Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

  • jax@awful.systems
    link
    fedilink
    English
    arrow-up
    7
    ·
    4 months ago

    Proton kept popping up massively recommended while some occasional critical mentions from folks in anarchist circles, etc - made me a bit 🤨 and want to dig in more,

    No surprise that folks in anarchist circles are skeptical of Proton ha. That said, I do know quite a few people in the email “industry” who are broadly skeptical of Proton’s general philosophy/approach to email security, and the way they market their service/offerings.

    Others I poked into are fastmail and tuta - both seem a fair bit better. Might be worth a look

    Fastmail has a great interface and user experience imo, significantly better than any other web client I’ve tried. That said, they’re not end-to-end encrypted, so they’re not really trying to fill the same niche as Proton/Tuta.

    From their website:

    Fastmail customers looking for end-to-end encryption can use PGP or s/mime in many popular 3rd party apps. We don’t offer end-to-end encryption in our own apps, as we don’t believe it provides a meaningful increase in security for most users…

    If you don’t trust the server, you can’t trust it to load uncompromised code, so you should be using a third party app to do end-to-end encryption, which we fully support. And if you really need end-to-end encryption, we highly recommend you don’t use email at all and use Signal, which was designed for this kind of use case.

    I honestly don’t know enough to separate the wheat from the chaff here (I can barely write functional python scripts lol - so please chime in if I’m completely off base), but this comes across to me as an understandable (and fairly honest) compromise, that is probably adequate for some threat models?

    Last time I used Tuta the user experience was pretty clunky, but afaik it is E2EE, so it’s probably a better direct alternative to Proton.

    • froztbyte@awful.systems
      link
      fedilink
      English
      arrow-up
      7
      ·
      4 months ago

      re fastmail, david mentioned a thing I wasn’t aware of so they’re off the list now, more or less just going to forget they exist except as a counter-recommendation

      this comes across to me as an understandable (and fairly honest) compromise, that is probably adequate for some threat models?

      they’re sorta saying “yeah just use external GPG like before”

      albeit I will say their reasoning is a bit fucked in the head imo: that “if you can’t trust the server” shit applies equally for whether it’s serving you up the page elements to do message cryptography, or whether it’s serving you up a normal webmail client. I think I know/understand where they meant to go with it, but the wording they picked is quite shit

      I set up a tuta domain for a thing about a month ago. it could’ve been a bit smoother (esp. domain/dns state checks) but I didn’t find anything immediately jarringly bad - and I was even drunk at the time (which means my diy-able supergrump comes out about this sort of shit). will see how it goes over some longer use :)