at least you could keep their reviews so users could at least know if the app can be trusted.

You mean, don’t trust a flatpak uploaded by a random person, but if there are enough fake reviews, it can be trusted?

There is no reason to “hate” Ubuntu but there are better choices.

What are those better choices then (for those who currently use the non-LTS Ubuntu releases and don’t want to move to rolling releases or LTS-only releases)?

I still think Ubuntu is the best option (particularly if you want to use the non-LTS releases)

Having said that I do hate snaps and also dislike flatpaks. So what I do is just use the Firefox deb package from the PPA and the chromium package from Linux Mint. Oh, and I have actually replaced ubuntu-advantage-tools with a no-op dummy package.

Only issue is they’re stored in my server as belonging to the server user (I assume everything in those directories should belong to root and I can just use chown?) But I also don’t know if they retain the same permissions when backed up.

Not everything will be owned by root, and some of the binaries will be setuid or setgid, some might even have extended attributes (e.g. ping will usually have a security.capability attribute). /var will also have a lot of different owners.

“secure alternative”? Others are not secure?

Pretty much anything that’s only available via an app store. The difference with web apps is that I can also use them on a laptop/PC and I have a bit more control about tracking (by using ad/tracking blockers).

not being forced to have an Android or Apple smartphone, so more open standards and just Web apps instead of proprietary apps

replaced it myself - it’s not actually that difficult to do

I actually replaced the display twice already (got a replacement from Aliexpress for around $16) - first time because the touchscreen failed and second time because I smashed it.

Sony z3c with FirefoxOS and a Samsung A5 with Tizen

And mainline Linux and a Linux Desktop is still struggling today with power management. Like getting chat messages while it’s asleep.

And the really sad thing is that the power management improvements devs have been working on for the PinePhone are really very specific to that particular device and don’t help mobile Linux in general (so it’s basically wasted effort).

Only public keys get exchanged via Meta’s servers, those keys don’t help you with trying to decrypt any messages (you need the corresponding private key to decrypt - and that private key stays on the device).

Sure, they could just do a man in the middle, but that can be detected by verifying the keys (once, via another channel).

Maybe so, but in this case the point was that the protocol used by WhatsApp hasn’t changed in that time and it’s still what they describe in their security whitepaper. If you want to use that software as is or maybe reimplement it based on that is up to you.

Governments, if they want, can decrypt any chat

Any source for that claim?

In a subpoena case in India, that turned out to be not true.

Source please.

WhatsApp admins hold keys to being able to do that under law pressure.

How do they get the keys?

They only guarantee it for 1-1 messages and statuses, and against “generic” actors for group chats…

Who is “they”?

Group chats are also end-to-end encrypted in WhatsApp (so any monitoring would need to be done in cooperation with one of the participants’ devices before encryption or after decryption)

declassified internal FBI document I just linked

don’t see any such link

It still works (with a few minor updates).

yowsup is an Open Source implementation of the WhatsApp protocol. So there is proper end-to-end encryption on the protocol level - that would only leave the possibility of having a backdoor in the “official” WhatsApp client, but none has been found so far. BTW, people do actually (try to) decompile the WhatsApp client (or the WhatsApp Web client which implements the same protocol and functionality) and look what it is doing.

For anyone really curious, it’s not too difficult to hook into the WhatsApp Web client with your web browsers Javascript debugger and see what messages are sent.

Jed when you want a simple, Emacs-like editor.