Oh, they trust the government too, or would say so if asked. Kinda “work with the system and the system works with you” trust, firm belief in not making waves or drawing undue attention to yourself. And, well, it works for upper middle class native white people in EU, if you can look away or give your silent consent to whatever is happening.
Big companies and the government are familiar 🙄, known 😐 and thus safe 😑.
My messenger needs to be one my 70+ parents, who trust big companies and mistrust anything too small, or different, or “extreme”, are willing to use. Getting them to install Signal so we could still have our family group chat after I deleted WhatsApp was a major win. Scanning each others’ QR codes, having to go through some process when they change phones…? Yeah, they would’ve been scared of being “put on a list” and wouldn’t have gone through the technical stuff even for me.
As a relative newcomer to the privacy community, I don’t remember constantly hearing about things being overreacting. What I do remember hearing is to think about your threat model and behaving accordingly, to not over-sacrifice convenience for things that aren’t a priority to you.
Amen to that. Everyone has their own balance point, Calyx seems to hit that for many.
Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.
And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.
There’s also the Lineage-based DivestOS that attempts to keep up with more security updates, and relocking the bootloader in phones that support it.
I don’t know how the Play Store version does push notifications, but Molly, and I think the apk from their site, work just fine on degoogled phones without Google services.
I don’t remember what name it has, but missing it breaks push notifications on most “normal” apps. Many FLOSS ones are coded to have their own methods that don’t transmit data to Google, and it appears at least some versions of Signal do too.
My threat model doesn’t include state level actors taking an active interest in me, so for my purposes Signal would be secure enough, if only I got people to adopt even it.
https://molly.im/ Especially the FOSS version. Need to manually add the repository though.
They’ll keep bringing this up again and again and again until it passes, huh.
Next Council deliberations and vote in October-December.
Depends a lot on your peer group, but I have even fewer contacts that use PGP than ones that use either service. :/ Just tried to keep it simple.
What all do you consider “synchronizing” to include? I mean, the calendars won’t, but using Etar+NextCloud for calendar, and Tuta for email, has worked fine for me. Of course it means that my calendar isn’t encrypted.
I just tested sending an ICS event to both. The Tuta app offered to open it on Etar, and Etar offered the default calendar with dropdown for others, just like normal. (Strangely it didn’t even offer to open on Tuta’s own calendar, which is in the same app; maybe because I’ve added no calendars there?) Proton’s app (which may be out of date, the mail app isn’t on F-droid, either publicly or in an official repository, and I’m a lazy updater) wanted to open it on Proton Calendar only when I don’t even have it installed.
Proton’s bridge OTOH worked really well for me for syncing to Thunderbird, probably works as well for Office too.
First thing you need to understand is that the smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton, so in rare cases. Encryption at rest, which is what tuta-to-proton, gmail-to-tuta etc. can do, is something that a lot of other email providers do too.
I’m currently in the process of moving from Proton to Tuta, because despite several years of promises, the Android client for Proton still doesn’t do non-google push notifications. Also because if you just need email with your own domain, Tuta is much more price-friendly. (The tier also includes unlimited calendars and event invites, which I haven’t tried.) If you also want VPN and encrypted storage, the balance tips.
I don’t use the calendar from either, so can’t talk for their properties. I prefer seamless calendar integration for wrist gadget integration and such, so using NextCloud Calendar + DavX. For smooth integration with encryption, could also look into Etesync. I think you’ll be able to share an ics attachment from either of those through your normal calendar.
Germany is a 14-eyes-country, but since I’m just privacy conscious and my threat model doesn’t include international-coordination-level actors (barely state level, am in the EU but not German, so eh, far enough), it doesn’t matter that much to me. Proton also has to obey court rulings.
Same. Hetzner has a solid business in hosting, they don’t make their money from mining my data. They’d hand it over for a lawful request, but the data is not -that- secret and thus possible false accusations aren’t really an issue.
I’ve barely hosted anything and those must have leaked like a sieve. Trusting Hetzner way more.