Which is how we know their self-rolled encryption is shit.

There's a reason why Telegram CEO can be arrested when Signal's can't. Because Telegram has information they can give but refuse to whereas Signal give everything they've got, which is basically nothing.

Am I too harsh in believing that if you claim to have E2EE but I can't verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don't have E2EE? The whole point of encrypting my traffic on the client is I don't trust you. Why would I believe you aren't sending the encryption keys off to your server if I didn't trust you before?

Their TOS says they don't record but who knows..

The amount of malware you can cram in a source-code patch without drawing attention vs. in a binary is vastly different.

There's also the fact that if you want to ship binaries, you can just wget them from source during the build process. Not a perfect solution but much better than what's ventoy doing. The source code updates works the same in every project because it has to. That's why this is drawing more attention.

Yep, some people these are saying just 7 of the 150 binaries don't have source or build info. Yeah, one binary is enough to do all the evil in the world, not that other binaries support reproducible builds anyway.

It matters because nobody is going to check the hashes for all of the files match whenever there's a change so the maintainer can just replace them with whatever he wants.

I gave up gaming, I stopped wasting time and started getting more done. It really just gives me the freedom to do other things. When people say “user freedom,” it’s not just about the software; it’s about having control over one’s life.

This is cope. Gaming is not a waste of time. Pretending like legitimate and common use cases being unavailable on free hard/software is a plus won't do anyone any good. If you don't want to game that's fine. Lots of people do and it's no different than some other useless hobby most people have.

You don't have control over whether you can game if with the hardware you have.

I mean, assuming you're telling the truth about there being a competent group seriously attempting this, it's still "trust us bro" to conclusively claim it can't be achieved without providing a shred of evidence. This makes your original comment irrelevant and worthless.

Most people need more than a brick for their daily.

It is. Just put your card in your phone case if you really want to tap your phone to pay. Accepted in more places too :)

And it is safe to host HTTP services this way, say something like Immich or NextCloud?

So what's the point of Tailscale Serve? Does it just make HTTPS more convenient? I don't really get why I'd need HTTPS for a service I'm serving on my Tailnet.