Hi everyone, I have some exciting new things about Postiz!

Postiz is a social media scheduling tool supporting 19 social media channels:

Instagram, Facebook, TikTok, Reddit, LinkedIn, X, Threads, BlueSky, Mastodon, YouTube, Pinterest, Dribbble, Slack, Discord, Warpcast, Lemmy, Telegram, VK, Nostr.

https://github.com/gitroomhq/postiz-app/

Here is what's new:

• New Editor - The Previous editor was clunky, with many hacky hooks, real technical debt, I spent two days (monk mode), and created something awesome, UI and UX also changed.

• Overall better UI / UX - showing the amount of characters/characters left.

• OIDC fixed, working well now :)

• Sets, you can define a template of a message that will be posted later

• X - added option to select who can reply to your post, post to an X community

• BlueSky - Upload videos to BlueSky

• Integrations - you can work with an integration such as Heygen to generate content for you; you can see more here.

• Drag and drop pictures directly on the editor now shows progress in "%"

• Alt and thumbnails for media - This is the initial release, which currently allows you to add alt and thumbnails for pictures, but these changes are not yet reflected on the backend.

Everything as usual is available on the open-source :)

The livestream is happening now Tue July 1 https://stream.firesidefedi.live/

Hi, is there any way to have a whatsapp work on a rooted phone (Pixel 7a) with something like frost is to Facebook?

We are proud to release GIMP 3.1.2. It's the first development version of what will become GIMP 3.2!

Note that a development release is not ready for regular use. It might crash. If it didn’t have problems it would be 3.2 already. So please please understand this is an early release for early adopters and for the more adventurous!

What is GIMP ?

GIMP is a powerful, free and opensource photo editor. It' available on Linux, Windows, and MacOS.

What are the new features?

• Theme colors for Brush, Font, and Palette improvements

• We know have an additional “System Colors” color scheme so that GIMP matches your current OS theme preferences on Windows and Linux

• New contributor Woynert implemented a new paint blend mode called Overwrite. It allows you to directly replace the pixels over the area you paint, without blending the transparency values of the brush and the existing pixels in that area. This new mode is particularly useful for pixel art.

• There’s a new setting in the text tool to control the direction of the text outline. You can have the text outline grow inward, outward, or in both directions!

• GIMP now supports adding non-destructive filters to channels! The Channels dockable now shows the same FX column as the Layers dockable, so you can edit, rearrange, delete, and merge filters on channels just like you can with layers.

• The CMYK Color Selector now calculates and displays the Total Ink Coverage of the selected color. This is useful when printing, as depending on the printing system and the media used, there may be a limit on how much ink can be applied.

• We’re adding support for using ART (AnotherRawTherapee) as a Camera Raw loader in GIMP, in addition to our existing support for darktable and RawTherapee. If you have ART already installed, GIMP should automatically recognize it and use it to load Camera Raw format images for further editing.

• We’ve added a new option to export to Krita‘s .kpl palette format from GIMP. You can do this by choosing Export as from the menu in the Palette dockable.

• Jacob Boerema has added support for importing Photoshop patterns! You can put Adobe .pat files in the GIMP pattern folder and automatically load them in the same way as GIMP’s own .pat files

• You can now use presets from Photoshop’s Curves and Levels filters in GIMP’s Curves and Levels filters! When you use these filters, choose Import Current Settings from File... from the Preset menu and select your .acv or .alv preset respectively

• Alx Sa has implemented initial support for exporting PSBs, Photoshop Large format. It is very similar to PSDs - the main difference is that you can export images up to 300,000 pixels

• GIMP can now import APNG animations

• We’ve now added support for loading multi-layer OpenEXR images. For instance, if you export a multi-view image from other software such as Blender, all views should show up in GIMP as individual layers.

• All previously non-portable build scripts of GIMP repository have been made POSIX-compliant. This means that it’s now easier to use these on platforms like BSD

• Some image formats do not allow images to have transparent sections. This can be confusing if you’re not familiar with all the details of the image you imported, especially when rotating or applying a filter with transparency such as Color to Alpha. We now detect if a filter or transformation would require transparency, and automatically add an alpha channel to the layer to prevent unexpected distortions.

What about UX/UI Improvements?

