Whitelisting law enforcement so when the owner of the air tag declares it stolen nobody other than a whitelisted law enforcement org could view its location and when they did that creates an audit log?
And since the user has the original key, it'd have to be voluntary surrender. After you turn your key in, you lose access.
The best part is the whole thing could be reviewable and added to a public immutable ledger, encrypted, to make the whole process, transition, and access transparent for courts later. Wouldn't it be great if more investigations happened that way?
And if you don't trust law enforcement, thats your prerogative, no need to use the feature.
They have access to guns, stingrays and flock cameras. They tap every email, message and phone call you make. You wouldn't even know if you are subject to warrantless surveillance as it might be illegal to tell you under the patriot act.
I'm pretty sure being able to access an Airtag that was put into stolen mode by the owner is the least of your concern. I'm not even sure what failure mode you are worried about because you didn't elaborate.
Please don't think I'm trying to be all high and mighty because I live in the UK and am surveilled even worse than you are (although at least our police are very rarely armed).
Sure and lots of times I can walk places. That doesn't mean bikes, cars, trains and planes aren't incredibly useful. They let me achieve things I can't in other ways for example transporting cargo without a team of people to help me. Just like AI coding.
America went full car to a point where just going to the shops from the suburbs is a car drive. Crossing the ROAD needs a car in way too many places.
There are cities where you can find a shop for essentials within walking distance, bigger shops need a short to medium drive, but can be still walked to if you really want to.
Parent wasn't referring to a possible future, but present time. If we get AI I can trust 100% that's another discussion. For now I don't see it and I don't think LLMs are the solution to that problem, but we'll see.
Sadly if you look at how the law is drafted its setup to catch companies that have a significant UK base not just those that advertise here. It is highly likely for compliance reasons (as we saw with imgur and others) that they will simply block the UK themselves.
> Now more than ever, trusting a US jurisdiction VPN provider ? No thanks !
The whole point of Obscura is you aren't trusting any single company. A Swedish company and an American company would need to collude to cause a problem. Unless you know something I don't?
> The whole point of Obscura is you aren't trusting any single company.
First, Mullvad's infrastructure has been independently audited.
Mullvad integrity has also tested as proven by a legal case where they were subject to a search warrant when someone was trying to claim copyright infringement.
As far as I can tell, Obscura has not had anywhere near the same scrutiny.
Second, obscura is the first hop is it not ?
Therefore it may well "only" relay the traffic to the exit node but it is still a relay and hence open to SIGINT analysis by the US.
I would have thought therefore using Mullvad's built-in multi-hop mode on their audited platform would be the wiser decision ?
Hence why Mullvad is being used as the exit point.
You have full e2ee between yourself and Mullvad but crucially Mullvad don't know who your IP. Five eyes are already doing SIGINT on behalf of both the US and the UK government before my connection even reaches Obscura so I lose nothing but potentially gain privacy.
How is it you think a single company (Mullvad) having access to my IP and what I am browsing is less secure than splitting it up amongst multiple providers one of which being Mullvad with that audited platform you talk about?
If I wanted Tor on top I'd layer it on top too but that would still be a single point of failure.
It's open source which means I can trust having the app installed if I build from source (or I can just use Wireguard directly). I then know I'm directly connected to a Mullvad Wireguard node by checking the public key here: https://mullvad.net/en/servers
Other than Wireguard protocol being broken there is no way for Obscura to snoop presuming I check the public key. I'm not saying I trust Obscura, I'm saying with their model I don't need to trust them which is vastly superior. Nor do I need to trust Mullvad.
You keep hand waving around that Obscura are somehow untrustworthy but you have steadfastly refused to address the fact that their model does not require trust. If you trust Mullvad (which you are claiming to) please show an attack that would work to breach this model. You can't.
Not really, for the same reason entrapment isn't usually seen as an accurate way to gather information for law enforcement. See also Goodhart's law and overfitting.
Both use Apple's Virtualization Framework, so core VM performance is similar. Main differences are around agent-first design (HTTP API, MCP server), unattended setup via VNC + OCR, and registry support for VM images.
We've also built a broader ecosystem on top - the Cua computer and agent framework for building computer-use agents: https://cua.ai/docs
Not seeing any reference to Tart at that link. Tart also has registry support for VM images it treats them very much like Docker images, is that what you are doing too?
Is it worth putting a comparison up somewhere other than a Github thread? Seems to be a frequently asked question at this point.
Also worth drawing attention to Tart being source available not open source.
Thanks much appreciated, the "Registry Support" section is weird though. Isn't GHCR an instance of an OCI registry? The when to choose Loom in the Tart section should also mention licensing, it is relevant at the choosing point.
Good changes, like the new theme too, I'd still match the two boxes if it were me (both should read OCI registry and optionally include GHCR but they should be identical)
> Lume automates the macOS Setup Assistant via VNC and OCR, creating ready-to-use VMs without manual clicking. Tart relies on Packer plugins for automation.
This feels disingenuous. Tart has unattended setup support as well, and it's based on the same VNC + OCR technique as Lume. In fact Tart had it first, and your approach seems to be heavily inspired by it. In addition the boot command instructions you're using came from https://github.com/cirruslabs/macos-image-templates/
The only material difference is whether it's built-in or integrated via Packer.
Fair point - both use VNC for unattended setup. The difference is implementation: Tart does it via a Packer plugin (Go), we built it natively in Swift with a customizable YAML schema that's less error-prone. User-facing difference is --unattended flag vs Packer workflow.
When we talk static HTML I think that still includes images, stylesheets and potentially even very basic javascript (e.g. setting classes). Those take advantage of CDNs; Cloudflare have an extensive CDN with decent latency / locations. They also are a DNS registrar and a lot of people use them for their local DNS provider so again latency benefits. That's before we talk about the DDoS protection, injecting stuff like metrics etc etc. I don't want to sound like a Cloudflare rep here but I can see where this user is coming from.
reply