I don’t know if it has been audited or not to be honest but I know the source code is available on the Mega website.

I have not come across Cryptomator but that is now something I am definitely going to look into, I am always doing an audit on software I use and always looking to see what else is out there. Just because I use Mega at the moment doesn’t mean that is what I will be using in a year from now etc

Fossify messages. Not the most feature filled app, does only the basics but because I don’t use SMS as my main communication method it is more enough to receive the odd 2FA text

Since they publish their client-side source code (https://mega.io/developers), anyone can verify that the encryption actually happens locally on your device before a single byte is uploaded.

Unlike Google or Microsoft where you just have to hope they aren’t scanning your files for ads or AI training (which they are!) Mega’s transparency means if there was a backdoor in the client code, the FOSS community would have flagged it years ago, it gives independent researchers a chance to check the behaviour. As an offsite backup is crucial, for me Mega is one of the better providers, not saying they are perfect but good enough for now.

The two I use are Nextcloud and Mega. Nextcloud is my primary location and I have a script that runs daily to replicate the Nextcloud with Mega. I chose Mega because it has end to end encryption and Mega cannot see your data. They also cannot recover your account if you forget your password. They have had issues/controversy in the past but these days they are, in my eyes a solid choice. I also make use of their S3 bucket so that my Proxmox Backup Server can save offsite so technically Nextcloud is included in that as well!

I recently wrote about why the year of Linux might actually be a trap. Most users want control handed to them even if it means giving up their privacy. If Linux goes mainstream, it could lose what makes it special.

https://the.unknown-universe.co.uk/privacy-security/year-of-linux-trap/

Actually, even without “tracking” individuals, the metadata is still there. I can see from my own anonymous, privacy-respecting server stats exactly how many hits are coming from Android versus GNU/Linux. There is no personal data involved, but the OS “fingerprint” is clear.

If a small, self-hosted blog can see that high-level data, then a bank or a government gateway definitely can. The comparison to anti-piracy doesn’t quite work because you don’t have to “log in” to a pirated movie, but you do have to authenticate for the services that actually matter. That’s where the compliance gate gets locked.

I think that’s a dangerous assumption to make. If the OS is tied to your physical identity, the ‘VPN’ layer becomes much less of a shield. Once the kernel level is ‘compliant’ with an ID check, the metadata being leaked or even the hardware ID itself makes anonymity a lot harder to maintain.

You’re right about the social media risk, but the OS is the foundation. If you give up the keys to the house, it doesn’t matter how many extra locks you put on the individual room doors. That ‘disappointing risk’ is exactly how the ‘invisible borders’ start getting built.

I agree with you, that’s exactly what my post says.

Microsoft is the trap. My point is that “Sanitised Linux” is just Microsoft-style shenanigans being forced onto our ecosystem via regulation. I literally started the post by saying Linux is the only sanctuary left.

ChromeOS is basically the blueprint for the “Gold Cage”. My real worry is that “security” is just becoming a convenient excuse to swap user ownership for corporate control. Once that “masses” version becomes the legal standard for compliance, the rest of us are basically looking at digital exile.