What piece of software are you talking about ?

Azire in particular.

Azire what? They’re a Wireguard VPN provider with a web portal.

I guess same confusion as here: https://discuss.tchncs.de/comment/23696262

You give the impression that you are talking about the VPNs when you are actually talking about smartphone apps…?

There is message for those of you in sibling thread!

https://discuss.tchncs.de/comment/23650139

Find out for yourself!

https://codeberg.org/dialhome-study/browser-network-insights

Usage details for running locally under “Testing procedure” -> “Basic test environment usage”

Previously posted on this community here: https://lemmy.ca/post/59519788

What isn’t free software…?

I think you should make it clear if you are talking about VPN services or client-side apps here. If they provide normal standard protocols like Wireguard and OpenVPN, they can be used without having to install any provider-specific apps.

Regardless of provider it’s generally preferred to use third-party software to connect. VPN providers that don’t even have their own apps don’t qualify as good for you either?

Demanding the whole stack be FLOSS is a bit silly in this context. None of the ones you mentioned open-source most of their backend systems either AFAIK.

I think you should do your homework better before you speak so widely and absolutely dismissively with such claim of authority. It is not helpful.

Food for thought: By consistently following a strategy optimizing and picking the optimal product/service based on cost/benefit, you will end up on the same one as everyone else doing the same thing. From a practical perspective this leads to winner-takes-all and centralization. Whoever is the underdog today becomes the Google or Cloudflare of tomorrow and we’re back at square one. From a philosophical perspective, did you really make a choice? Or did “the market” (of which you are also part) decide on your behalf? A healthy market needs at least thousands of mail providers, not 5 or 10.

Obviously same thing goes for basing your pick on brand perception, picking the most popular or recommended one, but without the benefit of knowing you’ll actually get the better service.

Can free will exist among economically rational participants in a market? There can be some power in knowing you chose whatever you did based on factors other than cost-performance or popularity. Sometimes the optimal choice can be suboptimal.

And why not self-hosting your inbox? Hard to beat from privacy standpoint. It really doesn’t have to be as hard as they say. Even if you don’t go full homelab right away: Some providers are accommodating and make it easy to gradually or partially self-host by offering open standard protocols. Others make it really tricky and steer you hard into their app ecosystem. So how straightforward it is to use your own local third-party mail client is a good consideration even if you don’t intend to self-host anything else anytime soon.

I prefer my devices without any malware at all but you do you I guess.

you’re data is safe with small hackers

wat

Centralization and monoculture is a mistake.

In case it swings your judgement either way, Njalla is run by one of the three Piratebay founders.

Yes let’s make sure everyone’s on the exact same provider. What could possibly go wrong. “Just use X” bandwagonning is shortsighted and lazy.

Or factory reset and then don’t install SmartTube. Fool me once?

That is interesting!

BTW in case you’re not aware, direct links to fedia.io like the one you posted just lead to a loginwall so you probably don’t want to share those publicly. This one via beehaw.org works for everyone, though: https://beehaw.org/post/24563411

Would be cool to hear how it goes if you do!

Dev here! Thanks for your interest!

Aw. On Artix, it wants to pull in wayland. No thanks.

Hm, I guess you’re just running text mode browser on that machine…? On Arch the wayland package is pulled in as transitive dependency of the gtk3 package. I don’t believe it will actually be loaded at runtime. However, I think that gtk3 might not be a hard dependency at all anymore (it used to be for Firefox in the past so this might be a leftover that konform inherited).

If you’re comfortable with makepkg I could suggest trying the konform-browser-bin AUR package and simply remove gtk3 as dependency from the PKGBUILD, run makepkg -si and fingers crossed that might work. More details in konform-browser/Arch repo, where contributions are also welcome. If you go the source route, see the note about profiling without wayland.

EDIT: OK I took a look and unless Artix is repackaging some core packages, I don’t see a way to make it work on Arch at least: xorg-server depends on libglvnd depends on mesa depends on wayland. Among others. Are you actually able to run an X server at all without having the wayland package installed? Or is thsi for headless use without any graphical environment…? Curious about the use-case! You can also try the binary tarball or just tar -xfing the arch package and invoke the konform binary directly.

Aw. https://gpo.zugaina.org/Search?search=konform no ebuilds on any listed overlays for Gentoo yet.

FWIW, it’s not planned at the moment but here’s the issue currently tracking Gentoo packaging: https://codeberg.org/konform-browser/source/issues/9

One thing to keep in mind as new is that “VPN” is a technical term with pretty clear meaning among the technical people but it has a very fuzzy meaning in marketing and branding. Referring here to “VPN apps” that may just be a local DNS relay (ie: it will only tunnel and filter your DNS requests; all your actual traffic still goes through your normal connection as clear as always). Oftentimes, it’s what we would call a proxy. Android has not at all helped here.

In either case, yes, you can usually chain things. What if any benefits you get from that depends on both technical specifics (which protocols) and your circumstances and threat model.

For example, if we consider only Wireguard (one of the VPN protocols Mullvad offers).

No VPN/proxy: Your ISP sees everything

1 proxy: ISP sees that you are connecting to proxy but not what servers you’re actually talking to. VPN provider now sees everything instead.