Denis Rangelov, Reju, Michal Vašut, and other designers have been working on a number of UX/UI updates for GIMP 3.2.

While the larger changes are still being designed and reviewed, we have been implementing several of their UX/UI fixes:

• We found instances where the Foreground Selection algorithm would run when switching to another tool, even if no selection had been made yet. This caused an unnecessary lag, so we adjusted the algorithm to avoid running in those cases.

• The state of the “Merge Filter” checkbox for non-destructive filters should no longer be affected if you apply a filter that currently has to be destructive, like Lens Blur.

• The Palette dockable now automatically selects the next swatch when you delete a previous one, allowing you to quickly delete several swatches by just clicking the Delete button repeatedly.

• “Lock pixels” now generates an undo step in undo history, just like “Lock Position” and other locks.

What’s next?

Our main focus for GIMP 3.2 on the roadmap is developing two new types of non-destructive layers - linked layers and vector layers. Our Google Summer of Code students are making great progress with their summer projects!

• Gabriele Barbero is making some much-requested improvements to our on-canvas text editor.

• Ondřej Míchal has created a GEGL Filter Browser prototype in their own test branch. This involved a lot of research, as there any a number of edge cases and formats to account for.

• Shivam is working on a website to list and display third-party GIMP extensions

About Gimp 3.1.2

We remind that this is a development version, not a stable version. We advise against using it for production. We also really welcome feedback and bug reports:

https://www.gimp.org/bugs/report.html

GIMP is a community, first and foremost. We are relying on your help so that the upcoming GIMP 3.2 can be as stable and good as possible.

Don’t forget you can donate to GIMP developers, as a way to give back and accelerate the development. Community commitment helps the project to grow stronger!

https://www.gimp.org/news/2025/06/23/gimp-3-1-2-released/

Thank you so much ❤️ 🙏

We’re proud to announce GIMP 3.1.2, the first development version of what will become GIMP 3.2!

I've been using DeepL in Translate You for some time, but lately I don't like that it is so limited, I mean its api, I would like to find something open source that gives the same results, because with DeepL I haven't had any problems...

cross-posted from: https://lemmy.world/post/32191588

Should I enable WIFI scanning / Bluetooth scanning / Network Location under setting->location->location services?

Which one would help me navigate inside a building or underground using open source maps?

I haven't tested yet, does google map requires any of those location services enabled to work? Should I just use google map in vanadium?

thanks a lot

I'm not at all an expert with open source licensing, but does the following conflict with open source licensing ?

I don't mean any ill intent to the developers of the application, but want to inform them if there is something wrong. (Sorry if my question feels dumb, I'm just getting familiar with licensing terms)

I've been following this app for sometime and it recently had its alpha release. While taking a look at the Terms and Conditions section of the app, I came across the Application Use section which reads:

3. Application Use

3.1. License

Pockaw grants you a personal, non-transferable, non-exclusive license to use the app for personal or small business financial management purposes. 3.2. Prohibited Use

You agree not to: Reverse engineer, decompile, or modify Pockaw. Use the app for illegal activities. Exploit the app in ways not intended, such as reselling it as your own product.

What is the difference between lawnchair Layout Default vs Dock (Beta)?

When I use dock layout all apps shows on my homescreen but none can be removed from home screen

Default layout on the other hand doesn't show or add any installed app icon to home screen at all (even though I have enabled add newly installed icon to home screen in the setting).

Which one should I use?

thanks a million

Hey guys, i am planning to begin my Journaling journey starting today. Any recomendations? I have already tried DayOne and Journey Didn't like them Particularly. DayOne seems uncool and even though they claim, a little unsafe. Plus i once before lost all my journal entries in DayOne bcoz i didn't save the encryption keys in my GoogleDrive. Journey is Worse (my opinion). They keep on pushing me to buy their paid option which costs 4$ per month. Like WTF. Its just a Journaling app. I am not going to try Penzu because i have heard a lot of bad reviews on how they cheat people and stuff. Finally i landed on DD-DigitalDiary which isn't open source. Which Sucks. But at least isn't costing me like 50$ a month or anything. Its mostly free. But i am looking or something better. More specifically OpenSource, Free (or almost free) and idk, modern & sxy Like when will these huge companies understand. Not everything needs to be VC funded. Next i am launching my VC funded Venture backed Fried Eggs company

Edit: Wow! Literally few days after posting, there are already several open PR and quite a few great suggestions. Huge thanks to all of you, the FOSS community really rocks!

