My question was specifically about “the general non-technical population”. Do you expect my mom to even remotely understand what different servers are and why talking to me is securely encrypted but talking to her friends group isn’t? The point about secure software is that it needs to be secure by default or else, entry level users will manage to accidentally send their stuff in plain text and not even notice.

For nerds like us, I agree that Matrix is probably a good choice. For someone who needed to be told that “the internet” isn’t the blue “e” on their desktop… not so much. I’d rather send carrier pigeons than explain Matrix to my family.

What would you recommend as an alternative for the general non-technical population?

There were a few things that it eventually got but lacked for way too long like support for UNIX line endings.

Telegram on desktop shows all participants on the left if the window is over a certain width so you don’t have to move your eyes left and right over the whole screen.

Only rich studio bosses and investors are allowed to exploit Hollywood.

As said: it’s not just the current government. As soon as the data is on a government server, it’s every single government for the rest of my life. And that’s a gamble I wouldn’t be willing to take.

And there’s a big difference between a police agency spending lots and lots of time and money to get to the people they’re interested in (gestapo, stasi, whatever) and them already having the data and being able to filter by whatever criteria they want at zero extra cost within seconds.

When it comes to my data, I treat everyone like they’re my enemy. Some of those enemies I do have to trust with parts of my data, otherwise I couldn’t live a normal life but I still would want to avoid giving a single entity (especially one that literally has power over people) too much at once.

Also, I do live in a country with plenty of public services and a more or less functioning government. Still, 20.8% voted for literal Nazis in February and no matter how often I vote for someone more sensible and how many protests I join, that probably won’t make those people less hateful.

Explain to me how running the registry office gives them nearly as much info about people’s preferences as a dating app does. They may know who people are married to and if they have children. From that they might have a rough idea if someone is straight or not and that’s about it. They don’t know if some who’s in a heterosexual marriage is actually bisexual or even uses the marriage as a socially accepted front to hide being gay from their family. The state has no idea where an umarried person lies on the spectrum from aromantic-asexual to bouncing from orgy to orgy on a daily basis. They don’t know if someone is into BDSM, roleplay, doing it outdoors or threesomes. They also rarely know much about non-sexual hobbies.

All those things may show up in dating site profiles or if not there, in the private messages sent between users. And this is not even about a government not being trustworthy now. Anything that gets put in such a site will stay there for the foreseeable time and even the most stable democracy might be just one freak election away from having a weirdo in power who thinks that people who like sex with their socks on don’t deserve health insurance.

Of course that’s also a risk with private dating platforms but at least for those the government would have to subpoena this kind of data from them instead of having it always available without the public even knowing if and what they’re analyzing.

I would rather not have the state sit on a huge database of people’s sexual orientation and other preferences, thank you very much.

So do bananas

Important note: this is about quantum teleportation. They transferred data between two quantum computers without a cable or wifi. Teleporting matter, let alone matter in useful quantities is far off.

With the trend to make ever larger but thinner phones, we’ll eventually end up with an A3 sheet of paper. I just want the 5/5S/SE1 or Mini form factor back. I don’t care about thin phones, only about being able to use the whole screen with one hand.

Note that this isn’t specific to Go. Reading from stream-like data, be it TCP connections, files or whatever always comes with the risk that not all data is present in the local buffer yet. The vast majority of read operations returns the number of bytes that could be read and you should call them in a loop. Same of write operations actually, if you’re writing to a stream-like object as the write buffers may be smaller than what you’re trying to write.

I came into this discussion from the technical perspective (of which I’ve done plenty of research, both in university and in my job) that commercial VPNs don’t do what most ads want you to think they do. Your ISP sees a lot less than they want you to think, VPNs use just the same encryption algorithms as everyone else and while public WiFi isn’t great security-wise it’s not as if anyone will read your bank password the second you connect. I still stand by those claims.

Then, the discussion drifted towards who you’d rather trust with the things that aren’t encrypted (mostly DNS and connection metadata. Someone has claimed that many messengers are unencrypted but I think they have confused a lack of user-to-user encryption with user-to-server encryption), your ISP or some VPN provider. That’s the point where we diverged: as I had no need for a VPN myself (because of the reasons mentioned above), I had not researched individual VPN providers and was not aware that Mullvad apparently has a strong track record. For that I apologize. Still, in a thread that started out with someone not knowing if they need a VPN at all and most discussion has been very general, I would not assume that anyone who comments is familiar with a specific provider without them being named explicitly. Also, I’ve stated in at least three places that I was explicitly talking about VPN providers like NordVPN and Surfshark that are prominently (mis-)advertised. Those I still would not trust further than I can throw them.

But I guess that’s online discussions. We’ve talked about two different things and took a while to notice. I’m thankful for the correction and I hope you can understand where I came from.

I checked and there is only a single comment that mentions Mullvad (other than yours that I’m replying to right now) that’s visible on my instance with no specific explanation why it’s better than other offers other than that you can pay with cash. If I’ve missed something, I promise you that it’s not in bad faith, it’s just that this distinction didn’t come through clearly.

I hadn’t heard about Mullvad before today and a quick look at their website made it look not very different from the fear-mongering you see with the others. Only after your comment I noticed the Why Mullvad VPN link at the very bottom that explains what they do differently. I’m still skeptical about some of the claims and especially of audits that they themselves requested but I’m happy to see that there are providers that seem to be more trustworthy than the ones that are constantly shoved down our throats and I’m definitely happy to have learned something new.

May I suggest that you write a top level comment that explains in detail why Mullvad is better than other services so OP (and others who stumble over this thread) has an easier time finding it?

Edit: minor typos and grammar

Oh I most certainly don’t have much faith in my local ISP. But I have even less faith in some VPN startup funded by venture capitalists who may or may not be cutting corners on security to save a few bucks on their ends even if they’re not actively malicious. At least my local ISP has been around for decades and is closely monitored by both a government agency and independent customer protection groups.

And yes, I do live in a place with a very strong regulatory framework. Our ISPs are bound by the EU GDPR and our highest federal court has confirmed multiple times that even saving connection metadata without a case-specific court order is illegal. Sure, they could break those laws but a commercial VPN provider can do just the same with the difference that not as many people would notice.

Sure, if you know that your ISP abuses your data, go ahead and do something. Though I would recommend changing ISPs before you give even more money to some other company who may or may not do the exact same thing to your data. I’m specifically not talking about TOR or some VPN that you host on your own. I’m talking about companies like NordVPN and Surfshark.

The analogy of locking your door doesn’t quite fit. Locking your door doesn’t cost you 10 dollars per month and doesn’t require you to hand your keys to the guy who sold you the lock.

A commercial VPN provider is just another random third party.

If you’re using a commercial VPN from a provider who can legally operate in your country, your national government can just as easily get that information from them as from your ISP.

While my threat model is not universal, it comes close, at least for the average user which OP seems to be from their question. In practice, there is very little unencrypted traffic these days and in the case of that traffic you will have to ask yourself if your (commercial) VPN provider is more trustworthy than your ISP.

If you need to ask if you need a VPN there’s a 99% chance that you don’t. There are certainly a few use cases for both commercial VPNs and TOR (see my other comment) but to even be aware that those apply to you, you probably already have enough technical knowledge to approach the question from the direction “I want to do XYZ, how can I be more secure?” and not “I’ve heard of VPNs, do I need one?”