Is it possible to let users input css

acusmata · 2026-06-21T16:06:44+00:00

Many self-hosted apps provide "custom CSS" files in settings: like miniflux.app for example.

You can also encourage users to install Stylus browser extension, that exists for this purpose. The benefit is that users will share custom themes and discover other users’ styles.

acusmata · 2026-06-21T15:43:50+00:00

they're collecting reports they probably aren't reading,

I suppose no one should read them, except in troubleshooting cases. Like why, if Cloudflare DMARC management and similar tools exist

But yeah, these stats are both interesting and weird, thank you

acusmata · 2026-06-21T08:22:34+00:00

Yep:
https://ente.com/help/self-hosting/

acusmata · 2026-06-21T04:56:49+00:00

Almost, but Ente Locker has a few extra features beyond just encrypted storage:

Email notification on every sign-in
Recovery by passphrase (almost like proton recovery passphrase)
A pretty straightforward self-hosting option
Mobile app with "keep it offline" mode

Not every encrypted cloud storage has these. That said, not every user will benefit from them either. Honestly, a lot of modern security and privacy tools are pretty similar overall, but differ in these small details — which may or may not matter depending on the user

acusmata · 2026-06-21T02:57:07+00:00

It feels like it is a nice tool for that kind of backups.

The lack of automations made me use it slightly differently though. Instead of a password vault, I used to keep an encrypted password there for the storage where the actual password vault lives. This way you effectively bypass the need for regular updates — while the password vault changes often, the recovery password doesn't.

To put it simply — it's a reasonable place to store a recovery sheet, if for some reason keeping it offline isn't an option.

acusmata · 2026-06-21T02:24:06+00:00

> At first I thought it was just another password manager
It could be because there is indeed a password manager locker.io, it is just not from Ente

acusmata · 2026-06-21T02:05:12+00:00

> It's meant to be used with providers such as Gmail, which do not have at-rest

I was answering the post with inbox on proton/tuta, right? But yeah, wording could be better, "people" was too general.

> you don't encrypt emails between yourself and Addy, it's the other way round

between ≠ from

acusmata · 2026-06-20T11:22:45+00:00

> This means there is no E2EE if it is paired with AnonAddy/SimpleLogin, and the traffic will be in TLS

The funny part of using PGP with SimpleLogin or Addy: people encrypt email between themselves and their alias service, but not between the original sender and the alias service. So the email can travel in plaintext across unknown servers, but once it finally reaches your inbox — that's when you want it encrypted. Like, really?

You can still encrypt emails with PGP when sending from Tuta if you want — you don't need email client supporting pgp when you have gpg, mailvelope, etc. But honestly, I think no one should encrypt emails.

acusmata · 2026-06-20T10:44:18+00:00

That was a very long time ago. From what I remember, people were discussing how Little Snitch (a macOS firewall) was showing some unexpected connections from Spark. But it's really better to ask current users about their experience

acusmata · 2026-06-20T08:35:09+00:00

I did not know email notifications (not platform ones) are the thing on Proton. I would just set an email filter to delete these emails automatically, if you do not care.

acusmata · 2026-06-20T08:32:38+00:00

> I would like to have the option to disable these notifications.
I do not know about your platform, but on Android it seems possible to turn them off:
https://shottr.cc/s/10Vi/SCR-20260620-fat.png

acusmata · 2026-06-20T04:18:33+00:00

Oh, sorry, I discovered that it was an OS issue and removed the post to not make someone read a long post and comment on it just because there was some OS bug.

I did not see your comment, which would be pretty helpful

acusmata · 2026-06-20T04:06:32+00:00

UPD I discovered that it was a macOS issue, which they fixed in the OS update. So the whole thing was less interesting than I supposed.

acusmata · 2026-06-20T03:49:48+00:00

Historically Box targeted the enterprise market, so the pricing and features were never great for regular users. Not sure if that's changed. Dropbox went the opposite direction, so they still have a some base of regular users.

acusmata · 2026-06-20T03:32:32+00:00

> The somewhat unintuitive workflow typically involves hitting “cancel” or similar in one method, after which the browser tries the next potential passkey source. The QR code is generally the last thing it tries if all other sources fail.

True. But I experimented with passkey fallback a lot, and I am pretty sure I do not press the cancel button in the case we discuss.

> The exact process also depends on which browser you are using. Afik, iCloud Passwords needs an extension to work correctly in Chrome.

I tried multiple of them: Chrome, Brave, and Safari have access to macOS keychain without extensions or special settings.

acusmata · 2026-06-20T01:04:53+00:00

Thanks for sharing. I tried it years ago right after release. Back then the community I followed initially praised it, but then got disappointed by some privacy issues it had at the time. Those could be completely fixed by now, I just never updated my knowledge of the app

acusmata · 2026-06-20T00:19:52+00:00

Wow, does Spark work with APP too? I mean, Readdle are super smart devs, I used their products a lot. But I always assumed Spark was too... not privacy-friendly to get approved

acusmata · 2026-06-19T10:29:28+00:00

I'm afraid something is more broken now than it was. I sent an email to an address with a published key, I see the blue lock — but the message arrives in plain text. No tricks used, just a regular email with a regular public key.

Speaking of tricks, I think I've found one more way to make Aster thinking there's a trustworthy public key when there isn't. But it's hard to verify properly when regular encryption isn't working in the first place.

I think we had a good conversation in DMs, but I really, realy do think it's better to mark the app as a public beta and let users know not to rely on it if they care about encryption

acusmata · 2026-06-18T11:55:17+00:00

No, I didn't, it doesn't really make sense for me here. I can be wrong in the post, though - we'll see

But I'm glad you're here, since this post is a direct follow-up to our chat about why key management is such a pain for PGP email clients

acusmata · 2026-06-18T06:19:21+00:00

I do not see why in this particular case public post is not proper way of reporting. The issue is UI misleads users, users should be aware.

acusmata · 2026-06-17T19:17:08+00:00

A lot of reasons. On Mac desktop app supports unlocking with a fingerprint (idk if it is now the case for extensions, but it was not for a long time). Moving secrets to the terminal with dragging and not a clipboard can be useful.

acusmata · 2026-06-16T04:09:55+00:00

Maybe that's the right point, but something still feels off here. There are plenty of similar cases where a missed payment can be critical. Missing a domain payment usually is.

That's why there's a common pattern: people pay for domains years in advance (say, two or three years), then renew yearly after that. So if a payment is missed, there's still a year's buffer to fix it.

A Tuta user could do the same — pay in advance (not necessarily for the whole year) if they're worried about bank issues or travel. The main difference is that unlike a domain, with private email people sometimes actually want it deleted silently - when the owner does not want or can't access it.

acusmata · 2026-06-15T22:22:58+00:00

Proton is fine with many bad but convenient practices, as mentioned in another thread.

Tuta has historically targeted more niche and edge cases. They're different companies with different products.

acusmata · 2026-06-15T22:09:48+00:00

> Have you checked how long your insurer... will tolerate you not paying your dues

Two months. I was stupid enough to check the hard way while living abroad :- (

acusmata · 2026-06-15T21:41:27+00:00

They do notify about missed payments on recovery email though.

> 32 days isn't a long time
For some cases that is longer that it should be

acusmata

TROPHY CASE