@debby that assumes @protonprivacy actually cares about #Privacy, which they evidently don't, cuz otherwise they'd never even #log or #request any #PII to begin with and instead offer their Services via @torproject / #Tor as #OnionService…

• Not to mention they fuck around with customers' #eMails, thus having prevented people from cntributing tovthe #LKML in the past...

To me this isn't a big loss, but a conditionless surrender in favour of better competitiors like @monocles and even @Stuxhost for that matter...

@lastquake a #XMPP-#Bot would be even better, as #Telegram demands #PII in the form of a #PhoneNumber!

@nixCraft actually this screams "#GDPR & #BDSG violation" so loudly that even demanding #PII and espechally an #ID should get them sued by @noybeu and @Bundesverband ....

• Cuz "#OpenAI" has neither "legitimate interest" nor a mandate to even demand to see an ID, much less to store and process it!

This isn't like a contractual agreement or some finance where one could argue "#KYC" is warranted "to combat #fraud"...

• The only thing worse I've seen is some obscure company that brokers #bandwith with a hidden #proxy feature in #apps...

@Linux @jeffowski you need some help?

Personally I'd recommend @monocles as they request no #PII and support anonymous payment incl. #CashByMail & #Monero!

@marczz

Why you should use full-disk encryption

If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.

You will fail to delete drives properly

Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.

The law demands it

#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.

Law enforcement makes "mistakes"

I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.

There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.

You already mentioned that ordinary thieves can also be a problem.

Encryption is available for free

So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

• Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

@bogdan anything that mandates #2FA and doesn't provide #TOTP or #HOTP support as per #RFC but demand something like #PhoneNumbers that are #PII should be outlawed.

• I can accept #PGP-based 2FA as a compromise...