Nice! We have made a Google Analytics alternative (getinsights.io) which is not linked there. Servers are still in the US unfortunately, although none of the data from the analytics is sent there. I'll create a PR to add it as an alternative if that's okay.
Does it? I would assume that means every single online interaction needs a consent banner, since sending a request over TCP includes, by it's nature, your IP address. I never dug too deep into GDPR or the like, since my own websites are all for personal use, and I'm not in charge of any of that stuff for work.
I kinda assumed that demanding consent before sending a user's IP would be technically impossible, given that you have to send it as part of the first request, before even being able to ask for permission? Ok, time to research this.
I keep forgetting that part of GDPR is the storage aspect. Unless it goes in a log (though it usually does,) it's not counted. A technical argument could be made that going into memory is storage, but at that point the above issue comes full force, so arguing it doesn't seem to make any sense.
This quote from the GDPR law is more relevant to your question:
> If the controller has the legal option to oblige the provider to hand over additional information which enable him to identify the user behind the IP address, this is also personal data. In addition, one must note that personal data need not be objective.
I haven't quite been able to fully adopt brave for several reasons, but one simple one is it's (seemingly) lack of no-script like granularity of js blocking.
I know it has the block script toggle, and can be expanded to each script file granularity - but those file-level allow/block toggles are not persistent.
How do you actually save that allowance of js scripts? It always ends in an endless loop for me of captchas that don't start, allowing them, then a stated change, then needing to allow again, etc.
I realize the answer is usually, 'dont use any js, because it's highly insecure' - but that's pretty difficult to do in today's age.
I wish websites were just html5 only most of the time :(
Nice. I was looking for an Email alternative based in a "non-eyes" country, but couldn't find anything except ProtonMail, which is fine from the privacy standpoint, but doesn't provide many features that one would expect from an Email provider.
In order to stay encrypted only subjects can be searched. With the bridge app, you can use imap through a desktop applications. I use thunderbird which also lets you search message content.
Fastmail has great calendar (CalDAV), contacts (whatever the open protocol for this is) support in addition to their e-mail. I migrated from Google Calendar & friends several years ago and have had no issues.
Another vote for this option being a viable, and dare I say good, one. In addition to the CalDAV, contacts and email you can use davx5[0] on Android to help with syncing to your (root-not-required) Android device.
This setup has worked well for me for a little under a year at this point.
I don't think there is anything out there yet, there are upload/sync platforms like syncthing or nextcloud, and web based photo managers like PhotoPrism, but I haven't heard of anything completely integrated like google photos.
Syncthing is much better than nextcloud IMO, worth trying that out for photos.
PhotoPrism seems a lot more polished and has some face/location tagging that sounds useful (I make frequent use of the search feature in Google Photos and will likely miss that feature the most).
While both have their own upload system internally, PhotoPrism has native integration with the PhotoSync (https://www.photosync-app.com/home.html) app for sycning, which seems promising.
Piwigo has support for a few different sync methods, and extensions for more. ymmv.
Hi, one of the founders of StoryArk (https://storyark.eu) here. Our product can be used as a Google Photos alternative, but our goal is more to be a journal of your life, which you can share with your friends and family.
It's not self-hosted, but it might be of interest to you nevertheless.
I initially wrote it to organize the boxes and boxes of old hard drives from the last 25 years of photos and videos that my family and I have taken.
PhotoStructure libraries are uniquely cross-platform and cross-machine, so you can import on your old windows box, sweep all the non-bitrotted files onto an external drive, take the drive to your Mac, run it there, and get a single, comprehensive directory with all your stuff. If you have a NAS, it's even easier: PhotoStructure supports libraries stored on remote filesystems, and it also runs in docker.
Currently I delegate the uploading task to external applications, like syncthing or Resilio Sync. Making everything automatic works well for my family, but may not be what you're looking for.
Note that I've open-sourced several components of PhotoStructure, but the application itself is commercial software. There are free and paid plans available.
Trying to click on links was awful in desktop firefox. There was a :hover effect that bolded the link and then moved it like 20-30px taking it out of the cursor.
When these things come up I always wonder, why do we believe what these services promise? For example, Duckduckgo is listed here and pretty much everywhere else as the best search engine for privacy, because they have a stated no-log policy. But there are no audits, and as far as I know we have no independent confirmation of this at all.
I find it odd because when it comes to VPNs, there are independent audits and other measures, such as hosting in non-compliant countries such as Switzerland, that at least add some level of evidence behind a company's claims.
True, but even then if the provider has some secret agreement with a government agency, you really have no way to trust a VPN provider. I'm also guessing that VPN providers are high priority for government agencies to find vulnerabilities that provides them access.
We don't, but we also don't use DuckDuckGo's products as the recovery email for hundreds of online services, as a tool to share and store team spreadsheets or as a storage for all of our pictures, or as a tracker that monitors our location 24/7.
So the worst they could do is spy on our search, they can't track everything we do with the hanging threat of destroying our entire digital life if we do something that its IA deems unacceptable.
I don't "believe" any of them. My use of other services rather than staying on The Google reservation is because it's always better to not put all your eggs in one basket; The Google can clobber your entire digital life out of nowhere and with little to no recourse. Although you know for a fact that Google has all your data and records everything you do, at least there's a chance with other smaller services that they are either keeping their word or are out of the jurisdiction of your particular law enforcement agency.
