I think it depends on which community (instance) you’re trying to post. Some instances are blocking VPNs, e.g. lemmy.world. I assume you’ve already tried but try switching to a different VPN server.

Lemmy. world blocks VPNs - https://lemmy.world/post/12979118

It’s not a backdoor, it just enabled Firefox’s remote debugging tool by default

Just? I’m sorry but that’s just a terrible mistake to make, especially for a browser that people use to surf the world wild web. I don’t know if you’ve ever used a remote debugger (I do), but depending on the debugger, it can be a very powerful tool, you can do a lot of things with it. I don’t think calling it a backdoor is a massive exaggeration. I don’t doubt the developer’s good intention, but this issue shouldn’t be dismissed as an insignificant issue.

To add insult to the injury, it didn’t even prompt the user for it.

Zen is as secure as firefox is.

Unless you tweak the default Firefox settings in the code base, e.g. https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258 (allow unsigned extensions by default).

I agree, it also has some serious security issues: https://github.com/zen-browser/desktop/pull/927

The developer’s comment reveals that it has been there since the inception of the project. And there are even more privacy / security issues mentioned in the comments.

Unfortunately Zen browser gets a big fat no from me. 🫤

Exactly. Also, there was a post a few days ago about google secretly installing an app on Android phones, something to do with automatically blurring nsfw images in messages. Who knows what else it is capable of, or if there’s software on our phones that won’t show up anywhere (list of apps, running processes, etc.).

Interesting times…

I agree with using open source software, but the source code of said chat apps is just one part of the equation.

AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn’t really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).

I suspect it’s the latter one. The book titled “The Hacker and the State” goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.

Obsidian asks for the permission upon first launch, but if you don’t give it access it won’t work at all (it’s a required permission for the app).

you can use an android firewall to block Internet access from the app

True, however, AFAIK if your phone is not rooted, you can’t have a firewall and VPN running at the same time (the firewalls I’ve seen must be configured as VPN).

not the privileges that obsidian has

Also true, although Obsidian has access to that shared storage, and therefore, Obsidian being closed source, you have no way of knowing what they do with the files other apps create in that storage directory. I’m not saying they are acting maliciously, but I don’t like this approach (software vulnerabilities, supply chain attacks, etc.). The devs recognized the issue in another thread, but there’s no solution to the problem as of yet.

I’d love to use this setup, however, the Obsidian Android app requires a kind of file access that is concerning:

Obsdian uses a shared location “/Documents” so that other apps can access the files (e.g. third party sync services) or add stuff.

https://forum.obsidian.md/t/fr-make-obsidian-work-on-android-without-asking-for-storage-permissions/19360

It’s a no-go for me. :/

Although I still watch YouTube videos (using Freetube on desktop, Newpipe on mobile), I recently joined Nebula.tv + curiosity stream.