Signal is only available on F-Droid via an unofficial build from the Guardian Project. The maintainers of the Guardian Project lag behind on updates for their repos, so their repository should not be used for any apps important for security.

I think it’s self-explanatory

This depends whether you care about security or software freedom guarantees. Because if it’s security that is the priority, F-Droid is a much weaker option than Obtanium+Appverifier because they use their own signing keys for nearly all apps. If F-Droid’s build infrastructure is ever compromised, then almost every app you have downloaded through it is also compromised. The inability for developers to control their own signatures is part of the reason Signal does not release on F-Droid.

Accrescent is a much better option than anything else because it still allows developer-managed keys, although it doesn’t have many apps. Google Play (although it does have high-security infrastructure) has the same problem as F-Droid of centrally managed keys. Obtanium with Appverifier at least lets you ensure that your app is signed by the developer.

This happens when YouTube blocks or rate limits your IP address to prevent bot activity.

Yeah, I’m actually a bot working for the NSA, sorry.

That markup work to try to hide what’s on your laptop doesn’t work, and someone can easily see what’s on your screen from this photo. You should use an actual box or do what you did with the emoji to cover sensitive info.

What specifically do you dislike about zsh?

Now, EPFL researchers… have released new software that allows users to download open-source AI models and use them locally, with no need for the cloud to answer questions or complete tasks.

It’s cool that they got LLMs running on local clusters of computers, but with the way it’s written, they make it sound like people have not already been using local LLMs for a long time (including GPT-OSS 120B).

The safest way would be to get AppVerifier and check the original developer’s signature

It’s important to note that the Vivaldi browser is proprietary software

No, it does not. mysearchengine.co/homepage literally redirects to the domain that the user mentioned.

It’s possible that the domain for the search engine you were using got sold. You’ll have to find a new one.

Okay. Well, in this case it would probably be a good idea to at least have the update process also verify developer signatures, since otherwise it’s not only trust on first visit, but trust every update.

And yeah, I agree that a standalone package might be a good solution, as long as it is signed.

If the user trusts the server to serve safe JavaScript each time they connect with an empty cache (which is cleared often for privacy-conscious users), I’m not sure how this adopts a very different security posture from the Trust On First Use security model that’s used by many other apps, even if the app itself implements secure MITM mitigations using data from shared links.

When you have an app with dedicated updates, it is possible to verify that it is genuinely from the developer or maintainer. Web browsers’ certificate validation protects against connecting to a fake server, but it does not protect the user if the server is compromised when they first connect.

The most security-conscious users are going to end up hosting the JavaScript in a webserver on localhost, and at that point it might as well be a dedicated application.

You can run appimages in Tails

What’s the alternative? Keeping Nicolás Maduro in charge?

Yeah, any authentication cookie will be unique to you, so if you do use one, Google will be able to track you across browsing sessions, which is likely what you’re trying to mitigate by clearing them.

I don’t think there’s stigma. Most users use package managers to get their software. For large operating systems, a torrent does help make downloads faster and less expensive when many people begin to seed it (and many FOSS operating systems do offer torrents), but most projects won’t benefit from that.

I personally would not want to go through the hassle of getting the magnet link, putting it in my torrent program, waiting for it to finish, verifying the signature (if there even is one) and the checksum, and only then manually extracting it so that I can use it.

There are extensions that let you encrypt/decrypt messages right in your Gmail inbox. I’m not sure whether that would let Google grab the decrypted messages using JavaScript, though.

It’s news to me that you can’t connect to a proxy over a VPN.