It's probably also media's fault for this. They only publish when a bad person does a bad thing on the internet with it, not all the millions of users who don't do bad things. That would be boring.

I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption

These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.

There is no way to do key distribution outside of Tutanota's service.

Probably another point is that the encryption for Matrix/Element has undergone multiple audits, one in 2016 and another one of their newer rust library. Whereas telegram just has not. There was this also a not too long ago. MTProto is also used nowhere else, whereas a lot of encryption has been influenced by the Double Ratchet which is well understood.

The other thing worth noting is that Matrix is the foundation for other products which many governments use for secure communications.

I certainly think so.

Even Windows or Chrome OS, provides quite a bit of "control" it's just that a lot of it is "opt out". Google does, for example record what YouTube videos you look at against a logged in account by default. Windows does have targeted advertising enabled by default.

I think privacy is really more about what you do on such platforms. If you use products (sites) that clearly have bad policies in regard to privacy then no OS is going to provide really all that much improvement.

Stopped reading at “storing my passwords on a db”. Even if you encrypt the data, is it not just plain better to use a generative algorithm for passwords instead that needs no cloud?

There are quite a few reasons why we don't recommend deterministic password managers and I have been meaning to write an article about it. There is a summary and further discussion in that thread.

Third party blog article which is still relevant https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers

keep in mind that uses the same method as adb pm uninstall which doesn't actually remove it from the system image, just the current user profile.

Just a reminder, we specifically recommend against Garuda due to their unsafe usage of Chaotic-AUR.

VPNs are still worth it for that purpose, particularly torrenting.. Not sure who is saying this but they are wrong.

Proton still has it with NAT-PMP which requires the use of py-natpmp on Linux.

There are other providers but these generally don't meet our requirements as they don't have open source clients or have no audits or are generally not as trustworthy.

WIndscribe also has ephemeral port forwarding and we are looking at adding that some time. Audits have now been completed and they are refactoring some iOS code, then it will be good to go.

Its because Burung Hantu (Marco Wollank) always wanted to use it to make money, whereas we just get what we get from OpenCollective, and none of the team withdraws out of that.

For us it's a labor of love, for the topic at hand, for him it's about the money. His blog post should tell you exactly that.

Privacy Guides is the only site you need out of the two. Privacy Tools is run by an SEO farmer, Marco Wollank (Burung Hantu), who has no useful information or ability whatsoever other than parrot he thinks will get him the clicks/followers. Some time ago, someone linked this "exposé" about his history, in our Matrix rooms and it makes complete sense.

It is something I suspected for a long time, as it was his first complaint "MY SEO".

That particular article is full of misinformation, lies and water muddying. There are bald-faced lies within that post including all of the rubbish about the donations which I addressed here and here.