Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)TR
trickster @infosec.pub
Posts 0
Comments 7
Session vs simplex or other alternatives?
  • It depends on many things, such as a threat modeling, opsec, etc. In terms of privacy and security [email protected] seems to be superior.

    Several reasons to that:

    • SimpleX doesn't have IDs, unlike Session. Which makes it more anonymous and private;
    • Ofc things like E2E encryption, forward secrecy and others;
    • Message mixing is and underrated feature, as well as content padding;
    • It has amazing security features such as self-destruct passwords, and a couple of others;
    • Can be self-hosted;
    • No need for phone number;
    • Leverage several 'accounts';

    I have read their white paper, and is worth the time. Also, one of the episodes of the Opt Out podcast is with the SimpleX creator. I suggest listening. I personally liked the way he conceptualizes decentralization, and problematozes protocols.

    I found SimpleX to be the best of all private messengers. Better than Session, Signal, XMPP, DeltaChat, and others. It is also more convenient than Briar and Threema.

  • What would you consider your threat model?
  • Privacy to me is not the goal, not an end. Rather, it's means to an end.

    My threat model resembles one of an activist.

    If you're interested, here's a great framework for approaching privacy and security in a complex, systematic and consistent way: https://linddun.org/go/

    It helped me and the people.

  • OneNote alternative to make a knowledge base
  • I had almost the same question. So let me quickly share what I came up with.

    I have a ton of notes in different areas. By I was not happy with the way Obsidian worked – synchronization specifically. I didn't want to pay for it. So I got on a quest for the perfect note-taking system. It had to be:

    • Markdown-first. Because we all know why;
    • Interoperable. That is as few additional flavors and things added as possible;
    • Portable. Such that I could open my Notes folder in any app;
    • Synchronization. With as few additional crutches as possible.

    Main text editor

    Desktop. I use [email protected]. It has marksman LSP (meaning markdown support out of the box). This is how I know no other app is involved into writing process (no telemetry, etc). Also zero task switching this way. I still use [email protected] from time to time. I don't use Logseq because it has opinionated file structure, which doesn't meet my interoperability need. Also, I don't always need an outliner. You can turn this feature on in Obsidian, but you can't turn it off in Logseq.

    Mobile. I use the simplest markdown-capable apps for iOS and Android. Also, don't forget Cryptomator.

    Sync. For the most part I use [email protected] to sync all the notes. Such that they are not uploaded into any cloud storage. I don't use iCloud, or rather almost never use it.

    As for your question. Obsidian is a pretty good choice because of its extensibility, portability, and interface. Although it easy to get lost in the plugin rabbit hole. Its desktop and mobile (if you go for it) privacy policy is pretty solid. Client-first markdown app – nothing more and nothing else.

    Lastly, there is this idea that one needs to sync notes via some cloud. Not true. You should consider your threat model first. Cloud sync is not must. In some cases, Syncthing is more than enough, is more private, and might be a more secure option (as it reduces your surface of attack to some extent).

    I guess that's all

  • Is the Proton (Mail, VPN, Password Manager) ecosystem any good?
  • I agree with what others have already said about Proton being "good enough" for some threat models. And I second the argument about other options – such as Tuta for email, Mullvad for VPN, etc.

    I'd just add one more thing. Once a company offers me to "handle" my digital privacy toolkit, I loose trust. Because a) it's less resilient b) less secure c) less private. I would think twice before trusting emails, calendars, contacts, passwords and network security — to a single company.

  • Which Email provider Tuta or Proton?
  • I personally suggest Tuta (and I use it daily) over Proton. Several reasons:

    Proton:

    1. it is leaky in terms of social graph encryption. Sun Knudsen has a great video about it (https://youtu.be/GdDFUycXR_M&t=0)
    2. had this case about the climate activist (https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification). And since they position themselves as a privacy company, this looks disturbing.
    3. I'd prefer a such a privacy oriented company to be more open to anonymous payment methods.

    Overall, Proton seems like a little more privacy-conscious Gmail alternative.

    Tuta

    1. doesn't use Google/Apple notification servers
    2. encrypts more stuff than Proton

    PS In both cases, emails are not end-to-end encrypted. Even though both are marketed with E2E encryption by default. Again, Sun Knudsen has a great video about the topic (https://youtu.be/G2Jh8bQ2wM8&t=501).

    Also, as far as I remember, Proton is more expensive while having less features (the cheapest option) than Tuta.

  • Filen cloud
  • Film is a nice, up and coming company. I tried their services, all works. Client-side encryption is definitely a great feature. The downside for me was how the iOS app literally kills the battery.