Thanks for reporting this — you're absolutely right.
The link was outdated and caused a 404. I've corrected it now.
Really appreciate the careful review.
Cool stuff!
But why asking for people to sign up and not let them try it out tho ? Also, when I signed-in, my prompt disappeared
Nevertheless, I appreciate that the sounds keep stored with their prompt
Yes! Most important thing is happiness balance between your job, how much you’re paid, your team and how much fun you have at work, and how you can spend your free time on what makes you happy.
For the same reason I never felt jealous about colleagues or people who won big money with Bitcoin or other magic techniques. Happy for them, but I’m happy with my choices too.
I know Lenaïg since I’ve been working at Mediapart a few years ago. I feel sorry for her. We were very careful on all security aspects, and it’s sad to see it’s never enough.
These comprise a small proportion of the sites submitted to HN. As for their share of the web as a whole, not sure how prevalent they are.
As such, I usually approach these as one-offs. I find the endpoint and move on. I just use the endpoint, not the "web app". Before I start scanning the JS files to find the endpoint, I first check for a corresponding Github page as most of the web developers using those frameworks so religiously have one. They often post the web app page to HN instead of the Github page. Obviously one can just run the site in a Javascript enabled browser, observe the traffic, and find the endpoint that way. Once you have the endpoint, you will never need to visit the "blank page" ever again. Of course you should be comfortable with JSON. I have no issue with raw JSON in lieu of HTML. In most cases it is easier to process.
If these JS framework sites were more prevalent, and they actually were sites that had data I cared about, I might automate a solution. Most of them tend to be aimed at collecting data, not supplying it, hence I am not much interested in them usually.
If you're worried about state agencies intercepting your communications, you're going to have to give up certain conveniences, like web based email and consumer VPN.
The services you mentioned should have superficial security that's at least on par with dominant providers, and will hopefully keep your information from being intercepted for the sake of advertising. I think that's still worth something.
Just get one crypto device from the US, one from Russia and one from China, and then encrypt your stuff using all of them, one by one. Then no single secret service could decrypt it all.
How do you know rulers of China, Russia and USA aren’t best friends ever and share information at top levels? You simply cannot trust a third party vendor anymore, no matter where they reside and this includes your cpu too.
Any information that needs security from nation state level requires physical data diodes.
I guess you can use the method you mentioned for protection against lower level actors.
What he's describing only works for symmetric encryption. Assymetric is the problematic one. There is no real way to verify the trustworthiness of VPN/proxy systems.
I still trust it to not sell my data to the highest bidder for marketing purposes and such.
The NSA and other state agents may or may not be capable of reading my emails, but I don't think they would care about anything I write/receive and for sure won't sell/publish it because of the risk of the world knowing about their possibilities. It's still opposed to my interest in privacy, but the main thing I care about is my life not being an open book on the internet for everyone to see (or even just marketers), and ProtonMail sells that to me as a business model, which I still believe in.
yes, you're right. I chose them in the first place because they made me realize that there is no such thing as "free email", and I was glad to pay for mine to avoid ads and private data exploitation
You shouldn't trust anything completely. All you can do is manage your risk to the best of your ability and be aware that unless you are talking to someone on top of a mountain and neither one of you have a phone with you, everything you communicate, digitally or otherwise, is very likely being recorded or logged somewhere by someone.
You shouldn't have been trusting them in the first place. At least not completely. You're just taking their word for it and trusting a company blindly based on only their promise.
There is no way to run anything substantial like ProtonMail without getting tapped by agencies or even worst they will force you to integrate and cooperate. There are just many regulations and you have to comply.
reply