> My only point is that "This Firefox antifeature is an invasion of privacy"
will be a more effective argument than "The fact that this feature can't be
disabled without editing the source code violates freedom 0."
You are right about that. Perhaps I should have actually used a new
definition, e.g. "freedom -1" as what I am questioning is deeper than F0.
From general user perspective security and privacy are much more important
then the ability to inspect the code. Maybe the 4 freedoms are not enough and
we need a new form of evaluating qualities which considers the deeper issues
of today.
> It sounds like RMS took your report seriously and I believe they will fix
it.
Yes. But still - is there any official public announcment by FSF saying "We
have found a privacy issue in IceCat" + description of it? I actually
suggested in my emails that they share the issue with the public, so that
people know about them.
> I don't have time to look further right now but will get back to you.
If you have Trisquel you could probably repeat the test for yourself and
share the result.
> Most of what I know about Chromium comes from what Magic Banana and others
have shared on this forum, including in this thread and others, regarding why
Chromium is excluded from Trisquel.
Now you have actual facts from tcpdump too :)
> The bug Supertramp links to is apparently closed but alarming.
It seems invalid because current version of Chromium doesn't do what that bug
describes.
> I understand that Chromium is currently being investigated by jxself, so
perhaps a libre build will be possible in the future, but until them I'm not
going to trust the Chromium developers to declare that their software is
libre given (1) the material Magic Banana links to and (2) the fact that they
have no real incentive to care about freedom and only even attempt to meet
the weaker "open source" definition for strategic reasons.
This is a valid concern but the question is: why would you trust a "free
software" which sends packets to Amazon etc. or would you use one which is
weaker (OSS) but shows better privacy?
> I'm about to get a little off-topic, but if you are using Android you might
consider switching to Replicant (if you are okay with aquiring and using an
older device) or LineageOS (not 100% libre like Replicant but much better
than Android and supports more devices than Replicant).
I know about Replicant and LineageOS (and Omnirom). I have a Samsung Galaxy
S3 mini which unfortunately is not supported by any of those. I very rarely
connect the internet from my phone and (almost) never turn on the GPS. Of
course that doesn't mean anything because it doesn't stop the firmware to do
what it wants but still... this is the only thing I can do for the moment. We
also have 2 devices here (used by other people) which are in the supported
Replicant list and I am planning to try Replicant on them but considering
that Replicant is not 100% deblobbed - I am questioning if it makes any sense
at all. Maybe we can rather wait for the Librem 5 phone? :P
> Tor...
One problem which I see is that one cannot use login-based sites at all and
preserve anonymity because 1) you need an email address (or phone no.) to
create a login 2) I cannot find any email service provider where one can
register for free without javascript. And all this greatly limits Tor usage.
BTW do you think that installing uBO, uMatrix or HTTS everywhere as
extensions in Tor reduces anonymity or improves it?
> Suppose you want to receive information from this person without giving
them any information about yourself.
You see - THAT is the big paradox, the fight is not for freedom but for
control. We hate to give information yet we want to receive freely available
one. We really try to be clever merchants of information because of all our
cultural conditioning. How is that different from what PRISM does?
> The act of communication inherently requires giving some information, and
in some situations the only way to complete the exchange without the other
party learning something about you is if they don't know who the information
is coming from.
The other day I've been thinking about a new way of communication. A new
network if you will. AFAIK UDP does not require response from the other peer.
So in that sense: what if we have a network of anonymous UDP peers sending
encrytped info. It will be available to all other nodes but only those which
know how to read it (the recepient) will be able to. Of course this is just a
very rough concept but maybe worth considering... Share your thoughts please.
> Here's a good link (https://www.eff.org/pages/tor-and-https).
Thanks. I find it amusing that the page ask to enable Javascript :)
