I’m using https://github.com/user234683/youtube-local and it’s working without issue.

What’s driving me nuts is that people will focus on the glasses.

Yes, the glasses ARE a problem because Meta, despite being warned by experts like AccessNow to SHOW when a camera is recording, you know with a bright red LED as it’s been the case with others devices before, kept it “stealthy” because it’s… cool I guess?

Anyway, the glasses themselves are but the tip of the iceberg. They are the end of the surveillance apparatus that people WILLINGLY decide to contribute to. What do I mean? Well that people who are “shocked” by this kind of demonstrations (because that’s what it is, not actual revelations) will be whining about it on Thread or X after sending a WhatsApp message to their friends and sending GMail to someone else on their Google, I mean Android, phone and testing the latest version of ChatGPT. Maybe the worst part in all this? They paid to get a Google Nest inside their home and an Amazon Ring video doorbell outside. They ARE part of the surveillance.

Those people are FUELING surveillance capitalism by pouring their private data to large corporations earning money on their usage.

Come on… be shocked yes, be horrified yes, but don’t pretend that you are not part of the problem. You ARE wearing those “glasses” in other form daily, you are paying for it with money and usage. Stop and buy actual products, software and hardware, from companies who do not make money with ads, directly or indirectly. Make sure the products you use do NOT rely on “the cloud” and siphon all your data elsewhere, for profit. Change today.

I’m curious, any advice on that? How does one do “good” telemetry? I’m the first to complain about Microsoft, Apple, (even worst) Google, Meta and now OpenAI collecting data to sell me stuff… but it’s true that also some data is needed to get some kind of introspection in terms of usage. Developers need to understand what is actually happening with the software they develop.

Now I’m wondering specifically about 2 side :

• how to do the data collection correctly (e.g local only, only send on crash, only send without PII, store only aggregate)
• how to get informed consent from users (e.g off by default, UX that supports understanding of why it’s done and how)

I’m genuinely glad that the mindset around privacy have changed since the last few years but I’m wondering how, when it’s a genuinely positive good case (to truly make better products), to do it.

I forgot the exact number but while installing Debian (Bookworm and Sid) this weekend I was shocked by how small the base install, with a window manager (“big” one by your standards, i.e KDE), was. Maybe 2Gb, definitely less than 4Gb. It all worked fine, I could browse the Web, print, edit rich text, watch video, etc.

I installed a ton more stuff since, e.g Steam, Inkscape, Python libraries for computer vision, etc and it’s still not even 10Gb.

So… my suggestion is the same as I shared earlier in https://lemmy.ml/post/20673461/13899831 namely do NOT install preemptively! Assuming you have a fast and stable connection I would argue stick to the bare minimum and all add as you need.

In fact… if you want to be minimalist I would suggest to do another fresh install (it’s fast, less than 1hr and you can do something else at the same time) and stick to the bare minimum right away.

TL;DR: don’t get rid of, just avoid adding from the first place.

It’s a tricky situation to navigate.

There is the technical aspect, namely is it actually feasible, but itself wrapped within an economical and political context, as I’ve highlighted in another thread on this post.

On one hand we learn from Snowden’s leaks about an entire surveillance apparatus, we might also have a conceptual understand of limitations via articles like “On trusting trust”, plain incompetence and shortcuts for large companies, so all that and more invite us to be very prudent. Those are actual justifications for questioning what hardware, if any, can be trusted.

Yet… one can’t go from those justifications to speculate. Yes there might be flaws, intentional or not, in both the design or the production or both of chips. Still, it’s not because it’s conceptually possible, or even that it happened before, that it does happen today and at scale.

Your System76 is an interesting example and it’s a bit like my Banana Pi tinkering, or even more limited (yet exciting IMHO) the Precursor. Namely it’s a very costly trade off today to “work” with hardware one can (at least try to) understand better, hopefully itself leading to better privacy and security. In the end most of us believe the trade off for more affordable performances trumps that deeper understanding.

