an account, then they’re also able to tell the feds. Even if you are in a different jurisdiction from Posteo, feds can work across state lines through international agreements (which I think was also the case in the Protonmail case).

ok first off, this community is about self-hosting, there just happens to be a lot of overlap between people who self-host and people who care about privacy.

And if you thought privacy was about distrust, that is a very unhealthy view. Privacy-minded folk simply have different principles than the mainstream. But if somebody comes along that shares those principles, then trust can be earned.

OP’s product is open-source and self-hostable. This is aligned with the community. I’m not saying to throw money at the product before it’s released, but it’s worth keeping an eye on, and showing support for.

Ok so you’re a troll then. Fearmongering doesn’t help the community. If you’re against something give evidence. There’s a balance between fearmongering and blind hype.

this reply adds nothing. Please explain your position

You don’t have to pre-order, just wait until it’s released and buy it then. And in this case you can get a raspi and test the product for yourself, so why spread FUD?

Matrix. Bitwarden. Nextcloud. There are many examples of open-source, self-hosted applications that have for-profit companies that offer to host them for you as a service. Now if you use one of those Nextcloud providers to store your notes, can that providers read all your data? Of course. But for people who don’t want to self-host, it’s often a more trusted option than Google.

“they know you care about privacy” as opposed to the actual thing they know, which is simply that you mailed a letter

I should have been more specific. They are looking for somebody that mailed cash to an email service for account X. They know the mail came from postbox Y. They use surveillance footage and other factors to find the 10 people that used postbox Y that day. etc.

And yes the Monero blockchain is public, just like Tor traffic, but it’s all encrypted.

The opponent still has orders of magnitude more resources than you

Except with Tor and Monero, it’s not them vs you, its them vs everybody using Tor and Monero. That’s way harder. My point was that targeted surveillance is game over. Trying to break Monero is not a targeted attack. And the number of exploits on Tor and Monero are much more known than the number of exploits known for physical methods. You can look them up. Again, the fact that all this information is public is a good thing. It means security can improve over time. Hackers get better too, but if we look at history, in general computer security gets the upper hand over time. For example look at how hard it is to jailbreak an iPhone nowadays.

Physical methods is where there actually might be a million exploits. Nobody knows how secure they are, and anybody who claims to know is probably overconfident, with very little rigorous evidence.