You mean like https://acceptableads.com/ which is only supported so far by Adblock Plus (and its parent company)?

The problem is until there is some kind of penalty for being too annoying or too resource consuming, it will always be a race to the bottom with more, worse ads. As people add ad blockers to their browsers, the user pool that isn’t running them begins to dry up and more ads are needed to keep the same revenue. This results in even more people blocking them.

Two of the things I had hope for on the privacy side was Mozilla’s Privacy-Preserving Attribution for ad attribution and Google’s Privacy Sandbox collection of features for targeting like the Topics API. Both would have been better for privacy than the current system of granular, individual user tracking across sites.

If those two get wide enough adoption, regulation could be put in place to limit the old methods as there would be a better replacement available without killing the whole current ad supported economy of most sites. I get that strictly speaking from a privacy perspective ‘more anonymous/private tracking’ < ‘no tracking’ but I really don’t want perfect to be the enemy of better.

More usable for the average user and more supported by actual sites and services, so yes.

Another KOReader recommendation here. I typically use it on an eink device but also have it on my phone and it works well.

Looks like for syncing there’s a plugin:

https://github.com/koreader/koreader/wiki/Progress-sync

Don’t need the premium version of Bitwarden to use passkeys. The free version works.

That said, $10 per year is not a big cost to support the company storing your vault and developing the apps.

Bitwarden can both generate and store them in the browser extension. It can also use them through the browser extension but it can’t yet use them through the mobile apps (they’re working on it).

And that’s a bad thing?

The desktop is finally catching up with the more restrictive permissions model where an app doesn’t just have the ability to do anything the user can do but instead only has access to what it needs.

Going with a familiar interface style like the ones people already use on mobile just makes sense.

What would you want it to look like instead?

Vizio makes twice as much profit from those ads and tracking services than the actual TVs:

https://www.theverge.com/2021/11/10/22773073/vizio-acr-advertising-inscape-data-privacy-q3-2021

Looks like it just concatenates them:

The shared secret is calculated as the concatenation of the X25519 shared secret (32 bytes) and the Kyber768Draft00 shared secret (32 bytes). The resulting shared secret value is 64 bytes in length.

https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html>

Yeah, I feel like it’s going to take both browser vendors shaming sites once a standard is developed/finalized and something like a quantum version of whynohttps.com to drive adoption.

The problem really is the store and decrypt nature of it. It could be used against old data so the time when it needs to be implemented is before it becomes possible to decrypt. I feel like people aren’t good about planning like that and tend to be more reacting to what is currently possible.

Considering this proposal is used for the key exchange, they definitely need to update both the client side and server side part to be able to make use of it. That’s the kind of thing that may take years but luckily it can fall back to older methods.

It also needs to be thoroughly vetted so that’s why it’s a hybrid approach. If the quantum resistant algorithm turns out to have problems (like some others have), they’re still protected by the traditional part like they would have been, with no leaking of all the data.

Currently being investigated by browser makers but not something they can just do on their own like Signal.

Here’s Chromium’s current proposal that they’re testing:

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html

While Signal does use Google’s notification system, my understanding is that they just use it as a way to wake up the app on the phone and have it check for new messages rather than sending any message content this way. The notification system that the operating system provides on the phone would still have access to the message data in the locally generated message notification with the actual content however, along with any apps that you give access to your notifications.

It may be something like Android System Intelligence or another similar service doing it: https://support.google.com/pixelphone/answer/12112173?hl=en

Notification management: Adds action buttons to notifications. For example, the action buttons could add directions to a place, help you track a package, or add a contact.

Supposedly Shreddit uses the archive of your data that you can request from Reddit to delete the stuff that isn’t currently viewable but I haven’t tried it first-hand (costs money). If you could feed the archive data into one of the other scripts mentioned in the comments here somehow, that would probably be the most thorough option, assuming you don’t hit an API rate limit.