> Accounts can only be used on a single device, multi-device support is planned for the future
Can confirm that this is not true. I have multi device set up and it works just fine.
> Files are temporarily stored on a central server (encrypted) until the recipients retrieve them
Not just files, but also your messages. However, it's not as "centralized" as you think. The messages are stored across the Loki network, not just on one centralized server.
> Still new, bugs exists and features may change
Another con I would add is that it is painfully slow. There's often a delay of 10-15 or more seconds between sending a text message and receiving it. Interestingly, media files have about the same "lag". This makes faster conversations difficult, since I would send a message and an older message would backfill in making my message irrelevant. For example, I would receive "I have an idea", send back "what is the idea", but then a few seconds later a message would backfill in and appear before the message I just sent with clarification on the idea.
But that being said, I still think Session is one of the best truly-secure messengers out there. It's bug-free enough for daily use, very decentralized, solves the "offline message" issue. The only concern I have left is their weird crypto integration. The nodes in the Loki network are crypto nodes and it requires staking some $LOKI to join the pool. You do get rewarded for participating in some ways, however.
The power went out where I am right as the temps dropped. That means no heating. Luckily, I was able to get my fireplace running, despite it being fully electric-controlled and we were out of batteries (I just wired together a bunch of triple A's and it happened to work)
I made something similar a few years back when I was learning web dev. It's not nearly as polished, but I'd love to pick apart your code and see what design decisions we did similarly/differently
It's gotta grow at a rate of e^x so that the rate of growth is also the rate of the rate of growth and also is the rate of the rate of the rate of the rate of the rate...
That's a Starship robot. We have them around my college campus. They're typically super safe when crossing roads, but sometimes they just decide to wander out in front of a car.
My concern wasn't that Privacy.com knows who is using their service, but with rather how they choose to know that information through a third party (Onfido) and how terrible Onfido's privacy policy is.
Recently I've signed up with Paddle, and they have opted to verify user identities with Onfido, so they have asked for a government ID and a selfie. I have contacted Paddle and refused to provide a selfie, so they eventually asked me to upload my ID too in place of a selfie and manually approved the submission.
Paddle has no excuse for collecting selfies, they are providing services to businesses that can be verified in more humane and secure ways, such as an electronic signature.
Verifying people with selfies is a degrading and insecure practice, especially when you encounter Onfido during the installation process of a bank's app that you already have an account with, opened in person at a local branch in the EU. This bank also asks you to create a video of yourself and submit your speech to configure their mobile banking app. I'm sure the data will be useful for someone when Onfido eventually gets hacked, or just sells your biometric data.
My hope is that biometric data collection for online account verification will become illegal once all EU member states have intoduced electronic IDs which have an NFC chip. The verification should consist of a person holding their ID next to their phone, and the online service would only receive the minimum amount of personal data to complete the verification.
This is not how it works. Your NFC ID card establishes that a person that looks like X is named Y. That’s fine, that’s what we get, just less reliably, from a photo of your passport. You will still need to smile for the camera to establish that a) you look sufficiently close to X and b) you appear to be a live human being (as opposed to a photo being held to the camera)
The image of your face and the image (NFC capture) of your ID are stored to prove to auditors that you were indeed verified to required standards.
No one wants your mugshot, it’s a legal requirement they are having to satisfy.
Selfies are collected by a limited number of companies because it is a convenient way to satisfy KYC, but it is by no means legally required to collect this biometric data, nor is it secure to verify customers this way thanks to the proliferation of AI.
KYC checks are already being tested with electronic IDs, and the identity of the customer is verified by the presence of a government ID, and the input of a PIN. No selfies or similar farces are involved.
Maybe you should quote the whole thing instead of making it sound like they sell the data?
"As part of a business transfer. Onfido may disclose your personal information to an actual or potential buyer, investor or partner (and its agents and advisers) in relation to any actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding"
I agree with you but the thing is I don't remember doing any of that stuff to use privacy.com. I hope they just changed their policy and that I haven't forgotten about uploading identification and photos of myself. I normally would not tolerate that.
All I remember is using the plaid bank API which is itself probably very dangerous and a poor decision to allow.
Then why drop a steaming pile of shit on the company who's not directly at fault via the title? For clickbait?
I've used privacy.com for years. Never had an issue. Never had to validate my identity. Never had any issues with support. If used as prescribed (setting limits on cards etc) it fits in directly to where it belongs in my threat model.
Using a company and having proper contracts and agreements with them to be properly protected is not malice, especially since the company is well known and assumedly adheres to regulation.
I'm not sure what you want privacy.com to do differently.
I think the ask was pretty clear: not to share confidential identification information with sketchy companies that are clearly sharing that information with everyone.
So you're saying Privacy should reinvent the wheel with an incredibly difficult, terrible-to-manage process, itself requiring an entire company worth of people and a huge support staff, laden with insane amounts of red tape, just to perform a small function of their business, instead of contracting out another company that specializes in doing this exact thing?
This seems like a larger security/privacy surface area than the latter approach.
OP's original point is that a company marketing themselves as a privacy tool are forcing customers to use a 3rd party for processing very personal identification data. That 3rd parties TOS, which binds customers of privacy.com, says they can and will share data with anyone they want for any reason. That's nearly the antithesis of the privacy the company is marketing itself on.
Privacy.com don't have to use Onfido, there are other options out there. There could be a myriad of reasons why they chose Onfido over the competition but the TOS bind the privacy.com users and they don't offer any alternative.
For a company leaning on "privacy" as their primary marketing tool, this is a double standard. It doesn't mean Privacy.com is a bad company with horrible people building a terrible product. They're just calling out a company for doing something seemingly opposite to their marketing, and saying that's why they personally aren't using the product.
You can disagree with OP but doesn't make their point wrong, invalid, or stupid.
No, i didn't say that, nor did the post. You keep making these absurd leaps. Privacy.com advertises themselves as being private. I expect them to be private. They're the ones who chose to hinge 100% of their marketing strategy, all the way down to their name and domain, on how very private they were.
They should just verify identities without selfies, like most payment providers. This trend of using selfies comes from shady crypto companies that were eager to pretend that their users have been verified, while also benefiting from the collected biometric data.
> Accounts can only be used on a single device, multi-device support is planned for the future
Can confirm that this is not true. I have multi device set up and it works just fine.
> Files are temporarily stored on a central server (encrypted) until the recipients retrieve them
Not just files, but also your messages. However, it's not as "centralized" as you think. The messages are stored across the Loki network, not just on one centralized server.
> Still new, bugs exists and features may change
Another con I would add is that it is painfully slow. There's often a delay of 10-15 or more seconds between sending a text message and receiving it. Interestingly, media files have about the same "lag". This makes faster conversations difficult, since I would send a message and an older message would backfill in making my message irrelevant. For example, I would receive "I have an idea", send back "what is the idea", but then a few seconds later a message would backfill in and appear before the message I just sent with clarification on the idea.
But that being said, I still think Session is one of the best truly-secure messengers out there. It's bug-free enough for daily use, very decentralized, solves the "offline message" issue. The only concern I have left is their weird crypto integration. The nodes in the Loki network are crypto nodes and it requires staking some $LOKI to join the pool. You do get rewarded for participating in some ways, however.