2 proxies: Proxy A sees your encrypted traffic to Proxy B. Proxy B sees all your traffic but doesn’t know where you are.

3 proxies: Congratulations, you have manually built a shitty onion circuit (Tor works like this)

Mullvad has their own “multi-hop” feature which chains two Mullvad nodes but i have to question using that strictly for privacy reasons, considering it’s by the same provider and the ports make it predictable from the ISP.

Thank you for kind words!

Ah, then the hope is that this curiosity will trigger you to dig into it yourself (for example using the provided tool or taking inspiration from it) so that it starts making sense! I know it’s an unconventional format to refrain from laying out my own opinions and analysis but that’s my thing today. So much “everyone knows” and vapid third-hand takes flying around these days that I think we would do well to actually verify (and pick up related knowledge in the process) rather than take forum comments and blog posts for gospel.

OK, all right, I can try. I guess I can point at one thing in the Mozilla telemetry at the very end, doesn’t that look very fine-grained if you look at the URLs (addresses) listed?

We can tell that many of the actions I took were communicated to the mothership for analysis and product improvement. Is this data really anonymized (or anonymizable)? Is it a reasonable amount for a user that has not opted in? My professional and personal opinion is: It is not.

But! That’s just one isolated example. And an extremely limited view. What about Zen? Chrome, Edge and Safari weren’t included here at all. And it’s not at all looking at what happens for a user who probably cares about this: when you go to settings and disable all the telemetry. See I just said that one thing about Mozilla Telemetry and now I’m going to have to run some new tests and write reports about them for days just to set that record straight!

Maybe I’m odd but I think it’s many (100?) times easier and quicker to gain understanding of the kinds of stuff we’re looking at here by getting hands-on than to communicate it verbally. And I’m concerned with this limited attention span so many people are afflicted with these days, and look at how long this comment is already, no we’re done with me telling you how it is, let’s wrap this one up and get on to the juicy stuff.

There’s an expandable section Basic test environment usage under Testing procedure but I realize now that might be easy to miss…

Anyway, to start it: Install podman, docker-compose (v2) and MITM_BROWSER=firefox-esr podman compose up --build. That should be it.

Then the browser pops up (hopefully), you do your thing, and after you Ctrl+C in the console, it will quit and the proxy will dump the recorded .har file which contains all HTTP and websocket traffic that went through the proxy in cleartext, in JSON format. There’re tools online that can help visualize I think but nothing I can recommend off the bat. Simply cating it to the terminal or opening it in a text editor can be educative. Also playing around with variations of the jq snippets and see if you can come up with questions of your own to answer. Or if anything in my numbers make you scratch your head or say “wait a minute” dig there.

In case you want to take a look at what the thing does before running it (trust me bro), these are the files involved when you run that compose up command:

• entrypoint compose.yml
• imported compose/proxy.compose.yml for mitmproxy
• The browser Containerfile (aka Dockerfile)

Available browser images

What about gwenview?

The author seems to think Mozilla should have protected our privacy by having someone act as the proxy for the request.

On the proxy part, they actually already have that and using it for some other parts:

https://support.mozilla.org/en-US/kb/ohttp-explained

TL;DR: Imagine an HTTPS-over-HTTPS proxy. Try to explain it like something groundbreaking without referencing existing tech. Now you have OHTTP.

https://firefox-source-docs.mozilla.org/browser/components/mozcachedohttp/docs/index.html

https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade

It makes me scratch my head a bit why I’ve never see it enabled for DNS-over-HTTP in default stock Firefox config despite it being supported for years - the endpoints are just not configured. You have to know about it and configure the barely documented URL in about:config for that. Unlike for newtabpage and the FF shopping feature where OHTTP is used by default. Infra costs?

good point for the offlineimap cronjob, I’ll take note of that.

I might as well go as far as suggesting to start there with your current mail provider if the local/offline-first flow is something that could work for you (and assuming it’s not something you already do, in which case carry on). Once you’ve adapted to a local-first mail reading flow with any client that’s separate from the “app” or webmail tethered to your mail service, then rest of migrations should be smoother and hopefully feel less daunting. Doesn’t mean you have to keep doing it that way only forever but establishing the infra and habit once for a while can help with both resilience and confidence in everything that follows.

If you’re roaming between devices and places enough that local-first feels untenable then the “syncbox” could be a little SBC or whatever; it could be the machine you also use read and write mail from but doesn’t have to be.

NP and good luck!

No experience with Migadu but yeah, I think 1 account = 1 login is the intended meaning in their FAQ.

At $19/year couldn’t just gifting a separate micro sub to your SO might be a option if you adminning her email feels weird to either of you?

Am I missing something else?

You don’t mention how you’ll be accessing your emails so maybe this is something you already solved for: Regularly syncing down all mail locally means you won’t have to rely on the mail provider as a single-point-of-failure for keeping your emails safe, secure, private and available. This could consist of anything from a simple offlineimap cronjob to a full-blown “offline” separate mail server.

Maybe. But be careful about putting in that PIN or connecting it to your network when you get home, in case you get it back after…