Oh, I misunderstood. My bad!

Caldav is not an app, it's a standard 🤔

WhatsApp cannot be trusted, not because it belongs to Meta, but because we cannot see the source code.

You can fetch, audit and compile the Signal sources. And read opinions of many cryptographers about the Signal protocol.

Why would the jurisdiction matter if you have access to the source code?

I don't think that there is any lock-in there: on vanilla Android you shoud be able to install Nextcloud apps and connect to your Murena cloud.

I have tried it though, I'd be curious to know if that's correct :-).

I believe that the Murena project provides different things: Murena phones that come with /e/OS, and the Murena Cloud. If I'm not mistaking, Murena Cloud is an instance of Nextcloud. /e/OS provides a Nextcloud integration while vanilla Android doesn't. And there are Nextcloud apps on the Play Store.

Makes sense, somehow I associated the web stuff to a remote server :-).

And the tech is cool of course, I was just curious about the use-case!

Also the gameranx article is saying very weird stuff about 2FA (seems like they don't understand how it works) and disk encryption (I don't understand what they are talking about).

For the record, because the gameranx article above is very confusing: "The dataset contains phone numbers and (expired) one-time codes, but no references to access data such as usernames, Steam IDs, or even password hashes" and "this was NOT a breach of the Steam systems"

But if the attacker compromises the server, can't they "just" wait until the client mounts the ZFS volume and read it then? I guess my question is: in practice is it valuable to make the attacker wait until the user becomes active?

I see it from the user's perspective. GPL says "I give my code for free under the condition that the user can access and potentially modify the resulting program". It's trying to defend the users, not the devs.

And in that sense, proprietary is very different. And permissive cares about the devs.

Hetzner Storage Box (Nextcloud unter der Haube). Deutschland oder Finnland, falls sie das Produkt in Helsinki anbieten, was ich grad nicht weiß.

How does age-plugin-fido2prf compare with age-plugin-yubikey? Is the former replacing the latter?

Well if it's about security, the best is GrapheneOS. And AOSP ROMs are better than Linux mobile OSes.

Now on the other hand, AOSP is more secure than Linux phones. Which I think is a valid concern (it does matter to me).

I just feels like there are different philosophies. I think that using an AOSP ROM works as "not supporting Google", while admittedly it's "depending on Google" to some extent. Feels less problematic than Chromium to me.

It's also possible to use one of the other AOSP-based systems like CalyxOS, /e/OS or LineageOS without relying on the Google Services. Linux phones are very different from Android, those aren't.

I use both OSMAnd and OrganicMaps, depending on the use case.

Regarding Android, note that there are alternatives based on AOSP (like GrapheneOS or LineageOS and many others).