According to the WhatsApp-leak, it is 51.41% Android and 48.59% iOS in the Netherlands.

https://github.com/sbaresearch/whatsapp-census/blob/main/cou...

People who are happy to use services from facebook may also be disproportionately more likely to are happy to use the iOS garden

That’s a wealthy nation.

"Google-free" FOSS Android-builds (Graphene, /e/, iodé) are available today and usable for most tasks. Just make sure your government IDs and banking apps don't depend on proprietary Google-only features.

Amusingly often banking are apps purpousefully configured to refuse working on the more secure Android builds ("SafetyNet").

Firefox, Safari, Chrome, Edge and even Brave have "HTTPS first" or "HTTPS by default" enabled out of the box. HTTP is only used as a fallback.

Why are you saying lies?

I just installed fresh chromium and firefox in a clean Linux VM and typed "google.com" (and a few others) in the URL bar with tcpdump running and they both initiated with TCP port 80. Can confirm that the https-only setting is disabled for both when looking in settings/preferences.

> HTTP is only used as a fallback.

Separately, using HTTP as fallback makes the whole thing mostly pointless security-wise. If an attacker can MitM port 80 it is very likely that they can also interfere with 443 to silently force a protocol downgrade. STRIPTLS.

SMTP STARTTLS has the same problem. ISPs and authorities have been known to harvest email traffic by the same technique.

We don't really need HSTS to address most scenarios. Just have browser not attempt http:// for addresses in the address bar unless explicitly specified. Have it try https:// without falling back to http://.

HTTPS-by-default with fallback is not a good default setting since it's vulnerable to the above attack. Strict HTTPS-only is not a good default setting since it prevents legitimate http traffic on internal networks. HSTS adds problematic edge-cases. It's hard to fathom that none of the major browser vendors seem to have figured out the obvious solution to just stop inferring http:// unless asked for.

Really, the only time I use "http" is for running web services on my localhost for debugging, to connect to my router, and to connect to my NAS.

I'm not sure the best way to secure that situation. Unencrypted traffic that only stays on my own computer is a valid use case, and unencrypted traffic on my home network is about as risky as skinny dipping in your own back yard.

Then why did mine do http first? Use the F12 screen to watch your browser resolve a domain that you type into the address bar.

It can't handle OpenDocument files (odt, odp, ods) well. Only a one-way import is supported. https://helpcenter.onlyoffice.com/docs/userguides/document_e...

There are parts that are not released under a Free Software license but that's unclear from their marketing-communication. #openWashing

If you want LibreOffice with less Java, you should try Collabora Office. https://www.collaboraonline.com/blog/collabora-online-now-av... (I'm not affiliated)

The dependency is much weaker in this case. Finding somebody else to manage/host Nextcloud is easy while using MS Office without Microsoft is impossible.

The partnership between Nextcloud and Stalwart was announced 4 months ago: https://nextcloud.com/blog/press_releases/nextcloud-stalwart...

That's awesome, thanks for sharing!

@jospoortvliet did a comparison of the two projects that's very much worth a read.

https://blog.jospoortvliet.com/2020/06/collabora-vs-onlyoffi...

> Part of the source code are located in private repositories. You can't compile the project without them.

https://github.com/ONLYOFFICE/documents-app-android/issues/3...

Web-apps in the browser can't be used for encryption because in that model the server is always trusted to send whatever code it wants. That defeats the point of end-to-end encryption. That's why Mailvelope is a browser add-on and webmail clients don't just embed openPGP.js. This way they can create releases of the crypto-code and distribute them over trustworthy channels.

If Isolated Web Apps (IWAs) take off, it may become an option.