For me, it's too late. I've already set up TrueNAS, and I found it a lot more user-friendly than I expected. Particularly now that ZFS AnyRaid is making good progress, I don't see myself going back to Synology.
"Links to" is doing a lot of work in that sentence. ProtonVPN is owned by Proton, which has no legal ownership ties with Tesonet. During Proton's expansion into Eastern Europe, Tesonet initially assisted Proton with HR, payroll, and local regulation, so for a period of time, people working for Proton were employed by Tesonet, since Proton had no local subsidiary that could hire them. These were not "shared employees", they worked exclusively for Proton.
In 2016, Proton created its own subsidiary, and these people are now employed by Proton. But for this historical reason, the ProtonVPN keystore on Android still lists Tesonet as the organization name, even though it is fully controlled by Proton.
None of this is "debunking"; these are just the facts. You can make of them what you will, but you should be honest about what actually happened when you talk about it.
I've been part of a European startup that added offices in Asia and the US, and we initially always partnered with local companies to do this. It's mutually beneficial. It allowed us to grow more quickly, and it allowed them to make relatively easy money (and, in our case, to dump some of their shittier employees on us without us knowing).
In Proton's case, they already knew each other because Tesonet had previously offered to provide infrastructure during a DDoS attack against Proton.
So maybe it's a conspiracy, or maybe it's just how things go. You can make up your own mind, but you should provide the facts when you make sinister insinuations.
I would assume that if they were astroturfing, they would be smart enough to use more than one account. Given that, I'm inclined to believe that you are part of an astroturfing campaign.
The summary is: if you use someone’s VPN, Tor, etc. you’re just setting yourself up. There is no privacy, and if you act like you want privacy, they’re going to pay more attention to you.
> "Links to" is doing a lot of work in that sentence.
How? it is obvious.
> During Proton's expansion into Eastern Europe, Tesonet initially assisted Proton with HR, payroll, and local regulation, so for a period of time, people working for Proton were employed by Tesonet, since Proton had no local subsidiary that could hire them. These were not "shared employees", they worked exclusively for Proton.
So basically same people managed teams, same people paid the employes, but my "Links to" is doing heavy lifting and in the previous sentence you say "ProtonVPN is owned by Proton, which has no legal ownership ties with Tesonet."? Who is doing the heavy lifting here?
How much is Tesonet or Proton paying you to post in here?
> How much is Tesonet or Proton paying you to post in here?
Sadly, they're not paying me anything, but I would suggest that any belief system in which information contradictory to your belief reinforces your belief is inherently problematic.
> so for a period of time, people working for Proton were employed by Tesonet, since Proton had no local subsidiary that could hire them. These were not "shared employees", they worked exclusively for Proton.
In 2016, Proton created its own subsidiary, and these people are now employed by Proton. But for this historical reason, the ProtonVPN keystore on Android still lists Tesonet as the organization name, even though it is fully controlled by Proton.
So either:
1. Tesonet/Nord are loose with their private keys.
2. Proton isn’t being truthful.
Anyone who understands crypto and key management knows “not your keys, not your _____.”
If those staffers worked for Proton and not Nord, why did they have Nord’s key?
This level of negligence with private key management really can’t be explained away.
I suppose you're free not to believe them, but I'm unsure what exactly you believe is happening here and what exactly Proton is lying about. Tesonet secretly owns them and has been running a decades-long misinformation campaign to trick you into thinking they don't? To what end? It's not like Tesonet is some nefarious company we should all be afraid of. What would they gain from lying about this if it were true?
And how can they make such an obvious mistake with their certs and then not make another one for the next decade? It's just not plausible.
At some point, you've gotta use some common sense.
My comment still applies regardless of any level of “explaining” [1]:
1. Either Nord/Teso are loose with keys (horrible)
Or
2. Proton isn’t being truthful.
I don’t think it’s a conspiracy or anything that it is Tesonet/Nord. Rather, the problem is you cannot trust someone with your privacy if they can’t even manage their own keys.
[1] The explanation is poor at best and doesn’t explain why they worked so hard to try to delete all of the evidence (all of which was archived already). Additionally, nothing can explain away the lack of security with key management across these two orgs.
