I’m no expert either, but I think the section mentioned above allows Nebula and the advertising companies to do a lot more than just collecting info about whether you visited the sign-up page or not.

To me it looks like they do just that:

Interest-Based Advertising. We may work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our products and services. These companies may use cookies and similar technologies to collect information about you (including the online activity information and device information described above in the section called “Personal Information Automatically Collected”) over time across our Services and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

I completely agree, I guess what they call “privacy win” is that this feature can now work without storing data on Google (highlighted by me):

Based on Google’s email, it seems the company will allow Gemini to access messages, WhatsApp, and control device system settings without requiring that you enable the Gemini Apps Activity setting for your account. This setting saves your Gemini history to your Google account, potentially allowing for better personalization.

Previously, if you had this setting disabled for your Google account, you weren’t able to use the Messages, Phone, Utilities, or WhatsApp extensions in Gemini (via 9to5Google). Once this change rolls out to your account, you will be able to access these features without having to save your Gemini history on Google’s servers.

When they say

potentially allowing for better personalization

they sound like the companies trying to sell you these features without mentioning the privacy implications of said features. :/

Children with stupid names should be allowed to change their parents’ names!

👍

I think it depends on which community (instance) you’re trying to post. Some instances are blocking VPNs, e.g. lemmy.world. I assume you’ve already tried but try switching to a different VPN server.

Lemmy. world blocks VPNs - https://lemmy.world/post/12979118

It’s not a backdoor, it just enabled Firefox’s remote debugging tool by default

Just? I’m sorry but that’s just a terrible mistake to make, especially for a browser that people use to surf the world wild web. I don’t know if you’ve ever used a remote debugger (I do), but depending on the debugger, it can be a very powerful tool, you can do a lot of things with it. I don’t think calling it a backdoor is a massive exaggeration. I don’t doubt the developer’s good intention, but this issue shouldn’t be dismissed as an insignificant issue.

To add insult to the injury, it didn’t even prompt the user for it.

Zen is as secure as firefox is.

Unless you tweak the default Firefox settings in the code base, e.g. https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258 (allow unsigned extensions by default).

I agree, it also has some serious security issues: https://github.com/zen-browser/desktop/pull/927

The developer’s comment reveals that it has been there since the inception of the project. And there are even more privacy / security issues mentioned in the comments.

Unfortunately Zen browser gets a big fat no from me. 🫤

Exactly. Also, there was a post a few days ago about google secretly installing an app on Android phones, something to do with automatically blurring nsfw images in messages. Who knows what else it is capable of, or if there’s software on our phones that won’t show up anywhere (list of apps, running processes, etc.).

Interesting times…

I agree with using open source software, but the source code of said chat apps is just one part of the equation.

AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn’t really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).

I suspect it’s the latter one. The book titled “The Hacker and the State” goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.

Obsidian asks for the permission upon first launch, but if you don’t give it access it won’t work at all (it’s a required permission for the app).

I’d love to use this setup, however, the Obsidian Android app requires a kind of file access that is concerning:

Obsdian uses a shared location “/Documents” so that other apps can access the files (e.g. third party sync services) or add stuff.

https://forum.obsidian.md/t/fr-make-obsidian-work-on-android-without-asking-for-storage-permissions/19360

It’s a no-go for me. :/