Original post:

TLdR. Nothing major, just needs help finding an app icon.

I'm developing VScan, a little project aiming to research how vision LLMs could help out blind people on travel and in their every-day life by substituting eyesight for various visual tasks.

My project is not a "magical AI app" which is going to solve every problem on the click of a button. In fact, I don't use the "AI branding" at all, because I think it's very misleading for the general audience. It's more of an experiment to find out if the blind people could use LLMs as tools for visual cognition in a way that would be useful.

I'm trying to be as clear and specific as I can about the used technology, and providing as much customization as possible without sacrificing convenience. Of course, the project is completely open-source, does not collect any user data and while the first generations only supported GPT models, because that was the only thing usable for vision at the time, the current dev version already supports defining an arbitrary LLM provider (including a self-hosted server), and the ability to choose any model supported by the respective provider.

I'm facing just one major issue. I'm blind myself, coding the app as my personal tool. And I'm having quite a hard time finding an app icon that would work on the modern Android systems and setting it up properly. To be honest, I'm quite lost in the various suggested standards, there are the ordinary raster PNG icons, vector based SVG icons, and these days Android seems to also have some multi-part contextual XML based icons which as far as I understand should adapt to the different screens, configurations, themes etc. but I genuinely have no idea where to find these and sofar whatever I tried ended up as some undefinable point cloud on the screen.

Normally I wouldn't care about such things, but having an app icon is the requirement for getting accepted into app stores like F-Droid or Google Play, and subsequently, to the users. Nobody these days is willing to side-load apps anymore.

If anybody with Android development experience could take a look on this, I would be very grateful. All that's needed to do is finding a suitable icon on one of the icon portals, preferably in shape of an eye, or a camera (the one used to mark video recording), although the exact appearance doesn't really matter, the users won't see it anyway. It can be free or paid, as far as the price is reasonable. Then you can either open a PR yourself (the project does not require anything special to build, it's just the ordinary Android Studio stuff), or you could explain to me how to implement the icons and I will try to follow.

Thanks for your attention! I apologize if this is not the right place to post this, mods feel free to remove if necessary.

This license has the peculiarity that any software implementation requires you to offer the source code, even if you only plan to use it privately. This makes it a stronger license than the AGPL in terms of copyleft. If the AGPL already scares away almost all companies, the SOWPL scares away almost everyone.

My question is, what would happen if free and/or open source software had the SOWPL? Would projects have to be forked? Would free and open source software die? Would we have to start from scratch again or hire lawyers to avoid problems?

I would like to know your response to this fictional scenario.

Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf

Hi guys!

Just that...Wondering if there's any easy FOSS photogrammetry software that I could run from the phone. Alternatively, what would be the easiest one to run from my computer to experiment with it?

Thanks!

cross-posted from: https://lemmy.world/post/31889138

Please see the cross-post as it is updated.

Is there a firefox extension that disable the web connection of other extensions?

cross-posted from: https://lemmy.world/post/31889138

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

What is the difference between Chameleon and JShelter?

• Chameleon – Get this Extension for 🦊 Firefox Android (en-US)
  • Chameleon is a WebExtension port of the popular Firefox addon Random Agent Spoofer.
• JShelter – Get this Extension for 🦊 Firefox Android (en-US)
  • JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing.
  • Like a firewall that controls network connections, JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the precision of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system or hardware.

JShelter seems to spoof info by controls the APIs provided by the browser? and Chameleon spoofs user agent and many other information.

To me both seems to serves the same purpose of spoofing. Is Chameleon spoofing without interfering with js and JShelter spoofing with interfering with js the main difference between them? In addition JShelter seems to be able to block malicious js

How JShelter and Chameleon achieves spoofing differently?

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31885153

Please see the cross-post as it is updated.

https://sereneblue.github.io/chameleon/

strongly recommend

cross-posted from: https://lemmy.world/post/31885153

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31884410

Please see the cross-post as it is updated.

How can a site see what extensions you have?

