How would one go about switching away from Dropbox to something else that would be free, private, and macOS/iOS compatible?
ChrisMarshallNY · 1h ago
As far as privacy goes, I always say that the best way to ensure privacy, is to not take the information in the first place.
I manage an app that Serves an extremely privacy-focused demographic. I won't use push notifications or PassKeys, because each requires that the server store information that can be linked to a user. We do require a valid email account, and that's it. The email account can be a throwaway, but it needs to be able to receive email. Other than that, the user can choose to do things like mention their location (even then, we "fuzz it," at the server level), and maybe a couple of strings that can be anything they want.
Even with that, I still find that I need to constantly assuage doubts.
I know that not taking information is heresy, hereabouts, but, if I don't have it, it can't be leaked, and I can't be compelled to divulge it.
senko · 1h ago
This is the way.
Or at least it should be, if companies were putting users first (a naive thought, I know).
I have a small mobile app for recording expenses (receipts). The usual strategy would be for users to create accounts and store and sync data with my service. Potentially useful data (behavior, spending), which I don't want to touch with 10ft pole.
Instead, I keep all the data local (user's device). No registration at all. Nothing to store on the server.
Slightly more inconvenient for the users (to move to a new device, you need to export and import the local db), but cheaper and zero-stress for me.
jimkleiber · 1h ago
I built a micro-journaling app back in the day and subscribed to this philosophy as much as i could have. On Android, i even didnt let the app have the permission to access the internet. Everything was stored on device, encrypted. However i was still scared that individual phones would be hacked (or the app itself) and the info would get out anyways.
mpalmer · 39m ago
What do passkeys require you to store besides a public key? Isn't the whole idea that passkeys don't burden providers with sensitive credentials?
ChrisMarshallNY · 38m ago
A public key can be associated with an individual user. Same with the pseudo-UDIDs, that are required for push notifications.
mpalmer · 35m ago
I guess I don't see a practical way of exploiting that association. UDID, that's unique identifying info for sure. But a public key that's never reused?
harryday · 1h ago
Used Obsidian (paid for commercial and sync) for years, loved it, and evangelised. Ango and team seem to have genuine integrity.
Am moving to Emacs, org, plus self-built elements, however. With much pain.
You see, what is /not/ self-guaranteeing about a full Obsidian life-organising workflow is the necessary reliance on plugins and their quirky configs. I felt as locked in to the ecosystem as I ever did with services that ‘merely’ used a proprietary storage format.
I know others in the same boat. Obsidian’s long-term legacy may well be primarily as a market-maker for Emacs.
gr__or · 1h ago
Bluesky/ATProto is a recent example of a self-guaranteeing promise
immibis · 22m ago
No, not really. You're just assuming they're going to continue displaying your posts on bsky.app. everyone is reading your posts through bsky.app and it doesn't matter if your post is technically available through a side channel if it's not available through the main channel.
worldsayshi · 26m ago
Really? What makes the protocol self-guaranteeing?
I manage an app that Serves an extremely privacy-focused demographic. I won't use push notifications or PassKeys, because each requires that the server store information that can be linked to a user. We do require a valid email account, and that's it. The email account can be a throwaway, but it needs to be able to receive email. Other than that, the user can choose to do things like mention their location (even then, we "fuzz it," at the server level), and maybe a couple of strings that can be anything they want.
Even with that, I still find that I need to constantly assuage doubts.
I know that not taking information is heresy, hereabouts, but, if I don't have it, it can't be leaked, and I can't be compelled to divulge it.
Or at least it should be, if companies were putting users first (a naive thought, I know).
I have a small mobile app for recording expenses (receipts). The usual strategy would be for users to create accounts and store and sync data with my service. Potentially useful data (behavior, spending), which I don't want to touch with 10ft pole.
Instead, I keep all the data local (user's device). No registration at all. Nothing to store on the server.
Slightly more inconvenient for the users (to move to a new device, you need to export and import the local db), but cheaper and zero-stress for me.
Am moving to Emacs, org, plus self-built elements, however. With much pain.
You see, what is /not/ self-guaranteeing about a full Obsidian life-organising workflow is the necessary reliance on plugins and their quirky configs. I felt as locked in to the ecosystem as I ever did with services that ‘merely’ used a proprietary storage format.
I know others in the same boat. Obsidian’s long-term legacy may well be primarily as a market-maker for Emacs.