I've fallen off it a while ago to be honest, AI generated stuff aside, Spotify has only been recommending me really unknown / obscure artists for ages now of debatable quality.
I suspect it's an issue with too big and diverse of a dataset, listening history going back years and tens of thousands of songs.
It's a huge if and honestly I don't believe in it.
Actually, if it ends up like described, it really doesn't matter whether I believe in it. Either it happens and we all die, or it doesn't happen. Pascal's Wager I suppose.
- A/B testing is agnostic of who the user is, it is randomized. If it was not, that would be a bad practice and would legitimately ruin the reputation of the company doing that,
- auto-updates is just the setting allowing the most recently published update to be installed. "Published" means it is for everyone. If that is to be understood in any other meaning, that would also be bad practice,
- and I don't see what you mean by server-side re-routing.
To be honest, maybe I just live with different platforms and apps than you I don't know. I use Android, and Linux on my Laptop, but I would also expect Windows to not discriminate by user when pushing updates.
There is NO such mechanism (discriminated updates by user), of my knowledge, in:
- Linux (apt, pacman, rpm...),
- Android
And I would add Windows and iOS/MacOS but I'm not at all an expert so I leave others to confirm that their "app stores" don't do such exotic prowesses.
You can artificially insert a malicious script in a package that would scan your system, deduce your identity, and install something based on that, but in this case that means that it is just a malware in the first place. And that would mean that the app to be installed contains a "mutable" component of data that is not defined by the contents of the package but rather written upon post-install actions, so that is also dubious to include that for formally in the "app from that package" definition. In any case, such behavior would get your package banned from any app store or Linux distribution.
Yes, the US government and US courts (including the secret court FISC) have tools to compel Google, Apple and other vendors to install malware on users devices. This is exactly the point.
Would you mind showing me some evidence that software update systems are able to push to you e.g. a different Android update based on your device ID or specific IP? (not just country geolocation) (PS: your link is about deploying malware through other routes, not by normal software updates)
Because all the other means I can think of are just basic malwarfare.
As you need to rely on a vendor/distributor to get updates, then of course they are able to push you malware, there is absolutely no going around this first ring of trust.
Conclusion : there is no point in accusing Proton of anything... there are just being software providers (FOSS by the way!!!).
Not sure if that counts as proper evidence, but I have seen some logs[0] albeit with encryption but from my understanding, they control the encryption keys or atleast certainly have the ability to change (if they get hacked themselves for example)
Would you like to see a proper evidence of the logging policy? I feel like I can try finding that again if you/HN community would be interested to see that.
Edit: also worth pointing out that keeping logs with time might be a form of meta-data, which depending on your threat-vector (journalism etc.) can be very sensitive info.
I'd like to see any kind of evidence that there's any substance of in these accusations of services not actually being private - not just theoretical theorycrafting about mechanisms.
And how does that compare to other services we have available and people actually use.
At some point, essentially everyone has to trust the product and more importantly, the company/the people in the company. Firstly its worth clarifying that there isn't really something akin to zero-trust in such cases. Thus the theoretical theorycrafting about mechanisms. Those show that you have to trust proton
Now, My issue with proton is that, they try to appear transparent but a lot of what they've done especially with proton meet seems to sometimes even be misleading. If they couldn't create EU/Swiss sovereign infrastructure for meet, then why are they using Cloud-act providers while within the same post talking about the implications of Cloud Act. There is some great irony in all of this and this is what is making me suspicious and how Proton seems to be misleading people rather than leading them towards more privacy.
At some point, it raises atleast some questions about trusting proton.
> And how does that compare to other services we have available and people actually use.
That depends on what service are you talking about from, Do you want a whole eco-system or are you happy with individual apps/companies focusing on one thing in a more unix-fashion of things.
Do you prefer non-profits or for-profit companies to handle such infrastructure?
How familiar you are with self-hosting and what is your threat vector?
Are you a corporate or a person yourself and what are your budget of things?
but just to give a pointer without asking these questions, Some good pointers are posteo.de, tutanota, infomaniak (has whole ecosystem) Within the calling system, I personally used to use fairmeeting.net, it used to have screen sharing option for free as well but looks like they might have paywalled it recently. You can find multiple jitsi community instances.
I feel like the only way to answer this question is if people ask with more depth. The threat model differs for everybody, for some people (like journalists), even just this proton meet fiasco is enough for them to reconsider proton ecosystem as a whole and consider it too threatening, especially with recent incidents and their lives being on the line. You might say, well where might they go and I feel like they might go to disroot (non-profit activism oriented) or tutanota or even posteo.de depending on what they might prefer.
I'm indirectly involved / hear about a project that buys up old feature phones, mainly from Japan, to try and find ones that have data for old imode games on them, notably a FFVII spinoff called Before Crisis. It's difficult because they would release the game in separate data packs, the idea being people can remove data packs for parts of the game they already played to save space (also a feature on modern smartphone games). But since the servers are long gone, they need to find phones with the data on them to extract it.
So many (perceived) problems with spaceflight and building moon bases and the like are solved by simply making the process and cost of launching faster, easier and cheaper; the problem that NASA has always had is that each launch, even with the reusable space shuttles, cost billions and took years of engineering, planning, etc. To the point where yesterday's launch was done with (what I perceive to be) salvaged parts where the engineering was done decades ago, because engineering something new would be too expensive and take too long.
Sure, don't fix what isn't broken and all - *nix tools are decades old too after all - but still.
I suspect it's an issue with too big and diverse of a dataset, listening history going back years and tens of thousands of songs.
reply