One of the things I've seen mentioned before is that installing too many extensions can make you more unique, and thus have a negative influence on your fingerprint. This got me curious, how exactly do sites detect which extensions you have anyway? Can they outright read your list of extensions?

Furthermore, do all extensions make you more unique? I guess the answer would depend on the answer to the first question (surely, if they can just outright see your list, then the answer would be yes), but lets say you install something that seems rather innocuous, like Transparent Standalone Images, for example. Can a site see that this is installed / does it make your fingerprint more unique?

explanation

Web sites do not have any way to enumerate or query your installed extensions, and they cannot directly "see" the content scripts injected by extensions. However, some extensions do modify pages in a way that scripts in the page could recognize as being the work of a particular extension, assuming the owners of the site care to research and check for such things.

One particular issue is that an extension may insert a path into the document to a page or image in the extension itself. Firefox assigns a randomized UUID to the extension at install time, and the path uses this UUID. On the plus side, this may prevent the site from associating the URL with a specific extension. On the minus side, at least in theory, a site could detect this weird URL in the page and use that for fingerprinting. See: How to prevent fingerprinting via Add-on UUID?.

is there anything else that I should notice?

Thank you!

cross-posted from: https://lemmy.world/post/31884410

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31859998

Please see the cross-post as it is updated.

As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

greatly appreciate any insight

cross-posted from: https://lemmy.world/post/31859998

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31842407

https://kevinboone.me/lineageos-degoogled.html

In an earlier article I wrote about my attempts to remove all trace of Google from my life. Part of that process, which is still ongoing, was to install Lineage OS on all my Android cellphones and tablets, replacing the original, vendor firmware. Doing this removes the egregious Google Play Services although, of course, this severely limits my ability to run Android apps. That’s a sacrifice I’m willing to make, although not without some regrets.

I’ve subsequently learned that hard-core de-Googlers eschew Lineage OS, because it remains too close to the stock configuration of the Android Open-Source Project (AOSP) on which it is based. There are certainly smartphone ROMs, like GrapheneOS, that are even more Google-free.

But I’ve grown to like Lineage. I don’t know what kind of future it has, but it works well for me, and it’s easy – as easy as can be expected – to install on all the devices I own. Installing and setting up Lineage is fiddly enough; I don’t want to make my life even more complicated, if I don’t have to.

Those of us who are divorcing Google worry most, I think, about Google’s intrusive data collection. Of course, Google is by no means the only business that engages in such practices – “surveillance capitalism” is big business. But Google presents a unique challenge because, not only does it collect a lot of data, it has a lot of clever ways to process it, and find connections between disparate data elements. Before my Google separation, it always amazed me how Google seemed to know where I was all the time, even with location services disabled on my smartphone. And Google’s advertisers seem to know what I’ve been shopping for, even when I’ve been doing my shopping in person at retail outlets. How Google does this, I don’t know; but I do want to reduce their opportunities to do so.

So I need to know what information my cellphone is sending to Google, even having removed all proprietary Google stuff.

I have to point out that I’m not talking about additional, 3rd-party apps that I might have installed on a Lineage OS device – all apps have the potential to create privacy problems, but I’m free not to use them. Here I’m just thinking about the platform itself.

Note
I run Lineage with no Google apps or services of any kind. If you do run Google services, you have to accept that absolutely everything you do with an Android device will be known to Google. There’s simply no point worrying about the trivial privacy breaches in this article – that would be like taking a cyanide pill and then worrying about your ingrown toenail.

In this article I’ll be describing various data leaks of which Lineage OS has frequently been accused, reporting which ones seem still to be present, and suggesting (well, guessing) how serious they might be.

The captive portal test

“Captive portals” are often found in hotels and entertainment venues. In a captive portal, all Internet traffic gets directed to the venue’s network filter, which ensures that the user has paid for a service or, at least, consented to some usage agreement.

Android performs a captive portal test every time the device enables a network connection. This test is a simple HTTP or HTTPS request on some publicly-accessible webserver. The request is expected to return a success (2XX) code if the server is reachable. In a captive portal, the service-providing organization will capture the HTTP(S) request, and return a redirection code to its own webserver. This server will provide a web page with further instructions.

By default Lineage OS uses Google’s webservers for the captive portal test. This means that Google knows every time a device raises a network connection.

