Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add additional information #2112

Closed
wants to merge 1 commit into from
Closed

Conversation

jermanuts
Copy link
Contributor

@jermanuts jermanuts commented Apr 5, 2023

Changes proposed in this PR:

  • I have disclosed any relevant conflicts of interest in my post.
  • I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
  • I am the sole author of this work.
  • I agree to the Community Code of Conduct.

@netlify
Copy link

netlify bot commented Apr 5, 2023

Deploy Preview for privacyguides ready!

Name Link
🔨 Latest commit e304373
🔍 Latest deploy log https://app.netlify.com/sites/privacyguides/deploys/6430636fe808cb0008dc476f
😎 Deploy Preview https://deploy-preview-2112--privacyguides.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

README.md Outdated Show resolved Hide resolved
@jonaharagon jonaharagon changed the title fix Readme dead/non-existing links Fix broken links Apr 5, 2023
jonaharagon
jonaharagon previously approved these changes Apr 5, 2023
@jonaharagon jonaharagon enabled auto-merge (squash) April 5, 2023 17:56
auto-merge was automatically disabled April 6, 2023 11:43

Head branch was pushed to by a user without write access

@jonaharagon jonaharagon dismissed their stale review April 6, 2023 12:49

Outdated approval, additional links added

jonaharagon added a commit that referenced this pull request Apr 7, 2023
Co-Authored-By: jermanuts <109705802+jermanuts@users.noreply.github.com>
jonaharagon added a commit that referenced this pull request Apr 7, 2023
Co-Authored-By: jermanuts <109705802+jermanuts@users.noreply.github.com>
@jonaharagon jonaharagon changed the title Fix broken links Add additional information Apr 7, 2023
Copy link
Member

@jonaharagon jonaharagon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes from your original PR were merged in b074ed9 - I don't think that these additional links really add substance to the site, and I don't think we could consider many of them to really be "reliable sources."

@jermanuts
Copy link
Contributor Author

jermanuts commented Apr 7, 2023

I don't think we could consider many of them to really be "reliable sources."

Could you be more specific?

I picked articles where there is no security vulnerability to be patched, but rather insecurity by design. Specifically, Pass and deterministic password managers (there's an issue opened for it)

It's important to note that these financial services are not anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information.

"Privacy”.com–Yeah Right" proves cases where privacy.com ask for your ID (which happens too often).


## Related Email security Information

- [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html)
Copy link
Member

@dngray dngray Apr 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really dislike these Latacora articles, because they labor about "email security" and suggest things (Signal), which are not email. This is not helpful when you want email-styled/compatible providers as opposed to a transient instant messenger protocol the other recipient may not even use. We cover enough of that with the warning at the top of the page.

As far as email encryption across multiple providers go, PGP is and remains currently the only option, unless you opt for "form" based emails on the provider's server. I think providers like Proton and clients like Thunderbird have done a lot of work in making that usable for most people.

@jonaharagon
Copy link
Member

proves cases where privacy.com ask for your ID

We already say this is the case on the website, so I don't know what value this adds. @dngray mentioned an issue with the other articles about email. In terms of reliability, these seem to be mostly blogs which are either non-independent or just generally can't be trusted: anyone can claim to be an expert on their blog.

Generally speaking though, after talking this through with the team I think we want to move away from "related links" sections and clean up or remove the ones we do have, not add additional ones. If information is important, we should be adding it to the site directly.

@jonaharagon jonaharagon closed this Apr 8, 2023

## Related Passwords Information

- [4 fatal flaws in deterministic password managers](https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't list any of these currently, and they by far are not very popular. IMHO not worth mentioning.

## Related Passwords Information

- [4 fatal flaws in deterministic password managers](https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers)
- [(In)Security of the "Pass" password manager](https://rot256.dev/post/pass/)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't recommend pass, but we do recommend gopass. While this does have some of the issues mentioned, its rather obvious. We mention this is still useful as a very cut-down manager for scripting applications.

@jonaharagon jonaharagon mentioned this pull request Apr 8, 2023
4 tasks
@@ -75,3 +75,4 @@ For situations like these, or if you have another compelling reason, the VPN pro
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
- [Who owns your data? A VPN Relationship Map](https://blog.windscribe.com/the-vpn-relationship-map/)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think this is one we could incorporate into the page.

@dngray
Copy link
Member

dngray commented Apr 8, 2023

We already say this is the case on the website, so I don't know what value this adds.

Indeed. Don't think this is worth adding. Privacy.com is not intended to make your purchases anonymous simply shield your credit card number from merchants. Financial industry does have regulation, especially payment providers like Visa and Mastercard, so this is to be expected. I do not think that blog article is worth adding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants