• 16 Posts
  • 9 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle














  • I probably wouldn’t bother. I can think of two scenarios you might get spied on.

    1. Through your browser you’ve granted a website access to your webcam (Zoom etc.) and left a tab open. Maybe it could activate it when you weren’t expecting?
    2. Someone has used a vulnerability to take control of your computer to the degree it can access your webcam directly. Desktop linux software doesn’t usually have meaningful isolation between software running as the same user, so at this point they can grab all your data, passwords, take screenshots, etc. and the webcam is just the cherry on top.

    I expect most people don’t do (1) very often, let alone for sketchy websites, so IMO it doesn’t make much difference either way.









  • You’re putting yourself in a tough position by asking for both E2EE and the ability to use from a browser. You have to trust the web app each time you open the page, and hope that they haven’t altered the deal to simply grab your data after it’s been decrypted by your password. I have no idea how likely it is that Standard Notes would do that but I’d reconsider the browser requirement specifically if E2EE is non-negotiable for you - an offline open source client program would be a much stronger position.

    For my money, I use local text files and SyncThing but it’s probably not spiffy enough for many people/purposes.


  • IME something like Signal is an easy sell since it’s simple and works well. For all the fair criticism about relying on phone numbers it makes the onboarding easy. For other things compartmentalising helps, e.g., “okay we’ll collaborate using this cloud file storage but I personally will be accessing it through the browser while keeping most of my files in a SyncThing over here”. While I self-host certain things I don’t volunteer to do that for family/friends because it will be too frustrating for everyone if/when I let them down.

    In this kind of situation there’s a fine line between someone who maximises their privacy through tech decisions and someone who makes their “correct” tech choices their self identity. If you drift into the latter, being asked to compromise can feel like an attack, leading to overreacting and coming across as insecure and annoying. Not to psychoanalyse anyone in particular but sometimes I think people need a reminder.