I must express myself quite poorly. It is not a point about technical knowledge, in fact if you were to know more about the topic than I do, I would expect you to even more be upheld to higher standards and thus not promote a bad solution, even more so assume it’s the only one. I can’t imagine that even a PhD student who is supposedly at the frontier of knowledge in their very narrow field would assume no alternative is possible, or will ever be. This even more the case without having both a complete understand of the landscape but also about OP’s actual needs, which is probably hard to express clearly and thus leading to a lot of assumption. Here maybe a simple loud alarm from a BT speaker going out of range might be enough.

My whole point is that abandoning hope, and leading others to do so, is worst than actively finding for a barely OK compromise.

Anyway I don’t want to invest more energy on this discussion unfortunately so simply wishing you the best, thanks for the clarifications.

I imagine it’s like everything else, you can only realistically verify against a random sample. It’s like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.

Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or “just” a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.

I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they’ll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn’t work.

They asked for an alternative to airtags. I provided one.

And even though I’m not OP I’m genuinely grateful for that.

Doesn’t matter if they were compromised because like I said, everyone is eventually.

No! That’s the whole point of this Privacy community! If someone is using, using home automation as an example, Apple HomeKit or Roomba or Google Home they will eventually get compromised BUT if they are using something local, e.g Zigbee with HomeAssistant they WILL never get compromised because by the very local only architecture of that solution no data is leaving the home and thus can NOT be compromised.

The ENTIRE reason d’etre of this community is not to say “Oh well… the default solutions are imperfect, we have to shrug and accept the statu quo” but rather provide genuinely alternative.

I understand a lot of people can enter into a learned helplessness mindset imagining that only poor solutions exist and thus, better pick the least worst one, but by doing that we are giving power to Big Tech, surveillance capitalism, etc.

Please do NOT say that “everybody gets compromised” when you actually mean that “the vast majority of people who accept to use a popular solution with trade offs that are not good for privacy”. It sounds like a finicky difference but it’s actually totally different because it shows that it’s not inevitable.

By taking shortcut in your language you limit what’s conceived as possible by others who are asking for help, again, in a Privacy focused community.

True yet still not OK.

That’s also why a lot of us do try to avoid, as much as is realistically feasible, to provide any data to any company that should store it. Hence why a lot of questions here are about self hosting, no cloud, etc. It’s not paranoia, it’s because companies cut corners and as you correctly point out, fail to keep us safe. So it’s not about Tile specifically, they are just yet another poor example. Let’s not defend them nor this kind of practices. If people in the Privacy community are OK with that, we have a rather deep problem.

The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it’s been built?

Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?

I’m not saying it’s intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.

I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.

Buying other hardware that you (well… not me ;) can inspect and verify, e.g RISC?

For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what’s actually personal on a verifiable processor, e.g browsing and reading emails, and what’s not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that’s the main idea behind them both, i.e knowing, as a community, how it works all the way down.

Neat.

Warning disclaimer : I’m not a cryptographer.

I actually tinkered with https://github.com/open-quantum-safe and it’s actually quite simple to become “post-quantum” whatever. The main idea being that one “just” have to switch their cryptographic algorithm, what one uses to encrypt/decrypt a message, from whatever they are using to a quantum-resistant (validated by NIST or whomever you trust to evaluate them) and… voila! The only test I did was setting up Apache httpd and querying that server with Chromium and curl, all with oqs, while disabling cryptographic algorithms that were not post-quantum and I was able (I think ;) to be “safe” relative to this kind of attacks.

Obviously this is assuming a lot, e.g that there are not other flaw in the design of the application, but my point being that becoming quantum-resistant is conceptually at least quite simple.

Anyway, I find it great to demystify this kind of progress and to realize how our stack can indeed, if we do believe it’s worth it now, become resistant to more threats.

