Hans-Christoph Steiner @eighthave@librem.one

@tpfaff100 @eighthave GrapheneOS takes the Google/Android model in a different direction: prioritize security over flexibility and don't even include an app store. I think that could be quite useful to have a secure phone that is only a phone, e.g. you use only what comes with the system. That is quite different than the Debian model, and won't work for how the vast majority of people currently use their phones.

I'd love to see data on what verified boot actually stops. The ideal malware implants itself at the lowest level possible. Is there good public data on these kinds of exploits on #Android #Debian #Windows #iOS etc? Does standard spyware do that? Writing to /system requires a root exploit, lots of malware never gets root. How often there are vulns in #VerifiedBoot itself. Here's a real world full #exploit of verified boot:
https://threatpost.com/multiple-vulnerabilities-found-in-nvidia-qualcomm-huawei-bootloaders/127833/

#Debian created an ecosystem where the software available there is reviewed and trusted, so the system can prioritize flexibility over security. In #Google Play, there are many apps we feel forced to use, despite knowing they are unethical or are tracking us. Google responds by locking down #Android to reduce data leaks, which also reduces the system's flexibility. #FreeSoftware puts the user in control so we can build user-friendly systems without being forced into bad decisions.

@fdroidorg https://f-droid.org/2021/06/30/new-language-romanian.html

Does anyone know how to query the system for information about Trichrome Libraries https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/android_native_libraries.md#Trichrome? They seem to be installed as APKs, but the regular way of querying for app metadata does not work. For example, is there a separate concept of "Version Code" for Trichrome libraries?

"It is in our power to wipe out poverty. It simply isn’t among our priorities." #BasicIncome https://www.nytimes.com/2021/06/13/opinion/stimulus-unemployment-republicans-poverty.html

#SiliconValley is demonstrating yet again how out of touch with society it is with yet another plaything for the rich that screws everyone else: the #FlyingCar. Cars are already the dominant source of #NoisePollution, flying drastically increases that, so the promo videos all play music instead of actual audio. Here is one small glimpse of what just one actually sounds like https://yewtu.be/watch?v=E9t154HL1V0 Now imagine how loud flying car traffic would be?

I'm always shocked at how many people buy those cheap plastic #kitchen sponges. They work so terribly and are not washable. Take literally any old rag that is at least partially #cotton, and it cleans so much more efficiently. Like literally any old t-shirt. And everyone knows how to wash a t-shirt.

@IzzyOnDroid searching for that brings up zilch https://duckduckgo.com/?t=ffab&q=google+%22unified+location+resolver%22&ia=web

I posted some thoughts about F-Droid clients and maintenance in response to a post, I'd be interested to hear what other people think: https://www.reddit.com/r/fdroid/comments/noov58/the_problem_with_the_fdroid_clients/h0aobs7/ @fdroidorg

This quote from #Google #Arizona court docs really sums up a lot about #SurveillanceCapitalism design:

"The current [locations settings] UI feels like it is designed to make things possible, yet difficult enough that people won't figure it out. New exceptions, defaulted to on, silently appearing in settings menus you may never see..."
https://www.azag.gov/sites/default/files/2021-05/McGriff_Exhibit_207.pdf

@gry Those come from Weblate once the translator has finished the translation.

From an internal Google discussion: "TBH, given what you seem to want to do (not have any contact with any Google service whatsoever), your only option is flashing LineageOS for microG on your phone" https://www.azag.gov/sites/default/files/2021-05/Chai_Exhibit_201.pdf

#Arizona #Google #LineageOS #microg

@gry This is a simpler example https://github.com/fsfe/reuse-docs/pull/61

Anyone know what #google ULR is?

"Suppose a user has disabled permissions to, say, Google Maps for Mobile (GMM). With client-side location, GMM will not get location, as the user intended However, they can still get a place card (e.g. Riddler) via ULR-->████-->GMM server--> GMM client. (URL has GmsCore's location permissions, not GMM's). This seems like a bypass to Android's permissions model."

https://www.azag.gov/sites/default/files/2021-05/Berlin_Exhibit_236.pdf

"Apple is removing apps before China’s internet censors even complain. Apple does not disclose such takedowns in its statistics."

#Apple did not have to make tricky corporate setups with #China to get around the #USGovt ban on US companies handling over data to China. They created a corporate arrangement where a Chinese gov owned company GCBD owns the data, so the Chinese government just asks them instead of Apple. This is clearly pursuing profits in direct conflict with human rights principals Apple claims to protect. This sounds just like #IBM's tight relationship with the Nazis in 1934.
https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html