Is this a problem? Google doesn’t get to find out anything except the IP number of the device, some limited information about the type of device, and the time of day. I’ve looked at the source code, and I don’t see any information other than this being sent – the code just uses the standard Java HTTP support to make the request. It’s plausible that, with a wide-area connection, the carrier might add additional information to the request, and Google might be able to infer your location from the IP number.

If you consider this to be too much of a risk, you can change the captive portal connectivity checker. Lineage provides no simple interface for this, but you can do it at the command line (e.g., by running a terminal app, or adb shell). You don’t need to root the phone to do this.

$ settings put global captive_portal_http_url http://my_server 
$ settings put global captive_portal_https_url https://my_server 

Unless you want to disable the captive portal check completely, you’ll need to identify a public webserver that can provide the appropriate response. There are many such servers; some Android replacements that focus more on de-Googling, like GrapheneOS, default to using one of these rather than Google. Even then, they usually have Google’s servers as a fall-back, because an outage of the conectivity check server could otherwise cause serious disruption.

On the whole, I regard this (captive portal check) a relatively harmless breach of privacy. It isn’t telling Google anything they’re not going to find out about in other ways.

DNS

Every time you use a hostname to identify a remote server, there’s going to be a DNS lookup. This lookup translates the hostname into a numeric ID for use with the TCP/IP protocol.

Internet service providers and mobile carriers operate DNS servers, but so does Google. DNS is potentially a privacy problem because the DNS server gets to learn every site you visit. It won’t see the actual URL of a web request – just the hostname. Still, that’s enough information to be concerned about. But it’s worth thinking about who the “you” is in “every site you visit”. To track you, personally, as an individual, the DNS server needs a way to relate your IP number to something that identifies you. There’s no definitive way for Google (or anybody) to do that; but there are statistical methods that can be very effective. They are particularly effective if you happen to use Google’s other services, because these will link a small number of personal Google accounts to an IP number.

Is this a problem for Lineage OS? While it might have been in the past, I don’t think Lineage now uses Google’s DNS, except perhaps as a fallback. Both WiFi and carrier Internet connections are initiated using protocols that can supply a DNS server. On my Lineage devices, I’m sure that these are the DNS servers that are being used. Still, there are references to Google’s DNS server – 8.8.8.8 – in the AOSP source code. So I can’t prove that Google’s DNS will never be used.

If you want, you can supply your own DNS server in the network configuration in the Settings app. But, unless you run your own DNS in the public Internet, you’ll be putting your trust in one mega-corporation or another. I suspect most are less worrying than Google, but perhaps not by much.

By the way – Lineage OS supports encrypted DNS. While that will prevent third-parties from snooping on your DNS traffic – including your mobile carrier or ISP – this won’t protect you from snooping at the DNS server itself. So encrypted DNS is no protection against Google, if you’re using Google’s DNS.

Assisted GPS

It takes a long time for a mobile device to get a robust fix on GPS satellites – a minute in good conditions, or several minutes in a weak signal area. Assisted GPS (A-GPS) primes the satellite fix using environmental data. This data might including a coarse location from a cellular network. With A-GPS, a satellite fix might take only a few seconds.

A-GPS data is processed by a remote server, that has the storage capacity to handle the large amounts of data involved. The main operator of such servers is, again, Google.

What can Google learn about a device using Assisted GPS? As in any Internet operation, it will find the device’s IP number, and it might find the coarse location. The Internet traffic associated with A-GPS can be encrypted but this, again, won’t protect it from Google. To determine the location of a specific individual, Google has to be able to relate the IP number to the individual. As discussed above, that can be done with a reasonable degree of confidence.

On recent Lineage versions, A-GPS is disabled by default. If enabled, it uses Google’s servers – so far as I know there are no widely-available alternatives. I just keep it disabled, and live with the disadvantage of longer GPS start-up times.

Time synchronization, NTP

At one time, Lineage OS used Googles’ time servers to set the time on the device. So far as I know, this is no longer the case – a general pool of NTP servers is used. Even if that were not the case, I can’t worry too much about leaking time synchronizing data.

WebView

I believe that WebView is the most troubling source of privacy concerns for Lineage OS, and the one whose ramifications are the least well-understood.

