This distinction only exists in your head.
https://privacyis1st.medium.com/abuse-of-the-mac-appstore-investigation-6151114bb10e
Those are apps that got through app review and silently did malicious things in the background with no user action aside from the initial download.
Who cares what the technical exploit was? The net result is that there’s an app in the store that if you download it, does harm to you in a way you can’t prevent except for uninstalling the app.
https://www.washingtonpost.com/technology/2021/06/06/apple-app-store-scams-fraud/
https://www.wired.com/story/chatgpt-scams-apple-app-store-google-play/
I could keep going down the rest of page one of the search results, but why?
Pretty sure Samsung guarantees 4 years of upgrades and support.
Honestly the only thing Apple vets is that the app maker isn’t trying to weasel their way around Apple’s cut of the revenue. They’ll 100% catch it if you have a link to your sign-up page instead of using in-app purchase, but if you want to make an app called Threads and scam 300,000 people’s info, go nuts.
The Google Store is no better, but if I gave 1000 people money to spend on software, the ones who would be scammed out of the most are the people using these app stores. It’s an absolute travesty that Apple continues to get so much mileage out of their bullshit claims about their strict and thorough review process.
Also, I think it’s kind of hilarious that you just want a phone to work without you needing to mess with it, and then your phone cycle with Android sucked because you apparently picked something called the WileyFox Swift and started fucking around with bootloader replacements.
Going from one app (iMessage) to two isn’t an unambiguous win though. All the iPhone users’ experience got worse.
To be clear, this is such minor shit that the real answer is, “ok, I guess we’ll live with it because that’s how we communicate with our friends now”, but it is certainly nicer for them if everyone is on an iPhone and they don’t have to solve that problem.
RCS is not completely compatible. For one thing, it requires a carrier and a phone number. You can go out today, buy a Mac or an iPad with no cell modem, and start using iMessage purely as an IP messaging app. So they can’t just replace the existing protocol with RCS, because RCS is a bag of flaming shit. They could spend the money to develop RCS fallback in addition to their protocol, and that would be awesome, but it costs them money, and I get why they don’t want to do it.
The reality is that this is Google’s fault more than anything. They spent half of my adult life repeatedly inventing and then fucking up the act of sending 200 bytes of text to one person at a time.
I’d love for the modern world to have a great way of messaging people that just worked – used IP connections with SMS fallback, a login you could manage from anywhere, full support for all the real-time typing stuff, the rich media support, the whole thing. That would be great. Someone get on that. But if I have to listen to fucking Google whine about it one more time, I’m out. They’re like a guy with one finger left. If you didn’t know any better, you’d feel pretty sympathetic for him. But if you’ve spent the past two watching him slowly chop the other nine off one at a time with a hatchet and then whine about his bad luck for 12 hours after each chop, the sympathy starts to ebb a bit.
There’s always a router, and there’s always a DNS server. Normally, your device is asking to join a network, and something on that network assigns it an IP address, a DNS server, and a gateway router to use. That’s true whether you’re connecting to WiFi or a cellular network. The difference is just which device is assigning you those things. You can also override that on your side by specifying a static configuration that can break things, but I don’t think that’s your problem.
“Private DNS Mode” here is only referring to whether or not you want to encrypt the DNS lookup traffic. That’s certainly not a bad idea, but it’s a separate issue from whether or not you have a working DNS setup at all. From the screenshot below, it looks like you do have a working DNS configuration. To connect to a server, you type the server’s name (e.g., mobile.pornhub.com), your browser sends a DNS request to your DNS server asking it to return the IP address of that server, and then it uses that IP address to ask the server to send it a web page. You’re getting to the part where you’ve asked the server to send you a web page, but the server is refusing because your browser didn’t make the request over HTTPS (i.e., using encryption).
I don’t know why that is, but I’d try the steps outlined here.
