You can’t just throw a 30 minute youtube link and expect people to watch it. At least give a gist of your point, and provide the video as extra context/depth.

very cool, I’ll have to look more into it

And they already do. Their mail service is more private than the other options. It would help if you outlined what you want

what remote desktop protocol do they use?

what security stuff?

I think either Bazaar or GNOME software center does tell you if an app asks for more permissions, I forgot which one though

So you thought this meant they would break the law? Nobody else expects that. There are more reasonable ways to interpret the messaging

from the start I asked for a company that obstructed court order. Show me where I moved goalposts

sounds like they complied with the court orders? Proton also doesn’t log IPs, unless ordered by court. I’m willing to bet that if a court ordered Mullvad to start logging all traffic, they would comply, at least until they were able to move jurisdictions or something

source? I have heard good things about Mullvad but I’m pretty sure they would not break laws

Very cool. I personally use a double wireguard network: a wireguard vpn at home for all my services, and then since my home network is behind a double NAT and impossible to access publicly, I use a second wireguard tunnel to a VPS, to forward traffic to my internal wireguard network. The only thing the VPS can see is encrypted wireguard packets.

Edit: it seems like this service is more for public or shared services (like a public blog), rather than private personal services, so wireguard is less of an option

If you’re a developer I recommend the stepsecurity article, a detailed breakdown of the attack. Some highlights about the nx-console attack:

• the malicious version of the extension was only up for 11 minutes before getting detected and taken down, but apparently that was enough to compromise a developer at Github
• portions of the malware were hosted on nx-console’s public Github repo, though hidden in a dangling orphaned commit
• data was exfiltrated through 3 channels, including using a victim’s Github credentials to publish the data on their own repos
• the malware looked for credentials like Github and AWS tokens, likely for future supply chain attacks, and may be the first to steal AI credentials (in this case Claude API)

From the bleepingcomputer article:

“As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free,” the cybercriminals said. “If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it”

The stealing of AI credentials reminds me of a lemmy post from last year: the first ai agent worm. Imagine a virus that uses AI agents to dynamically probe systems and evolve to spread through infrastructure, meanwhile stealing AI credentials to pay for the tokens that the agents are consuming, a self-funding AI virus!

name a VPN company that obstructed a federal court order

great read, though I still prefer css-in-js. Tailwind still uses css rules and syntax, and I find it clunky when trying to handle complex styling logic.