This happens when YouTube blocks or rate limits your IP address to prevent bot activity.

Yeah, I’m actually a bot working for the NSA, sorry.

That markup work to try to hide what’s on your laptop doesn’t work, and someone can easily see what’s on your screen from this photo. You should use an actual box or do what you did with the emoji to cover sensitive info.

What specifically do you dislike about zsh?

Now, EPFL researchers… have released new software that allows users to download open-source AI models and use them locally, with no need for the cloud to answer questions or complete tasks.

It’s cool that they got LLMs running on local clusters of computers, but with the way it’s written, they make it sound like people have not already been using local LLMs for a long time (including GPT-OSS 120B).

The safest way would be to get AppVerifier and check the original developer’s signature

Okay, that’s a fair reason to use Gemini.

If you are trying to cater to people with a specifically “high threat model” (who are going to want zero-trust privacy protections), then the journals are an issue you’ll have to somehow address.

Even if a user does not type full details like their name, small things like “I got banana ice cream today” and “I went for a night drive” can build a detailed profile over time, which even if ephemeral could be correlated using the database if that is sent for every query.

It’s important to note that the Vivaldi browser is proprietary software

If Gemini truly can’t see PII (no way to add “notes” for example) then I don’t think that would be too big of a concern for most people, at least for those who don’t have a distain for LLMs in the first place. Though I do feel that people with “high threat models” (would be good to be precise about what a “high threat model” is in this instance) would prefer to have a local app that interfaces with a local Ollama API, rather than an internet-connected service.

What precisely is Gemini “calculating” here and why can’t its function be replaced on a lightweight local LLM?

Edit: After reading the information from the website, it sounds like there are a lot of opportunities for users to accidentally identify themselves to AI providers or open up de-anonymization attack vectors. If I were very concerned about my identity being linked to my recovery behavior, I would probably not use this service as it is now.

No, it does not. mysearchengine.co/homepage literally redirects to the domain that the user mentioned.

It’s possible that the domain for the search engine you were using got sold. You’ll have to find a new one.

Okay. Well, in this case it would probably be a good idea to at least have the update process also verify developer signatures, since otherwise it’s not only trust on first visit, but trust every update.

And yeah, I agree that a standalone package might be a good solution, as long as it is signed.

If the user trusts the server to serve safe JavaScript each time they connect with an empty cache (which is cleared often for privacy-conscious users), I’m not sure how this adopts a very different security posture from the Trust On First Use security model that’s used by many other apps, even if the app itself implements secure MITM mitigations using data from shared links.

When you have an app with dedicated updates, it is possible to verify that it is genuinely from the developer or maintainer. Web browsers’ certificate validation protects against connecting to a fake server, but it does not protect the user if the server is compromised when they first connect.

The most security-conscious users are going to end up hosting the JavaScript in a webserver on localhost, and at that point it might as well be a dedicated application.

You can run appimages in Tails

Removed by mod

What’s the alternative? Keeping Nicolás Maduro in charge?

Yeah, any authentication cookie will be unique to you, so if you do use one, Google will be able to track you across browsing sessions, which is likely what you’re trying to mitigate by clearing them.

I don’t think there’s stigma. Most users use package managers to get their software. For large operating systems, a torrent does help make downloads faster and less expensive when many people begin to seed it (and many FOSS operating systems do offer torrents), but most projects won’t benefit from that.

I personally would not want to go through the hassle of getting the magnet link, putting it in my torrent program, waiting for it to finish, verifying the signature (if there even is one) and the checksum, and only then manually extracting it so that I can use it.

There are extensions that let you encrypt/decrypt messages right in your Gmail inbox. I’m not sure whether that would let Google grab the decrypted messages using JavaScript, though.

It’s news to me that you can’t connect to a proxy over a VPN.