If your computer is compromised to the point someone can read the key, read words 2-5 again.

This is FUD. Even if Signal encrypted the local data, at the point someone can run a process on your system, there's nothing to stop the attacker from adding a modified version of the Signal app, updating your path, shortcuts, etc to point to the malicious version, and waiting for you to supply the pin/password. They can siphon the data off then.

Anyone with actual need for concern should probably only be using their phone anyway, because it cuts your attack surface by half (more than half if you have multiple computers), and you can expect to be in possession/control of your phone at all times, vs a computer that is often left unattended.

it doesn't unravel the underlying complexity of what it does... these alternative syntaxes tend to make some easy cases easy, but they have no idea what to do with more complicated cases

This can be said of any higher-level language, or API. There is always a cost to abstraction. Binary -> Assembly -> C -> Python. As you go up that chain, many things get easier, but some things become impossible. You always have the option to drop down, though, and these regex tools are no different. Software development, sysops, devops, etc are full of compromises like this.

This is not entirely correct. Messages are stored on their servers temporarily (last I saw, for up to 30 days), so that even if your device is offline for a while, you still get all your messages.

In theory, you could have messages waiting in your queue for device A, when you add device B, but device B will still not get the messages, even though the encrypted message is still on their servers.

This is because messages are encrypted per device, rather than per user. So if you have a friend who uses a phone and computer, and you also use a phone and computer, the client sending the message encrypts it three times, and sends each encrypted copy to the server. Each client then pulls its copy, and decrypts it. If a device does not exist when the message is encrypted and sent, it is never encrypted for that device, so that new device cannot pull the message down and decrypt it.

For more details: https://signal.org/docs/specifications/sesame/

This kind of reminds me of Crispin Glover, from Back to the Future. He tried to negotiate a higher pay for the second movie, so the producers hired a different actor to play the role, but deliberately made the actor up to look like Glover. In response, Glover sued the producers and won. It set a critical precedent for Hollywood, about using someone's likeness without consent.

The article mentions they reached out to her two days before the launch - if she had said 'OK,' there's no way they could have even recorded what they needed from her, let alone trained the model in time for the presentation. So they must have had a Scarlett Johansson voice ready to go. Other than training the model on movies (really not ideal for a high quality voice model), how would they have gotten the recordings they needed?

If they hired a "random" voice actress, they might not run into issues. But if at any point they had a job listing, a discussion with a talent manager, or anything else where they mentioned wanting a "Scarlett Johansson sound-alike," they might have dug themselves a nice hole here.

Specifically regarding your question about hiring a voice actor that sounds like someone else - this is commonly done to replace people for cartoons. I don't think it's an issue if you are playing a character. But if you deliberately impersonate a person, there might be some trouble.

Not to justify the actions of the shooter, but ringing the doorbell before breaking in is definitely a thing. It's a means of checking if the house is occupied - if you're just trying to steal things, an unoccupied house is ideal, and if someone answers when you ring, it's easy enough to make up an excuse and walk away.

A much better solution than a gun, though, is a security door (similar to a screen door, but more kick proof).

For what it's worth, I just bought a TCL 55S450F (55 inch 4K HDR FireTV) specifically because it does not ever need an internet connection to function (expressly stated in the manual). It is currently on Amazon for $268 (they have other sizes at other prices). It's a great TV, considering the price. The only real drawback for me is the remote is Bluetooth, rather than infrared (less compatible with universal remotes).

Note that for full dumb TV effect, you'll want to go into the settings and tell it to resume the last input, rather than going to the home screen when you turn it on (without connecting it to the Internet, the home screen is basically just a big banner telling you it's not connected, and when you dismiss that, it just allows you to access inputs and manage settings).

I currently have a System76 laptop, and sincerely regret my purchase. When I purchased it, the Framework was not out yet - I wanted to support a company that supports right-to-repair, and figured since they controlled the hardware, firmware, and software (Pop!_OS), it would be a good, stable experience. It has not been, and support has generally been poor. I know other people have had better experiences than I have, but personally, I won't be buying from them again.

I haven't personally used Purism, but former co-workers spoke really poorly of them. They were trying to buy a big batch for work, and said the build quality was awful. Additionally: https://youtu.be/wKegmu0V75s

It looks like a few people are recommending this, so just a quick note in case people are unaware:

If you want to avoid being tracked, this is not a good solution. Searxng is a meta search engine, meaning it is effectively a proxy: you search on Searxng, it searches multiple sites and sends all the results back to you. If you use a public instance, you may be protected from the actual search engine*, because many people will use the same instance, and your queries will be mixed in with all of them. If you self host, however, all the searches will be your own - there is then no difference between using Searxng and just going to the site yourself.

*The caveat with using the public instances is while you may be protected from the upstream engine, you have to trust the admins - nothing stops them from tracking you themselves (or passing your data on).

Despite the claims in their docs, I would not consider this a privacy tool. If you are just looking for a good search engine, this may work, and it gives you flexibility and power to tune it yourself. But it's probably not going to do anything good for your privacy, above and beyond what you can get from other meta search engines like Startpage and DuckDuckGo, or other "private" search engines like Brave.

You manage the sources yourself, so if you don't want to search certain platforms, just don't add them.

I have no personal experience with this company, but I've followed them for a few years. I was initially very interested in their laptops, but was also very excited when the phone was announced. In the years since the phone was announced, I've heard and read many negative things about build quality and software on their laptops, and I've seen the shipment of the phones get repeatedly delayed. More recently, https://youtu.be/wKegmu0V75s showed up in my feed. I would recommend anyone considering purchasing from them watch that video, and do a little research into their security/openess claims, as well as customer satisfaction.

Again, I don't have the personal experience to say they are bad in anyway, but I don't want to see anyone get scammed, so I would recommend healthy skepticism and due diligence before making a purchase.

Since most phones (if not all), use an encrypted filesystem. With such, no service can't start if the device isn't initially unlocked after reboot, including Find my device.

Android developers can specify that their apps need to run before the pin is entered, via direct boot mode. This is how alarms still work, even if your phone takes an upgrade overnight, and restarts automatically as part of that process.

I can't say whether Google's Find My Device currently does this, but there is no technical reason it can't.

See https://youtu.be/GCVJsz7EODA and https://youtu.be/V82lHNsSPww

There are a few problems, but I believe the biggest issue is that .zip and .mov are valid and common file extensions, and it's common for people to write something like 'example dot zip' or 'attachment dot mov' in emails, tweets, etc. Things like email clients have features where they automatically convert text that looks like a web address into clickable links. So now, retroactively, all those emails etc suddenly have a link, where they used to just have text, and the domains that are equivalent to those previously benign file names are being purchased by nefarious actors to exploit people unaware of the issue.