At the end of the day, there's no absolute trust towards any of them. When I'm on the internet, I'm assuming that someone with enough motivation can eventually get my data. Instead of rolling over and submitting to The Google, I at least enjoy forcing my potential enemies to go through a more complicated obstacle course.
Some queries will always be "personally identifiable" such as your name, ssn, telephone number or an IP address lookup or an address or GPS coordinates, etc.
Someone might hear ‘no tracking’ and think ‘privacy’, and they might be right in making the connection, but DDG never promises not to save some details about your searches. They just don’t serve up ads which are based on your browsing habits.
I still use them because this makes their operation way less perverted than Google’s in my opinion. That, and having (IMO) better search results which aren’t SEO’d to death, make it stand apart from Google Search in my view.
Over a number of years I have switched over from Google-everything to having a number of different accounts for different services, including paid email and domain registration. I wonder how a paid search engine would go in this world? - for now there are excellent search engines like DDG which are free, but I wonder how much a subscription for ad-free searching would cost?
51 comments
[ 5.6 ms ] story [ 148 ms ] threadDoesn't sending requests from users PC to your 3rd party server require consent as it sends the IP address of the visitor?
I kinda assumed that demanding consent before sending a user's IP would be technically impossible, given that you have to send it as part of the first request, before even being able to ask for permission? Ok, time to research this.
This quote from the GDPR law is more relevant to your question:
> If the controller has the legal option to oblige the provider to hand over additional information which enable him to identify the user behind the IP address, this is also personal data. In addition, one must note that personal data need not be objective.
I realize the answer is usually, 'dont use any js, because it's highly insecure' - but that's pretty difficult to do in today's age. I wish websites were just html5 only most of the time :(
Last time I checked, IMAP protocol was not available, which requires installing on ProtonMail app.
I’ve never seen this as an issue.
It's a classical security vs. convenience tradeoff.
I barely use desktop clients for email, except for backup. It's either web app or mobile app, and here Protonmail doesn't work for me.
My use case would be a trusted non-megacorp in non-eyes country with standard security. Something like for example Fastmail based in Switzerland.
This setup has worked well for me for a little under a year at this point.
[0]: https://www.davx5.com/
We are currently using Nextcloud, but the auto uploads often result in conflicts and Nextcloud in general runs very slowly on our small server.
Any ideas?
Syncthing is much better than nextcloud IMO, worth trying that out for photos.
- PhotoPrism - https://photoprism.app/
- Piwigo - https://piwigo.org/
PhotoPrism seems a lot more polished and has some face/location tagging that sounds useful (I make frequent use of the search feature in Google Photos and will likely miss that feature the most).
While both have their own upload system internally, PhotoPrism has native integration with the PhotoSync (https://www.photosync-app.com/home.html) app for sycning, which seems promising.
Piwigo has support for a few different sync methods, and extensions for more. ymmv.
I initially wrote it to organize the boxes and boxes of old hard drives from the last 25 years of photos and videos that my family and I have taken.
PhotoStructure libraries are uniquely cross-platform and cross-machine, so you can import on your old windows box, sweep all the non-bitrotted files onto an external drive, take the drive to your Mac, run it there, and get a single, comprehensive directory with all your stuff. If you have a NAS, it's even easier: PhotoStructure supports libraries stored on remote filesystems, and it also runs in docker.
Currently I delegate the uploading task to external applications, like syncthing or Resilio Sync. Making everything automatic works well for my family, but may not be what you're looking for.
Note that I've open-sourced several components of PhotoStructure, but the application itself is commercial software. There are free and paid plans available.
https://photostructure.com/faq/why-photostructure/
Using the site on my iPhone is torture.
I find it odd because when it comes to VPNs, there are independent audits and other measures, such as hosting in non-compliant countries such as Switzerland, that at least add some level of evidence behind a company's claims.
We don't, but we also don't use DuckDuckGo's products as the recovery email for hundreds of online services, as a tool to share and store team spreadsheets or as a storage for all of our pictures, or as a tracker that monitors our location 24/7.
So the worst they could do is spy on our search, they can't track everything we do with the hanging threat of destroying our entire digital life if we do something that its IA deems unacceptable.
At the end of the day, there's no absolute trust towards any of them. When I'm on the internet, I'm assuming that someone with enough motivation can eventually get my data. Instead of rolling over and submitting to The Google, I at least enjoy forcing my potential enemies to go through a more complicated obstacle course.
"We also save searches" in their https://duckduckgo.com/privacy policy
Some queries will always be "personally identifiable" such as your name, ssn, telephone number or an IP address lookup or an address or GPS coordinates, etc.
Someone might hear ‘no tracking’ and think ‘privacy’, and they might be right in making the connection, but DDG never promises not to save some details about your searches. They just don’t serve up ads which are based on your browsing habits.
I still use them because this makes their operation way less perverted than Google’s in my opinion. That, and having (IMO) better search results which aren’t SEO’d to death, make it stand apart from Google Search in my view.
Over a number of years I have switched over from Google-everything to having a number of different accounts for different services, including paid email and domain registration. I wonder how a paid search engine would go in this world? - for now there are excellent search engines like DDG which are free, but I wonder how much a subscription for ad-free searching would cost?
Degoogle: Cutting Google out of your life - https://news.ycombinator.com/item?id=24245817 - Aug 2020 (616 comments)
Google Search —> you.com
Gmail —> ProtonMail
Google Docs —> Notion