Epic Games (lolwhat?) bought it in 2022, but sold to Songtradr in 2023. The latter seems to be some kind of music license broker.

If you are using Paypal, log in to Paypal and go to Bills. Select Spotify and scroll down - there should be a link to cancel the subscription at the bottom.

GP probably asked whether Mull was shortname for the Mullvad browser.

I really hope there’s nothing dodgy going on there

In 2023 they got a 1.1 million SEK fine for breaking the law that regulates working hours. To “allow” (strongly encourage) your employees to work nightshifts you need a collective agreement approved by the union, which they didn’t have.

More recently, they got a 500 million SEK fine for skirting the anti-money laundering regulations in Sweden.

But at least I’m not giving them interest on anything I buy. Always make sure I’m paying my stuff on time, and no postponed payments.

The whole “buy now, pay later” deal is a credit loan. They are most likely paying the merchant directly and using your loan as collateral to speculate on the market, until you pay them back for that loan. If that’s true, they are making profit on the interest gained from your loan.

I’m guessing their business model is to exploit people who have issues paying on time and to collect interest and late fees, as well as receive convenience fees from stores implementing Klarna as a payment option.

Correct. Like all credit banks they promote the “buy now, pay later” option before direct payment, which is becoming a pandemic on our society. Hardly any user interaction needed. They also offer their own payment plans which encourages buying even more expensive items you cannot afford.

A tip is to host your own domain at an e-mail provider that allow you to receive e-mail for any recipient in a single mailbox (i.e. catch-all or wildcard), and use the following alias format when signing up at different websites or services:

<website>@<yourdomain.tld>

This allows you to filter incoming e-mail by which website/service you signed up for, regardless of what domain they send e-mail from (it can be different for account notifications vs newsletters etc.).

It will also help you detect if they have sold your contact details or had a data breach without announcing it publicly, since you wouldn’t use that specific e-mail alias elsewhere.

+1 for Njalla

Good point! The details for each app are crowdsourced and can be submitted via the instructions here. However, the default templates does not include any mention of root status.

The maintainer of the site can be reached via any medium listed here if anyone would like to suggest updating the templates to include root status.

Thank you! Updated the post with a link to this resource.

DivestOS sounds interesting but I am wary of any “mission-critical” software project (such as the firmware for my primary phone) that relies on a single person, for multiple reasons. Burnout and potential for social engineering by malicious actors being two of them.

GP:s comment made me curious as well. Usually, if multiple hardware vendors are supported there are separate branches with different maintainers. It doesn’t necessarily mean that the main codebase is bloated as a result.

For those that are looking to install GrapheneOS and want to ensure that their banking apps work as intended, here is a curated list of supported apps per country:

https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

CPU vulnerability mitigations would typically be distributed with the intel-microcode package for Intel processors on Debian-based distributions, for example.

And QubesOS isnt based on linux kernel. It uses Xen. Linux is used in the Qubes aka VMs.

The dom0 is very much running a Linux kernel, the same way your domU:s are typically running Linux kernels (although you could probably run any kernel in hvm mode).

As an example, here is the documentation on how to manage updates for the dom0 kernel:

https://www.qubes-os.org/doc/how-to-install-software-in-dom0/#kernel-upgrade

Hadn’t heard about deSec until now, seems to be run by some cool privacy minded folks in Germany:

https://desec.io/

I guess you already know about the options, but for others:

Find the cheapest VPS out there and have a Wireguard tunnel between it and your home network. Run ddclient or similar on the VPS in case the public IP changes.

They went crying about WPEngine having found a good business model around Wordpress support, and started sabotaging for them.

https://www.theverge.com/2024/10/2/24260158/automattic-demand-wp-engine-revenue-wordpress-battle

Looks like they lost in court a few days ago!

https://www.theverge.com/2024/12/10/24318350/automattic-restore-wp-engine-access-wordpress

For the same price and power usage as the Pi?