WebView is a component of Android that renders web pages. Of course, a web browser will do this, but many Android apps and services have a need to render pages without actually being a browser. The ‘captive portal’ support I described above is an example: the device needs to render a page for user to log in or purchase Internet access, even if no web browser is installed.

Lineage OS uses the WebView implementation from the AOSP, which is based on Chromium. Chromium is Google Chrome without the proprietary Google stuff, and it’s undoubtedly less of a privacy concern than Chrome would be. But Chromium, even though it’s open-source, is still primarily a Google product.

There are many known instances where Chromium will provide some user data to Google servers. For example, we know that Chromium downloads lists of ‘unsafe’ websites to support its ‘safe browsing’ feature. This will happen however Chromium is used. When used as a regular web browser, Chromium might send data to Google for its ‘hot word’ detection, for example.

When Chromium is only used to provide a WebView implementation, I’m not convinced that these minor privacy breaches are significant. It’s worth bearing in mind that the Jelly browser that is shipped with Lineage OS is just a wrapper around the Chromium WebView – if you use this browser, you’ll have the same privacy concerns as if you use Chromium itself.

There are a number of Google-free WebView implementations, like Chromite. GrapheneOS uses a WebView implementation called Vanadium, which is essentially a de-Googled Chromium. Installing one of these implementations on Lineage OS is not straightforward, or so it seems to me.

I don’t use Jelly or Chromium itself as a web browser – I install a browser that is not based on Google code, like Firefox. This limits my exposure to Chromium to occasions where WebView is used other than as a browser. In my normal usage, I don’t think there are many of those occasions, so I’m not too worried about WebView.

Nevertheless, it remains a slight concern and, if I could replace it without a lot of effort, I would.

Are we in tinfoil hat territory now?

I don’t like Google knowing so much about me, but I don’t believe Google’s data collection is directly harmful to me. My disapproval of Google’s activities (and I know Google is not the only culprit) is mainly one of principle. I don’t want to be a source of revenue for Google, or to legitimize their behaviour by my own inaction. I don’t want Google to make the Internet more of a hellscape that it currently is.

But I’m not paranoid. I don’t think Google is out to get me, or is in league with people who are. My rejection of Google falls short of doing things that will make my life hugely more difficult.

I am aware, all the same, that I have one foot in tinfoil hat country.

I know a few people – some in my own family – who eschew smartphones because they create time-wasting distractions. I certainly know people who don’t give smartphones to their kids, because of the well-known risks that social media poses to their mental health. But almost nobody avoids Google because they believe, as I do, that the surveillance economy is detrimental to society in the long term. Even those few who do believe this are mostly not willing to take action, because they believe (or convince themselves) that the benefits of a connected world outweigh the costs of a total lack of privacy. For me that’s like understanding the risks of climate change, and yet choosing to run two or three gas-guzzling cars because it’s a half-mile walk to the shops.

The few people who do believe as I do, and are willing to act on their beliefs, tend to be people who also believe that they’re being monitored by the CIA, or that Covid vaccines are implanting mind-control receivers. That’s not a gang that I want to run with.

On the whole, I’m satisfied that Lineage OS, as I use it, is preventing nearly all of Google’s data collection. I don’t install or use any Google services, I don’t enable A-GPS, I don’t use Chromium or the built-in browser. I could eliminate more arcane aspects of data collection – like the Internet connectivity check – if I wanted to take the trouble.

I don’t think that taking reasonable precautions to avoid becoming part of Google’s data collection economy makes me a tinfoil-hatter. Nevertheless, I would probably use GrapheneOS instead, if I had devices that supported it. Ironically, if I wanted to use GrapheneOS, I’d have to buy Google-branded mobile devices, which is an irony that really stings.

I'd like a small software on Linux, with a modern GUI that allows me to save certain important blog articles.

Wallabag is not interesting for me because it's too heavy (Docker)

I DON'T WANT ANYTHING SELF-HOSTED

cross-posted from: https://lemmy.world/post/31800014 cross-posted from: https://lemmy.world/post/31800014 Please see the cross-post as it is updated.

According to a post online, Thunderbird email client makes connections to sites that have nothing to do with sending and receiving email, for "telemetry" and other questionable reasons

Is this something we should be concerned about? Is there a good alternative to Thunderbird given that it seems to have telemetry implemented inside it?