RPi with minidlnad, all devices at home from computers, phones, tablets, video projector, even VR HMD, can play content with e.g VLC.

Very quick to install (basically have a media directory with your videos inside) and still very flexible, e.g new content is added simply by copying from any other device with access, e.g scp which itself can be a script after downloading something.

I keep track of parts of such a solution at https://fabien.benetou.fr/Content/SelfHostingArtificialIntelligence namely TTS, STT, LLM, etc. There is also a recent HomeAssistant article https://www.home-assistant.io/blog/2024/06/07/ai-agents-for-the-smart-home/ which is quite interesting… but also concludes that they don’t believe it’s ready for prime time for most.

If you have specific use cases in mind, happy to give more pointers for solutions I believe might fit. That being said I’m not personally convinced as I don’t use any assistant on a daily basis. Still I believe FLOSS alternatives are interesting to consider for any topic.

Definitely not the most optimal path. It’s arguably the result of terrible deals from the previous government starting with Nord Stream pushed by Gerhard Schröder directly profiting from it. It is sad how to see how individual greed has an impact on millions of citizens. Unless this kind of corruption has actual consequences, it will happen again. The effect here has been accelerated with the war in Ukrain. Hopefully Germany can find better compromises because this was a terrible bet. Interesting also to compare how Belgium handled a similar situation, namely reverting the decision to step away from nuclear.

Look at /r/deGoogle and you will, sadly, see a lot of people that have a problem stopping.

A typical example is how services from Google, e.g Google Docs, Meet, etc do everything they can to avoid not logging in, and while having to do so, prefer to use a GMail acccount, or “at least” a Google account (which might not require a GMail email).

So… a drug no but a dependency hard to ignore for a lot of people, the same way some people feel “forced” to use WhatsApp.

You are extremely privileged if you never felt that way.

To not rely on it anymore? Not be tempted?

I suggest to delete it but giving yourself a grace period, e.g 1 year where you redirect emails until you are sure you updates most people and services accordingly. After that period, better to delete and this way hope that Google doesn’t have any of your data anymore.

What if your domain registration lapses and someone else grabs it?

Registrars do warn quite a bit but indeed you can add a yearly notification 1 week ahead in your calendar.

What if you can’t afford the cost five years from now?

You are in quite deep trouble then because the registrar itself is relative cheap, e.g $10/year. It also does not seem to increase significantly. If you can’t afford that you probably should focus on basic necessities first. If you are serious about it though, just like with the yearly notification, set $1/month just for this.

What if you just don’t like the domain name someday?

I mean… you change it? Just like when you went from person@gmail.com to person@mydomain.tld . That process is a bit annoying but as you’ve done it once, it will be easier.

All of these reasons will be problematic and some can result in identity theft and significant fraud. It’s definitely not a decision to be taken lightly, particularly if you have a lot of online accounts.

It’s not a light decision BUT it’s also not such a big deal. If I want to go back to person@gmail.com I can just do so any moment I want (well person-something@gmail.com to be precise). I will keep a 1 year grace period for the transition, start with the most critical accounts first, e.g government and banking then social media, then random accounts based on my history. It’s annoying but it’s a matter of hours over few weeks at most.

The only challenge is to be methodical and giving up on the idea that you’ll update 100% of the account. Getting 99% of the account that truly matter is enough IMHO.

PS: for actually sensitive data, and assuming you somehow didn’t manage to get the grace period YET still are smart enough to think ahead, multi-factor authentication will keep your accounts safe. Honestly I don’t think the overlap though between somebody who cares enough about that AND let’s domain expire is very big though.

Clarifying privacy from whom could help identify possible solution.

Because without privacy you can’t be a proper human being. You need privacy in order to have the safe space to develop, to dare try, to explore without the constant judgement of others. If you can’t be a proper human being, can you genuinely have democracy?

It’s both a per-requisite for humanity and what the political system that is often considered as the most just.

That’s why I care.