Interesting discussion about this on the OpenStreetMap forums.

The resolution is introducing “official_name” tags, referencing “en_us”, because “en” is not just the U.S.:

https://community.openstreetmap.org/t/gulf-of-america-gulf-of-mexico/124571/11

So when OsmAnd or OrganicMaps start to support them, maybe your locale settings will change the displayed name there as well.

Current description of that node: https://www.openstreetmap.org/node/305639190/history/80

So maybe that could be a reason for everyone around the world to stop using en_US locale settings. XD

There are different degrees of vendor lock in. If you use email (or Matrix) with a domain, you have no control over, you are soft-locked it. You can buy a domain, self-host or pay for a managed service and inform everyone that you are now reachable over some other address, but nobody else has to change.

If you use Signal (or Discord or whatever) and want to switch to a different domain. You cannot. If you switch to a different protocol, everyone in your contacts has to switch as well, or you lose that contact. The network effect forces you into the service of one provider. The only way out of there would be if the service get so bad, that a critical mass leaves, but you will have to deal with that bad service all the way.

As long as financial interest are there, non-federated services will sooner or later start to enshittyfy. So if you choose a communication medium, choose something that leaves your options open. If you don’t like Matrix, try XMPP, it has come a long way as well.

Matrix?

IMO the whole “metadata insecurity” stuff about Matrix is over exaggerated. Also Matrix is improving there.

If metadata security is really that important, you could try Tox or similar P2P chats.

AFAIK, Signal does not want anyone to use alternative clients, has that changed?

As far as I know moxie, signals lead dev, considers only the use of the officially build and distributed client authorized to use their servers.

So if they ever manage to detect someone using their services with an alternative client, they might delete your account.

https://techcrunch.com/2016/11/07/signal-app-maker-rebuts-criticism-of-dev-direction-by-calling-for-more-community-help/

Well, you can still insert client side decryption into the app.

But it isn’t really about the messages, it is about the control of the servers and the accounts. You cannot easily move away from their servers, because you will lose your contacts. This gives the people controlling the servers power over you. A sort of vendor lockin.

The company (Signal Messenger LLC) is fully owned by Signal Foundation, a 501©3 non profit organization.

OpenAI is also non-profit. Not really an argument.

Probably around 80-90% of Matrix users are on the matrix.org homeserver, so it’s absolutely not as decentralized and resilient as you think it is.

Well, the goal is that moving to your own server, will not mean that you will loose access to all your contacts. Which makes moving instances much simpler. If Matrix gets a hostile take-over, your don’t really need to reach a critical mass for an alternative server.

But you should also be aware that Signal does not federate, so the company can be bought. They have control over all accounts and the servers, without easy way to migrate away again. So it might just be another trap.

Try to use federated services (like matrix), they are more robust against hostile take overs.

If ARM is a small market, RISC-V is even smaller.

I personally like when boundaries are pushed, and welcome more independence on x86.

Exactly right. However all the downsides you have when doing that sort of defeats the purpose. So a GrapheneOS native way to control your device would be nice.

I am currently using a rooted LOS with MicroG. It certainly is not as secure as GrapheneOS in terms of app sandboxing, encryption, regular security updates, etc., but I have control of the system, in case I need it, for instance ACC, F-droid privilege extension (F-Droid auto updates), ReVanced Manager (not using it currently) etc.

I trust GrapheneOS much more than Apple, but both go into a similar direction with their understanding of security. IMO taking control away from the user might be a good option, if you are dealing with just regular consumers, but I don’t really like the “one-size-fits-all” approach of it. And it is my device, I should be allowed to decide what I want to do with it.

BTW, this is just a personal annoyance of mine. The GrapheneOS devs do a very good job.

I would like to switch, but there are a couple of points that are still holding me back right now:

• Charge limits, on LOS I can root the phone, install ACC and still use the OTA updates, if I apply the patch afterwards. (Will be resolved in A15)

• Option for sandboxed MicroG, IMO privacy is also very important for security, and people should be able to decide if they like more privacy or more security.

• Option for rooting sandboxed apps from outside. IMO I, and a person, like to have full control over my phone. Trust often comes with control. If I choose to trust one app to have root access to another app in order to inspect it, then this should be possible. Sandboxing could allow one app to have root access to individually chosen other apps, thus limiting the impact compared to system-wide root access. Maybe offer rooting gated behind a separate hardware token authentication. (sudo like) A lot there can be improved IMO, while still providing it and making it more secure in general.

I know that my understanding of security and privacy might be different from what GrapheneOS understands, but as a long time Linux Admin, I don’t like black boxes, I like to peek into them, modify or patch them, when they do something I don’t want them to do, etc. So that when I enter personal information into them, I am still in control what happens to them, at least that is my desire.

Taking control away from the user in order to “improve security” might be a valid approach to some, but it is not something I have much trust in.