They worked pretty hard as detailed in an archived article changing names and any records they could [1], but you're right - not good enough [2].
As pointed out on this reddit post [3], Proton's appears to contradict itself a number of times.
It's a good thing trust based VPN's are obsolete. After all, trust isn't constant [4] as seen in this article showing how Proton supplied IP addresses to "authorities."
You're on the Internet. How are you surprised that someone is repeatedly responding in a thread about a very obscure topic, especially when people are posting conspiracy theories?
It's interesting to have these discussions. But it is funny that people's conspiratorial thinking now makes me a part of the conspiracy merely for pointing out easily verifiable facts.
>What is your relationship to either company?
I subscribe to Proton's services, so I was originally interested in finding out what actually happened. Now I'm interested in pointing out people's flawed reasoning because I think Proton is doing something valuable, and I don't want these attacks against them to go unanswered.
Since we're now part of this thread, as the attack on Proton was orchestrated initially by a competitor and seemed to use bot accounts on Twitter, how much do they pay you to try to discredit me?
Just kidding, see above. You and I, we are the same. We do it because it is interesting.
I'll guess that the remaining 10% will take more than another 90%, and also that it will keep growing as time goes on. Web standards are becoming more complex every day.
This is one huge blindspot in the web spec process in my opinion. Any new spec is considered on the context of existing browsers and very little consideration seems to be given to the scope of the web standards as a whole.
saying 'no' is the key to good software design, but in standards you can only 'champion' proposals — you can't champion the _lack_ of a proposal. the best you can hope for is inertia.
in my experience the only feedback that is welcome is around the details of an idea, never around whether the idea has merit in the first place, and you should expect to be reminded that implementers are the only people whose opinions actually matter.
--- end quote ---
and someone else in the same conversation:
--- start quote ---
You can't practically anti-champion standards that are small improvements to features that ought to have been abandoned, like Shadow DOM. Shadow DOM sucks, but it sucked a little less when they added CSS Module Scripts, Selection.getComposedRanges(), ElementInternals.shadowRoot…
Perhaps there should be levels of conformance and important businesses and government platforms should be required to work on all browsers that support at least level X, where level X is not everything and the kitchen sink, but really only the minimal stuff. No SPA, just forms and such basic things, accessibility should be very high and mandatory etc.
> Had the person who evaluated my girlfriend not evaluated seriously or just sent her off that could’ve been her
Everybody did well in that instance, including you. Many people won't advocate for themselves, so having someone around who will do it for them is incredibly important.
I'm not sure if physical products are analogous to internet services. If all it took to vacuum your house was typing "Hoover" into a browser, and everyone called vacuums "a Hoover," then I would expect Hoover to have 90% of the vacuum market share.
But since buying a vacuum usually involves going to a store, looking at available devices, and paying for them, the value of a brand name is less significant.
Pre-pandemic, at least in my social circles, "Skype" was the term for video calling. "Hey, wanna Skype?" and we'd hop on a discord call.
Post-pandemic, at work and such, "Zoom" has become synonymous for work call. Whether it's via Slack or Google Meet, or even Zoom, we use the term Zoom.
I don't know what the market share is on Skype (Pre-pandemic) or Zoom, but these common terms appear to exist for software.
I've been using Immich for a year now and haven't lost a single image.
Having said that, if you self-host something like this, you're responsible for making backups. The actual photos uploaded to Immich are stored in the file system as regular files. Any other data that Immich can't easily recreate is stored in Postgres, which it automatically dumps once a day. So if you back up your image files and your Postgres dumps, you can always recreate your library.
All relevant files are stored in your UPLOAD_LOCATION which you defined in your .env file (if you deployed immich via Docker Compose). The files you absolutely need to back up are in:
- UPLOAD_LOCATION/upload ← Contains your images
- UPLOAD_LOCATION/backups ← Contains your postgres dumps
You should also back up these two directories:
- UPLOAD_LOCATION/library
- UPLOAD_LOCATION/profile
They're not strictly necessary, but it makes it easier to restore the same setup.
This is exactly the problem. You can't build bridges if the threat model is thousands of attacks every second in thousands of different ways you can't even fully predict yet.
reply