a bit of context:

• I Still Know What You Visited Last Summer

• https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_selectors/Privacy_and_the_visited_selector

• https://www.theregister.com/2025/04/07/chrome_135_history_sniffing/

When it’s libre software, we’re not banned from fixing it.

Signal is a company and a network service and a protocol and some libre software.

Anyone can modify the client software (though you can’t actually distribute modified versions via Apple’s iOS App Store, due to Apple’s binary distribution system being incompatible with GPLv3… which is why unlike the Android version there are no forks of Signal for iOS) but if a 3rd party actually “fixed” the problems I’ve been talking about here then it really wouldn’t make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.

Signal (the company) must approve of and participate in any change to Signal (the protocol and service).

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

I don’t know what you mean by “bait” here, but…

Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

(fuck whatsapp and discord too, of course.)

it’s being answered in the github thread you linked

The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.

That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).

This can be separated into two different questions:

1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:

For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.

False.

You can configure one or more of your profiles’ addresses to be a “business address” which means that when people contact you via it it will always create a new group automatically. Then you can (optionally, on a per-contact basis) add your other devices’ profiles to it (as can your contact with their other devices, after you make them an admin of the group).

It’s not the most obvious/intuitive system but it works well and imo this paradigm is actually better than most systems’ multi-device support in that you can see which device someone is sending from and you can choose to give different contacts access to a different subset of your devices than others.

You can just make a group for each contact with all of your (and their) devices in it.

Messages are private on signal and they cannot be connected to you through sealed sender.

No. Signal’s sealed sender has an incoherent threat model and only protects against an honest server, and if the server is assumed to be honest then a “no logs” policy would be sufficient.

Sealed sender is complete security theater. And, just in case it is ever actually difficult for the server to infer who is who (eg, if there are many users behind the same NAT), the server can also simply turn it off and the client will silently fall back to “unsealed sender”. 🤡

The fact that they go to this much dishonest effort to convince people that they “can’t” exploit their massive centralized trove of activists’ metadata is a pretty strong indicator of one answer to OP’s question.

deleted by creator

The network never went down.

You say that but, everything I ever posted on identica (and also on Evan’s later OStatus site Status.Net, which i was a paying customer of) went 404 just a few years later. 😢

When StatusNet shut down I was offered a MySQL dump, which is better than nothing for personal archival but not actually useful for setting up a new instance due to OStatus having DNS-based identity and lacking any concept for migrating to a new domain.

https://identi.ca/evan/note/6EZ4Jzp5RQaUsx5QzJtL4A notes that Evan’s own first post is “still visible on Identi.ca today, although the URL format changed a few years ago, and the redirect plugin stopped working a few years after that.” … but for whatever reason he decided that most accounts (those inactive over a year, iiuc, which I was because I had moved to using StatusNet instead of identica) weren’t worthy of migrating to his new pump.io architecture at all.

Here is some reporting about it from 2013: https://lwn.net/Articles/544347/

As an added bonus, to the extent that I can find some of my posts on archive.org, links in them were all automatically replaced (it was the style at the time) with redirects via Evan’s URL shortening service ur1.ca which is also now long-dead.

imo the deletion of most of the content in the proto-fediverse (PubSubHubbubiverse? 😂) was an enormous loss; I and many other people had years of great discussions on these sites which I wish we could revisit today.

🪦

The fact that ActivityPub now is still a thing where people must (be a sysadmin or) pick someone else’s domain to marry their online identity to is even more sad. ActivityPub desperately needs to become content addressable and decouple identity from other responsibilities. This experiment (which i learned of via this post) from six years ago seemed like a huge step in the right direction, but I don’t know if anyone is really working on solving these problems currently. 😢

Lmao that my pedanticism could be perceived as BSD advocacy - fwiw, I primarily use GNU/Linux, I develop GPL-licensed software, and I think GPLv3 or AGPLv3 are good choices for many new projects starting today.

My opinions about the history and future of copyleft are somewhat complicated but I didn’t mention any opinions in the comment you’re replying to - I was just correcting your factual misunderstandings about the accepted definitions of these terms.

Is this a spam campaign?

Five of the eleven comments so far (including one from OP) are all recommending the same service; all five are from accounts less than 2 months old with a one or two digit number of comments 🤔

Do tech journalists at the New York Times have any idea what they’re talking about? (spoiler)

I started to python one and half week ago. So I’m still beginner.

Nice work! Here are a few notes:

The WeatherApp object has a mix of attributes with long-term (eg self.LOCATIONS) and short-term (eg self.city) relevance. Instance attributes introduced in places other than __init__, which makes it non-trivial for a reader to quickly understand what the object contains. And, actually, self.{city,lat,lon} are all only used from the add_city method so they could/should be local variables instead of instance attributes (just remove the self. from them).

There seem to maybe be some bugs around when things are lowercase and when not; for example checking if self.city.lower() in self.LOCATIONS but then when writing there the non-lower self.ctiy is used as the key to self.LOCATIONS.

The code under if rep == "1" and elif rep == "2" is mostly duplicated, and there is no else branch to cover if rep is something other than 1 or 2.

It looks like the config only persists favorites so far (and not non-favorite cities which the user can add) which isn’t obvious from the user interface.

Passing both location and locations into WeatherAPI so that it can look up locations[location] is unnecessary; it would be clearer to pass in the dict for the specific location. It would also be possible to avoid the need for LOWLOCATIONS by adding a non-lowercase name key to the per-location dictionaries that just have lat and lon right now, and then keeping LOCATIONS keyed by the lowercase names.

HTH! happy hacking :)

By “solar power in operation” (in GW) i think they mean maximum output capacity rather than actual production, since these numbers add up to 923 GW while wikipedia says in 2024 there was 2.13 petawatt-hours (243 GW on average) actually produced by solar.

These articles were stolen, by the paywall operators. Elbakyan rescued them from the thieves. 🎉

encryption would prevent the modem from seeing it when someone sends it, but such a short string will inevitably appear once in a while in ciphertext too. so, it would actually make it disconnect at random times instead :)

(edit: actually at seven bytes i guess it would only occur once in every 72PB on average…)

As I wrote in the thread about this last month on !linux@lemmy.ml:

I wonder how much work is entailed in transforming Fedora in to a distro that meets some definition of the word “Sovereign” 🤔

Personally I wouldn’t want to make a project like this be dependent on the whims of a US defense contractor like RedHat/IBM, especially after what happened with CentOS.

and, re: “what do you mean ‘redhat is a defense contractor’?!”: here are some links.

(source)

poe’s law exemplar 😬

Russian propaganda

ah yes it’s that notoriously pro-russia website hrw.org 😂