I didn't see your email for some reason, but we banned your account around the time that you posted https://news.ycombinator.com/item?id=47725717, which is obviously not ok to post to HN, regardless of who you're talking about.
What is the documentation about spy agency collabs? I've literally not heard of that. I've heard about them complying with requests that give away metadata and payment info based on court order.
At this point I see more suspicious rants from the people claiming proton is compromised than from the people who say "eh".
"If you went to a restaurant and it had Confederate flags and pro-slavery memorabilia on the walls, would you think: “Well, that’s just their political view, I don’t have to share it to eat here?”
Yes? If you go to the southern part of the United States, there are many restaurants with Confederate memorabilia and Confederate flags on the back of truck windows.
Some trucks even have hairy testicles hanging off the hitch haha!
If people get gender-affirming care for their trucks, that's their own business, but no, no I will not eat in a place with a Confederate flag.
I find the idea of venerating an ideology that held that it was ok to hold human beings in bondage from the moment of their birth to their death to be abhorrent.
My bad I misread your post. If GPT4all didn't work out, go with Aider. It’s a CLI tool, doesn't have a UI trying to proxy requests to a dev's server. You just point it at your local model (via Ollama or vLLM) and it stays in its lane. Since it’s Python-based, you can grep the source code to confirm there are no hidden update pings. If that's not for you, and you need the IDE experience, pick Continue. It’s the only one that handles air-gapped setups properly. You can manually install the .vsix file and kill all telemetry in the config.json. Unlike OpenCode, it doesn't try to be it’s just a bridge between your code and your model server. OpenCode failed because it’s basically "cloud-first" pretending to be local. Aider and Continue are actually built for what you want.
This was such a useful post, thank you have an upvote! I forgot about Aider.
I was looking into it but got distracted with other work, do you know if it does have any update checks or telemetry? I will check the source but I could miss something so I definitely want to ask people who have used it.
I think I also looked into Continue very briefly. I'm glad you put thos notes about it being more the IDE experience. Also for this one, does it come with instructions on a Github page or something on how to kill all spying/telemetry?
Thanks for the recommendation, I took a look and maybe you can answer a few questions that I couldn't find a clear answer when doing some quick searching.
Regarding local models, can it use them? I found this discussion:
I didn't appreciate the meow maintainer's attitude converting it into a discussion and ignoring the issue even to this day.
"It does have internal telemetry and such (including updating its list of external models it can use) that can be turned off in the crush.json configuration file."
Is there a page or guide which explains the telemetry and any internet connected settings?
My google-fu is failing me at the moment to cite sources, but here's an example ~/.config/crush/crush.json file (based on my own) showing the options to remove telemetry and provider auto updates, and the connection info to connect to a localhost model on an OpenAI-compatible endpoint:
That helps a lot being able to see an example, thanks!
I don't know why all of these tools make it so hard to find the info to disable the telemetry/spying it's not just this one.
Regarding the formatting, I have no idea haha but there is a small "help" button on the bottom right next to the comment. Yes yes, I'm sure it won't help much.
Alternatively, possibly asking an LLM might help. It was able to link me the other day to a comment between a user complaining to the mod about the posting cool down period. I was able to learn that it can be disabled per account.
Session was Australian based which means they would have to do all sorts of horrible things when asked by the government, such as even letting police impersonate users...
I just checked and they claim to have moved their infra to Switzerland.
There are many other issues, some I've forgotten about since I would never trust it in the first place. They also require a phone number even!
Seeing them go, I feel neutral. It's always good to have more anonymity software, just not this for me.
From your link, it explains that they have to Switzerland:
"The developer of Session, an encrypted messaging app, has moved operations to Switzerland as ‘being in Australia just threatened our credibility as a privacy tool’."
What else in particular are you talking about?
With the phone number, I may have not remembered correctly for this particular software. If I could edit my comment, I would add a note.
But when going to the FAQ link I remembered how bad this piece of software was especially promoting cryptocurrency. I would never want a messenger to promote crypto, such a "Signal"
No? Where did you get this from? I have used the app and was never asked anything. I was given an id I could share with others and that's it. Very simple. I wish more apps had this easy onboarding process.
No legal mechanism with such breadth exists in Australia. There was a great deal of overblown media reporting but the law [0] makes it explicitly clear that any request that requires a "systemic weakness", "systemic vulnerability" or anything of the like is null and void. Those terms are defined [1]. Note that it doesn't say the government can't request such a thing, it says that such a request "has no effect". It's simply dead on arrival.
My understanding is that the government could compel Facebook to publish a version of WhatsApp with a special mode that sends all messages to the police if the user ID is 1234567. This introduces a vulnerability but it is limited to one specific person. If your user ID is not 1234567, you're completely unaffected.
However my understanding is that the government cannot compel Facebook to compel a version of WhatsApp that, when it receives a special message, silently starts sending plaintext copies of every other message it receives to the police. Such a mechanism would be a systematic weakness that affects people other than those for which a warrant has been issued, so the notice would "have no effect".
The government could also not compel a source-available app with verifiable builds to stop distributing them so that it can add a secret user ID branch like the one I mentioned above for WhatsApp.
Posted this earlier from a throwaway since my account wasn't able to reply for some odd reason and it was marked as dead:
Hello Jason!
I want to first thank you for all of your hard work developing Wireguard.
If I can find someone who is willing to put their name on it to help I definitely will, the problem is the spy agencies don't want your project to exist. It makes it harder to put resources to this. I've worked in security departments of certain companies and saw everything you could imagine.
Same for Mounir over at Veracrypt.
Both of you are developing some of the most important software that exists today.
Keep doing what you are doing by keeping everything in the open. User trust almost doesn't exist for these type of projects. Any hint of an issue would wipe that out in seconds.
This leads me to one question I do have for you zx2c4:
Why does Wireguard attempt to contact your servers and auto update on Android with no toggle to turn this off? It's a threat to everyone. Maybe it also does this on other platforms but I haven't tested them all.
I can think of reasons as to why you did this, none nefarious, but still it would be nice if you included that option so I don't have to patch each update to turn this off.
Any American's I've spoke to either are so sick of wars and of course don't want this or they actively oppose it.
The only people you find wanting this war is israelis and their kind. They sit back and relax while having their blackmail controlled, ancient, American politicians do all of the dirty work while sending their sons and daughters to die for isreal.
All Americans I have met had the same discourse: "I am ashamed, it's a pity Trump is in power, it's hard for us too, we don't support him", etc. I am rather sick of it.
A democracy is not an "us versus them" system, it's a closed loop. One cannot hide behind "these imbeciles votted for him and I am held hostage by their ignorance". Pros and antis Trump are equally responsible for his election.
Maybe if the US was not such an individualistic country, with growing educational and wealth inequality, half the population wouldn't have voted for exploding the status quo.
Politicians are no more corrupt than the population not impeaching them.
The US is basically in a streak of blatantly stealing resources of other countries, mafia style, and we are long past the point where the population can argue "we didnt know, we thought they had weapons of mass destruction, I am so against it".
Thanks.
reply