If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.

PSA: There’s no way to disable encryption in Signal.

I still can’t imagine any better reason.

“but I like Windows”

I can’t imagine any better reason to use Windows than that.

It’s never really about the price, it’s about the convenience.

Would it not be easy for them to block access to VPNs if they outlaw them?

Not necessarily. It’s reasonably easy to keep long lists of known IP address ranges of known VPN providers and block access to these, but VPN traffic to a not well known IP address is generally impossible to distinguish from perfectly legal encrypted traffic such as a VPN connection to a corporate intranet. (There are also VPN protocols that are made deliberately hard to identify at all.)

Is there any reason to do full disk encryption, vs encrypting a single partiton or a folder with eCryptfs?

One obvious reason is that it just is very simple to encrypt the entire disk and be done with it.

deleted by creator

deleted by creator

A gallon is either 4.5 ℓ in the UK or 3.8 ℓ in the US, or it might be used figuratively to just mean “a lot”.

I have no idea what that even means.

But why?

Is what jurisdiction is that legal!?

Love.

I had no idea that people put this amount of thought into walking.

Do you all have important URLs with Unicode characters?

Yes.

I wouldn’t expect them to succeed 100%

Me neither, but I find that path to be much more likely to be successful than hoping that “people would have the opportunity to become familiar with the correct fingerprint over time and have a chance to notice a difference” would ever have any meaningful impact.

For most security - centric websites, the right name is ASCII only.

Are you perhaps by any chance American?

I’m curious to hear if you think there is a better way.

I think a much better solution would be to shield end users from this problem entirely, by having all registries refuse to register such confusable names, as recommended by Unicode:

https://www.unicode.org/reports/tr46/tr46-34.html#Registries

But that line of reasoning presupposes both that the right name is in ASCII and that the user knows this. As soon as either one of those isn’t true, showing the Punycode no longer is of any help in determining which one is the right one.

But how would an average user know that xn--googe-hof.com isn’t the right one?

Note that everything outside of ASCII gets encoded in Punycode, so this also includes most languages written in the Latin script.

I’m unsure how that’d be useful to any normal user. Let’s say the UI shows something like this:

A.com
Α.com (xn--mxa.com)
А.com (xn--80a.com)

What’s the user supposed to do with that information, how would showing the Punycode here help any normal user determine which one of these domains is the right one that they want to visit?

Helping users identify the right domain name and avoid being deceived is surely a very important thing to do, I just find it hard to see how having users read Punycode would ever be a practically useful way to achieve that.