Hans-Christoph Steiner @eighthave@librem.one
Given my work on #privacy, #censorship circumvention, #ech, etc. this #Brazil #Musk case is giving me pause. I have lots of questions, but no clear answers yet. Are there parallels to the DoH case here? Is making the internet more private contributing to centralization of power? e.g. billionaires like Musk can broadcast over the whole internet whatever they want, and governments have no power to stop it. The 99% do have to follow our govs.
The #EuropeanCommission is having workshops to get feedback about making companies that have been designated #gatekeepers comply with the #DigitalMarketsAct. You can register to attend in person or online:
* #Alphabet / #Google https://digital-markets-act.ec.europa.eu/events-poolpage/alphabet-dma-compliance-workshop-2024-03-21
* #Apple https://digital-markets-act.ec.europa.eu/events-poolpage/apple-dma-compliance-workshop-2024-03-18
* all https://digital-markets-act.ec.europa.eu/events
We need more voices for #FreeSoftware and #Privacy present to counterbalance #BigTech and #SurveillanceCapitalism!
#Debian has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, #Fastly. It works well, but also feeds an enormous amount of #metadata to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the #privacy policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?
I like to think about little hacks to increase my #privacy while working on code. Lots of build systems fetch all sorts of things from the network, and send all sorts of data. #Android, #Flutter, and others have opt-out tracking. One little hack I have going is to force #Gradle to fetch #Maven dependencies over #Tor (except from #Google which blocks Tor). https://gitlab.com/-/snippets/3642145
When discussing #Google alternatives for #privacy, I heard: "I tried X a couple times but it didn't give me the results I wanted but Google did, so I stay there". I use multiple search engines and see each one's strengths and weaknesses. This made me realize there is a kind of bias: using one service provides simplicity. When using one, we don't know when that it is providing worse results than alternatives. Then people get the impression "the alternative sucks, I'll stick with the good one" 1/
I see a shift in how people think about #privacy in #software. Now that people are aware of how bad software can be for privacy, I see a lot of pressure to not include useful functions because they might appear to be invading privacy. #Android permissions are a good example: so many people are rightly concerned about location tracking, as represented by location permissions. The first question is ask when seeing a suspicious one is: do I trust that app's people and process to do the right thing?
I'd like to have something that automatically convert links to the #privacy preserving version in the browser. Like play #youtube links in #invidious, etc. There seems to be things like #UntrackMe but for me the question is which one to trust, is maintained, works well enough, etc. Once I find a tool that I think it generally applicable, then I work to get it into #Debian so its easy for others to make this decision. Is there a browser extension for this that is worth getting into Debian?
The real #privacy protections of using a #VPN come from putting all your eggs in one basket: force all your DNS and traffic through the VPN provider. Then nobody else sees your real IP address, etc. As long as the VPN provider does everything right, doesn't get hacked, or doesn't have to comply with secret government orders, it does provide a real privacy improvement. But I have a real hard time buying into putting so much trust into one service. I wonder if it is possible to be so good
As lead maintainer of the official #FDroid client, I hear a lot of criticism that #targetSdkVersion is still at 25. fdroidclient is #FreeSoftware, publicly audited, with #ReproducibleBuilds, written in memory safe languages, with a proven record of respecting #privacy and delivering #security. The source and binaries also receive human and machine review. #targetSdkVersion is designed around untrusted proprietary software with non-memory safe code where the binary only gets machine review. 1/2
I find it super frustrating how well constructed #Google #privacy PR is. They are masters of taking one little problem, making an a solid privacy improvement to it, then using it to distract people from their giant surveillance capitalism machine. Something like that is only a privacy improvement for people who are fully in Google's ecosystem. Switching to using Google Fi encrypted calling would be a net privacy loss.
There are two semi-related questions that have been repeatedly popping up in my head for the past couple years: 1) now that we know how to do real #SecureMessaging, are we sure we want a world where wiretapping isn't possible? 2) now that we know how to privately track usage without #tracking people, are we sure we want to encourage software development based on tracking data? #privacy
Reading about how #Vivaldi browser aims to remove unique IDs when counting users makes me think about how #fdroid hasn't been tracking users from the beginning, and stopped tracking downloads years ago, and seems to only have become more popular. Makes me think that #FreeSoftware developed by community motivated by doing the right thing is a better way than a #startup or being driven by #tracking. Maybe improving the #privacy of tracking is missing the point.
https://vivaldi.com/blog/how-we-count-our-users/
Don’t Let Encrypted Messaging Become a Hollow Promise
https://www.eff.org/deeplinks/2019/07/dont-let-encrypted-messaging-become-hollow-promise #privacy #e2e
