Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

OK. I suppose this is the correct answer.

The least bad option [for Signal] is the unofficial flatpak.

Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

By definition an email server is not under your control, so the question of whether or not it runs FOSS is a bit moot and in any case impossible to verify.

In terms of privacy-respecting email hosting, Proton, Posteo, and Mailbox all spring to mind.

Looks great, well done.

Personally, the deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop, where the handy one-click installation goes like this:

# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
  sudo tee /etc/apt/sources.list.d/signal-xenial.list

# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktop

Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?

Sure, but in that case the default encryption could easily be switched off for multiple-drive setups. Basically, the default setting is what’s important.

Ha! Just checked and it turns out this is the exact line that’s already in my screenshot script. Which apparently I pilfered without trying very hard to understand - as usual! Can confirm it works great.

This is a good question. Phone numbers are increasingly used as de-facto ID numbers, everywhere in the world. That’s because, unlike email, they cost money, and in most jurisdictions you can’t even get one anymore without presenting real ID. So: if you have a second phone number, you can effectively have a second persona for any site or app that requires phone-number ID. Seriously, at this rate, it’s going to be all of them.

IMO the best use-case for this is to quarantine your contact list. That is, keep a separate number for social networks and messaging. The number you give to your in-person contacts will be instantly shared with all their cloud services, whether you like it or not. This is what allows Big Tech to triangulate and discover exactly who you know and therefore who you are. If the cloud services cannot trace a number back to any phone ID in their own books, then they can’t do much with it and you will remain at least something of a mystery to them.

I wish I could wall myself off from

Well this is at least honest!

Perhaps it’s a personality thing. Perhaps generational. Technically I’m a member of a minority community but I’ve never defined myself by that, and “hate” in the contemporary sense (I think its meaning has drifted unhelpfully) is not something that especially bothers me. My experience is that most people are well-meaning, so I tend to be intrigued by the question of why they think the things they do.

Anyway, this is not a debate with a single correct answer. It is of course your right to shut out whoever you want, I won’t question that.

Intriguing, thanks.

its just never on by default

Except PopOS, as I understand it. IMO that is a major point in its favor and against its competitors, given the dominance of laptops today. I see no reason why this is still opt-in, rather than opt-out as on mobile OSs.

Assuming that “bigots” is not a synonym for “anyone I disagree with”, then fair enough.

My underlying point is that technology is making it very easy to wall ourselves off into comfortable echo chambers. Some are even calling that “safety”. From my understanding of history, this looks like an obviously slippery and dangerous slope to be on.

But if are talking about what most of your fellow citizens would also identify as “bigots”, then fair enough.

Sort of. Essentially I am saying that in a democracy we need to talk to each other, and sticking one’s fingers in one’s ears and chanting “lalalala I can’t hear you” seems like a poor way to go about that. These people can vote too. Like it or not, you have an interest in understanding what makes them tick and what might help them to see the world in a way more conducive to you.

Alas no but from your screenshot I learned all about grim. Thanks!

Completely agree. I had no idea how bad this phenomenon was until very recently, when I fell foul of a virtual lynch mob and its political-commissar mod who behaved like a religious inquisitor even in private conversation. It’s real.

The problem with this approach is that your peeps won’t see any reason to go there if it’s the same as the R-site only exponentially less popular.

There needs to be an understandable USP.

Perhaps: “But without ads. Ever. Anywhere.” Works for me and I know what an ad-blocker is, unlike a ton of normies.

This reads like satire. These are people you’re talking about, probably your fellow citizens. Their wrong opinions are not going to pollute you from the other side of a wall. Seeing (apparently sincere) takes like this really makes me worried about the future of democracy.

You’re both right.

If there aren’t people building this alternative, in their free time, for free, then it won’t exist. Fair enough. Much credit to them.

But it looks like @[email protected] is just an ordinary user with a busy life who wants to consume content in a way that better respects their privacy and autonomy. That is also a fair demand. Not everyone needs to be a producer.

This was genuinely funny. Thanks.

but lemmy is quite diverse.

Apart from a bunch of thriving specialist techie communities, what I see there is mostly tiny spaces dominated by intolerant groupthink and tyrannical moderators.

Indeed I just had a very bad experience in one of those that left me (almost) regretting the R-site.

Useful to know, thanks.

For the record, I once had a bad experience with the Debian installer’s version. That is why I will not be trying Debian again. Installation is a moment of vulnerability, when you don’t have ready access to your data, or the network, and this is one extra factor. IMO it really is non-negotiable for a distro to provide a bulletproof installation experience.

To add to the comments, most distros do not offer FDE by default when installing. You have to jump thru hoops. No idea why this is still the case given how many consumer computers are laptops these days, it seems crazy.

The big exception seems to be PopOS, an Ubuntu derivative which is intended for laptops. FDE by default so it must be pretty easy to get that up and running.

Ubuntu itself has a solid FDE option on install, too. It sets up the LVM configuration as already described, no expertise needed. And IME works very reliably.