I use Thunderbird heavily and I'm really worried about this problem. Can someone clarify whether if thunderbird is trustworthy?

Below is the post https://support.mozilla.org/en-US/questions/1381543

In case it gets taken down, a user asked this:

I would like to know why, when Thunderbird first starts up or shortly thereafter, it attempts to connect to the following sites:

detectportal.firefox.com

status.geotrust.com

thunderbird-settings.thunderbird.net

It does not need to connect to any of these to send or receive email, so I would like to know why it's attempting to connect to those addresses. Little Snitch is blocking them for now but if one of them is important I can remove that block.

Also, at some point every day, Thunderbird complains that it can't get the latest version, and every day I have to dismiss that popup. I bring this up because it may be related to me blocking the connections but until I know what they are for I'd like to know if it is possible to make Thunderbird stop checking for updates.

They all concern me but the one that really concerns me is thunderbird-settings.thunderbird.net, first because it is listed as a bad address on one of the malware sites, and second because I don't want my settings being sent off my computer. Really the only reason I want Thunderbird to connect to the Internet is to send and receive mail, and maybe to check for updates if it can do ONLY that, and not send any other data from my computer back to the mothership.

And this was the response, from a "Top 10 Contributor"/"Moderator" (emphasis added):

Firefox.com is owned by Mozilla corporation.

Thunderbird.net is owned by the Thunderbird project / Mzla technologies

GeoTrust is an Audited encryption certificate purveyor with a huge web presence that is a subsidiary of DigiCert, a larger certificate and PKI company.

If you have software identifying either an malware sites or some other imagined bad sites then I suggest you get rid of it. This is course unless you suspect Thunderbird or Mozilla of nefarious intentions in which case you probably want to remove their products and use another mail client and browser.

Why does Thunderbird try and connect to the web? Because significant part off it are web pages. That is why there are so many external preferences loaded in the defaults.

Another response on this site states https://support.mozilla.org/en-US/questions/1251590 detectportal.firefox.com is used to detect captive portals on public wifi networks to be able to redirect you to their logon screen, so you don't just get page loading errors in firefox (set network.captive-portal-service.enabled to false in about:config in order to disable that feature). Thunderbird ises the Fireofx code base and will be doing the same of web pages.

I would guess without trying that status.geostruct.com is an attempt to verify the legitimacy of a geotrust SSL/TLS certificate issued by probably your mail server as Thunderbird.net uses lets encrypt and Firefox uses Amazon. I assume your connections are encrypted. Probably prompted by the setting Query OSCP responder servers to confirm the current validity of certificates.

I clicked the link you posted to thunderbird-settings.thunderbird.net which gave me a link to https://docs.kinto-storage.org/en/stable/overview.html where I read

At Mozilla, Kinto is used in Firefox for global synchronization of frequently changed settings like blocklists, experimentation, A/B testing, list of search engines, or delivering extra assets like fonts or hyphenation dictionaries.

Given Thunderbird is built on the Mozilla platform, I think we have an answer.

All I can say is in this day and age, software calls home extensively to report telemetry, load web pages and download settings appropriate for certain actions like configuring an account. TRying to prevent that is really limiting the software ability to function as a fairly basic level.

You have listed three of perhaps twice that number of sites Thunderbird will regularly connect to.

On startup it will load a web page from

https://live.thunderbird.net/

Opening the addon page will load Thunderbird.net pages as will viewing the release notes, or any of the entries on the help menu except about. Some open in a browser window, others open internally to Thunderbird. I have no idea what exact connections are made and I am not aware of any list or page that monitors them.

Checking for updates is not optional, The team do not want folk using old versions of the software as it exposes them to increased security risks as each version contains security enhancements. Updates can be managed in corporate situation using group policies. Otherwise stand alone users are limited in their options options to automatic install or not.

I won't post the user's reply to that (it is a bit lengthy) but he's not happy with the response. He just wants an email client that will connect to Google' email service using oAuth. As he says, he already has several web browsers and doesn't need another. He just wants his email program to do email and that's all, apparently.

I think maybe the Thunderbird developers have some explaining to do, particularly with regard to why they are forcing telemetry on users and giving them no way to opt out.

cross-posted from: https://lemmy.world/post/31800014 Please see the cross-post as it is updated.