If there are no logs, there is nothing to give up. There is no law that they have to keep logs as far as I know.
You have to trust that the VPN provider doesn't store logs. I2P is pretty much trustless besides where the binary comes from, but you can even compile it yourself.
Lemmy should have the option to defederate from instances depending on automated criteria. Sign ups without admin checks are a great attribute to use for defederation, because it leads to such abuse. I've finally blocked most communities and instances that have news about US politics and have a clean feed, but for newcomers, that shit is everywhere.
Hey :) Hope you're doing well!
That is actually a good question. Probably the consumer protection agency would be a place to report it. There must also be non-profit watchdogs, but I can't think of any besides NOYB (none of your business) who are all about privacy.
Indeed. I'm not sure what the format is and whether a man in the middle or fake service could be run on the device, which pretends to be google's attestation service and just responds with a "yep, this device is fine" in the correct format. It may be easier than rewriting an entire app and be applicable to other apps as well.
Can someone start a Signal group? That's encrypted and safe for sure. You can use usernames and have public groups.
I think it's more a monopoly attempt. I wonder how the EU will react if someone takes this to court.
Forcing one app store fits the bill of monopolistic action.
It's not the store that's the problem. The integrity API is a web API. First the app collects data about your phone locally and then it sends it to google asking "is this phone 'safe'?". Google then responds with how safe it believes the phone to be and the app itself makes a decision. The alternative app store is completely out of the loop.
It's maybe difficult to maintain privacy. The destination needs to be known and has to somehow notify other nodes that it's waiting for messages. I don't know if that can lead to traffic profiling to along the path (if enough nodes are owned) to deanonimise.
The sender can probably sealed like signal does though.
I imagine it comes with the problem most P2P chats come with: both sender and receiver have to be online at the same time, otherwise the message cannot be delivered.
Although, if people were serious about anonymity, they'd be using such a service (or similar).
Being a node isn't an issue. The traffic is encrypted, the destinations are unknown to the nodes themselves, and the traffic does not leave the overlay network (I2P). In TOR, you also have something similar, but the traffic can exit the overlay network but to do so, your node must be an exit node. I2P nodes are internal by default and it's not that easy to make it an exit node.
You are very safe being a node in I2P.
Anti Commercial-AI license