It’s more, “oh, that video clip looks like shit, and every time anyone on this chat likes something, everyone gets spammed a repetitive long-form explanation, and we can’t add Jimmy to the chat because it’s SMS now and AT&T limits it to 10 people, and …”
In the bad old days, SMS was incredibly limited. Apple came out with iMessage, which was both a full IP messaging client with rich features, but seamlessly fell back to SMS, and that was amazing, because a lot of the people you wanted to talk to only had SMS. Google briefly had a similar thing, but whoever ran that product lost the weekly pistols at dawn match that Google uses to set corporate strategy, and hangouts lost SMS integration, which meant you needed two message apps — one for IP messages that was good and a separate one for SMS that sucked. And they were completely separate — no shared threads or history or anything. And then hangouts was killed anyway to make room for chat, or meet, or duo, or allo, or jello, or J-Lo, or Oreos, or who the fuck knows anymore-oh. And so for several years, if you wanted the only thing anyone in the US ever wanted from a messaging app, you had to get an iPhone, because Google kept killing their apps every year like, “hey guys, our new app still can’t talk to your mom, but we integrated the “hot dog or not” feature from Silicon Valley into it, and isn’t that amazing?”
Now, it doesn’t matter, because no one is limited to SMS anymore. Everyone could be on whatever IP platform. But Google still picked a fucking standard built by the phone company with crappy baggage attached like requiring a phone number to use it, and anyway, they’re so late that everyone already picked iMessage. Even if RCS was as good, no one wants to change a bunch of stuff to be no better than when they started, and RCS also still isn’t as good.
The green vs blue bubble thing is just a shorthand way of talking about it. The average person either doesn’t care or cares because mixed-platform group chats have lots of rough edges and limitations, so if you’re the lone Android user, it feels like your fault.
Anyone who seriously escalates this stuff to being a real life problem is crazy, but it is more than just the color of the bubble.
In their defense, why should they have to care whose fault it is that messaging sucks on Android? They just want a pleasant experience, and iMessage has been the best experience for Apple users for like 15 years. It’s also as much Google’s fault as Apple’s, if we want to get nitpicky about it. I wouldn’t spend a lot of money implementing the protocol Google wants either, because Google will abandon it and back three competing new ones before your next good bowel movement.
I’m saying the very idea that you need to ever even think about this as a defense against the enemy is the hobby. There’s only a battle to be fought here if you want there to be, and most people don’t want that. The impact on their lives is not actually tangible. Ad tech doesn’t really hurt anyone. No one likes it, and at best, it feels a little gross, but feeling vaguely icky is not the kind of tangible impact that reliably drives people to action. What happens to you when Facebook or Google bundle you into anonymized groups of eyeballs and promise advertisers that they’ll show you ads relevant to the profile they’ve built of you? Nothing really. If you think about the way they built that profile by tracking your every move online, then yes, it feels creepy, but that’s it.
But that’s not the kind of privacy we’re talking about. Privacy discussions are largely about ad tech and tracking. The post here isn’t calling people idiots because he thinks Threads is more likely to leak your credit card numbers and nudes. He’s calling people idiots for not caring about tracking the way he does. And the reality is that there’s no real reason why they should care. The argument boils down to just, “c’mon, don’t you think it’s creepy?”. And if I say, “not really”, we’re kind of at an impasse. There’s just no obvious pragmatic harm you can point to to reason them over to your side. You may as well being trying to convince them to enjoy pineapple on pizza. If they don’t already, the game’s pretty much over.
I’d also say that those health issues are much more practically impactful than Instagram showing you ads for luggage when you’ve bought a plane ticket.
Caring about ad tech is a hobby. It’s as good a hobby as any other, but that’s what it is.
I was having similar problems on a fresh arch install with multiple apps taking upwards of 15 seconds to launch, and the “fix” ended up being to uninstall one or more of the “portal” packages (there are several with names like xdg-desktop-portal-gtk). https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/issues/74 and https://bbs.archlinux.org/viewtopic.php?id=285334 for more info.
Could be completely unrelated, but it might be worth a try.
A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn’t have the keys to lose – they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).
Alternately, they could try to brute-force the master password offline. If you think you could guess a user’s password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you’re a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that’s the general principle. Bitwarden can’t leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could – a sufficiently good master password is effectively impossible to brute force at all). And that’s time you can use to change your important passwords like your email and banking passwords.
One important realization for people to have is that none of us get to choose perfection here. You don’t only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your “cryptic messages that only I understand” scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it’s, as you put it, “a pain in the ass” to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.
Honestly? Because most people don’t care about the “Inside Baseball” machinations of how these companies are run. And that’s fine. I don’t care anything about Nascar, but if 100,000 people want to pile into Alabama and watch fast traffic for three hours, they don’t need my endorsement to go enjoy themselves.
A native app offers the most control. Ad blockers are harder to obtain and use.
WoW still runs great under Wine.