Credit to https://www.reddit.com/user/lukakopajtic/
There might be some changes that could improve it further:
- ~~Remove Brave~~
- ~~Maybe add Signal; It's easier than Element, but it's also centralized~~
- Stop suggesting Linux Mint specifically
- Recommend Hosted Nextcloud
- ~~Add GrapheneOS~~
- Maybe add Delta chat
- ~~Maybe remove Bluesky~~
- ~~Remove Stremio and add Jellfyin (even though it's selfhosted and not a direct equivalent)~~
- ~~Add ente because Immich is selfhosted~~
- ~~Add aurora~~
- ~~Add SearxNG~~
- Add SimpleX
- Add lichess
- Add pCloud
Any other suggestions?
Temporary improved version:
| From | To | Compromise |
|---|---|---|
| X, Threads | Mastodon | Bluesky |
| Pixelfed | ||
| YouTube | PeerTube | ReVanced (just blocks adds) |
| Lemmy | ||
| Netlix, Disney+ | 🔨 Jellyfin | |
| Google Meet, Zoom | Jitsi Meet | |
| Google Docs | Etherpad | |
| Google Search | 🔨 SearxNG | Kagi, Ecosia |
| Google Drive | Nextcloud | pCloud, filen, Proton Drive |
| Google Photos, iCloud | Immich | Ente |
| Google Chrome | Librewolf, Firefox | Ungoogled-chromium |
| All messaging apps | Element (matrix) | Signal |
| Google Home, Amazon Alexa | Home Assistant | |
| Play Store | F-droid, Aurora | |
| Google Android, iOS | LineageOS, GrapheneOS | |
| Windows, MacOS | Linux Mint |
🔨 = Self-Hosted only (requires running a server)
If everything is e2e encrypted do servers actually matter?
yes. Metadata. some protocols leak more info than the others.
Also servers in only one place (institution), only makes it easier for the government to go to that place and seize them.
And what metadata is Signal leaking? As far as I know even their notifications are not sending the message.
The government seizing an entire batch of amazon servers seems unrealistic, but the data would be encrypted anyway. Do they even store messages on servers, anyway?
We don't know. We don't have access to what's running on their servers. (yes i know that the source code is available, but there's no way to check if that's the same thing running on the servers). And this is a problem for me: i have to trust a walled garden.
Usually the government goes there a just takes whatever is in the rack they want. Screw the legal business that are there. That's what happened with the pirate bay raid. If the US government wants to shut it down. It just needs to knock on the amazon door.
The problem is that you have to trust them. You have to trust a chain of organizations based in the US. Signal pays millions (who pays for this? i have my doubts that monthly donations will pay for this forever) to amazon for the servers. So using them and sending them money is the same as giving money to amazon.
If you are fine with these risks, then use it. Better using signal than using messenger and whatsapp.
Aren't they audited, tho?
But isn't this true for most services, such as Matrix as well? Nothing assures that a Matrix instance is running the exact code on git.
But if your threat model is the goverment, aren't all services affected as well? If they want to take element's servers, they will. If you selfhost and they want to take your server, they will?
I feel like in communication apps you're always going to have to rely on trust. Even if you self-host in a Swiss server, with the best intentions and security practices... Other people are going to have to trust you. You trust yourself, but others might not.
It's valid for any server. But for signal messaging is even worse than the competitors because it's centralized.
Correct. With signal there's no way to escape the US government, but with matrix (or other federated protocol) you can make it harder, so it won't be worth it the resources spent. You can also host it where the US government don't have any reach.
But who is more trustworthy? The US government or the swiss government?
Also, the point is to avoid american services. Signal is an american service.