Good question. Please see my follow-up comment.

Not putting your WiFi password in would absolutely be reliable.

No, it would not.

I’d love to hear your ideas on how they’d remotely break into your WiFi Network

They wouldn’t, of course, nor did I say they would.

(But since you brought it up, we have already seen internet providers quietly using their CPE to create special-purpose wireless networks surrounding customers’ homes. These could obviously be made available to any company that paid the ISP for access, just as cellular networks have been made available to companies like OnStar. So a TV could do this with a business deal rather than breaking in to your normal WiFi.)

However, your network is not the only network in the world, and WiFi is not the only kind of link. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo). Power line networking exists. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite links become a little smaller and cheaper) but even that is not absolute, and most of us don’t.

Unless you disassemble your TV and examine all the components within, and know what they do, it could have any number of these capabilities.

Also, partly due to how prevalent multi-network support is becoming in electronics integration, it is not unusual for related functionality to be dormant at first yet possible to activate later.

I’d love for you not to be adversarial, and to learn more about a topic before making bold claims about it in absolute terms.

Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.

Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.

Also, this would be a good time to pressure our legislators into criminalizing this nonsense.

It’s disappointing to see that a couple dozen people decided to hit your post with drive-by downvotes, rather than using their words to express themselves in a way that actually contributes to this community.

Your question is a legitimate one, and relevant at a time when Windows is increasingly bloated and invasive, spyware is out of control, and Linux is increasingly a viable alternative even in certain tough areas like games. I just wish you had elaborated on why you singled out Ubuntu when several other widely-supported Linux distributions exist.

If those were my only two options, I would pick Ubuntu over Windows, no contest. I would replace its default desktop with KDE Plasma (or just choose the Kubuntu variant in the first place), rip out as much of Snap as I could, update the kernel, and plan to migrate to a distro that I like better whenever I was able.

For what it’s worth, Debian Stable with a few hand-picked backports and flatpacks suits me well, mainly for gaming and software development. (I’m a bit of an outlier among Linux users who post on social media, though: Having my system be low-maintenance is more important to me than always having the latest features in every app, and I’ve been known to make my own debian packages and flatpaks when something I want isn’t ready-made.)

Linux Mint, Pop_OS, and Arch Linux are also popular. There are quite a few more.

No, it does not. The closest it comes is allowing a PC to take control of a mobile client on the same local network. That might be a convenient way to type with a full-sized keyboard if you have both devices in the same place, but it is not what people mean when talking about multi-device support.

GP wants the ability to use their account from multiple devices independently. From different locations, not tethered on a LAN. With shared message history, notifications, unread state, identity, etc. That’s what multi-device support means in the context of messaging services.

I didn’t know that; thanks for sharing.

(BTW, I think you meant wreaking havoc.)

I don’t care how they estimate their cost in dollars. I think the cost to all of us in environmental impact would be more interesting.

SimpleX also loses messages if you don’t pick them up in time. Going on vacation for a few weeks could be problematic, for example.

Just keep in mind that any service that asks for a phone number can also disclose it.

I hope what leaves the Signal client is a hash of your phone number, rather than the number itself. They might even be using salts and expensive-to-execute key derivation functions, to mitigate brute force searches (which are otherwise easy given the relatively small search space of phone numbers). But if compelled, it would be trivial for Signal to change that behavior.

Let’s hope they also do something meaningful about it.

A few million dollars in fines will not fix it. Making it a felony, convicting and punishing the people responsible (extraditing them if necessary), might.

Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.

We want an E2EE A/V protocol that is publicly auditable

Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) people’s devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. And even if code is made available, without a way to verify that the code being run is the code that was inspected, any claim giving the impression that the system was audited is misleading at best.

During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically “upgrade” to E2EE if that member disconnects.

This sort of thing has historically been ripe for abuse. (See also: downgrade attack.) I hope they are very careful about how they implement it.

The protocol uses Messaging Layer Security (MLS) for group key exchange

Interesting. This makes me wonder if their motivation might be eventual compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

My early impression, based on what they wrote:

This won’t fix Discord’s major fundamental flaws. However, if their E2EE A/V design holds up to scrutiny, and if they were to fix their problematic language and provide truly auditable client code, the protection offered for audio & video could at least reduce Discord users’ exposure to unwanted harvesting of voice & face samples. A step in the right direction, and a timely one, given that biometric data collection and AI impersonation are on the rise.

@[email protected] was created ~37 minutes ago.

Their only post violates rule 2, and probably violates lemmy.world rule 8 (misinformation).

Somebody please show them to the door.

also any inputs are probably scraped

ftfy

Let’s hope it’s the bad outputs that are scrapped. <3

That number is a single manufacturer’s performance target. It is not a guarantee of results. You might be able to get Intel to replace an SSD if it corrupts data in under 52 weeks (assuming you notice it) but your data will still be gone.

Hardware performance can and does vary by manufacturer, model, and production run. Even the nominally identical cores within a single CPU have slightly different operating limits. YMMV.

Note also: the 52 week target you quoted is halved for every 5° rise in temperature.

I explained that they ought to be recipes to new media every N number of years or risk deteriorating or becoming unreadable

This is important, and for some media, it should be more often than that.

People forget that flash memory uses electrical charge to store data. It’s not durable. If left unpowered for too long, that data will get corrupted. A failure might not even be visible without examining every bit of every file.

Keep backups. Include recovery data (e.g. PAR2). Store them on multiple media. Keep them well-maintained (e.g. give flash drives power). Mind their environment. Copy them to new storage devices before the old ones become obsolete.

It’s funny that with all our technology, paper is still the most durable storage medium (under normal conditions) that doesn’t cost an arm and a leg.

Have they not heard of the TS100 or the Pinecil?

Of course they have.

An iFixit co-founder has been responding to questions over on Hacker News:

https://news.ycombinator.com/item?id=41521919

Review:

https://hackaday.com/2024/09/12/review-ifixits-fixhub-may-be-the-last-soldering-iron-you-ever-buy/

An SD card lasts for years, and the amount of plastic in one is negligible. It’s just not an issue.

Hark! The ghosts of countless generations of short-sighted polluters cry out in complacent, rationalizing unison!

It’s not about expecting one model of memory card to save the Earth. It’s about moving away from needless production of toxic materials, everywhere.

And if you don’t care, nobody’s going to force you to read The Lorax, but please don’t go around shitting on people’s appreciation for even the small things.

A journey of a thousand miles begins with a single step.

Less plastic being manufactured? Sounds good to me. :)