Hans-Christoph Steiner @eighthave@librem.one

@GossiTheDog what happened to "obscurity is not security"? Shouldn't we leave it up there so more people can learn how best to defend against it? That code will still be 100% available in the ransomware forums. I suppose there could be something to gain from making ransomware code a little bit less available, but it also sets a dangerous precedent that people should not be allow to see "bad code". Like the article says "... Not Paying a Ransom" is a better defence

@ahf Its already in place, there is an onion service already set as an official mirror, its just run by people at fau.de. This is only about adding the onion service run by the #FDroid team 😃

We want to add the official #Tor onion service for f-droid.org as an official mirror, so that clients will automatically use it. Please test by sharing the repo link to #FDroid client then add it as a mirror:
https://gitlab.com/fdroid/admin/-/issues/12#note_1184095205

This should prompt to add it as a mirror, which is safe since the keys need to match. Click cancel if it offers to add a new repo.

@Strandjunker Why are Democrats exempt? There have been plenty over the years who blocked gun control and accepted money from the NRA, and there still are some.

@neglesaks @neglesaks That makes sense, but I wonder how many of those there really are. I would love to see data on those ~2.2 million apps without a single star.

The majority of apps on Google Play have never even been starred once. It seems Google Play's users do not care at all about the majority of the apps in their collection. Anyone have any ideas why Google would allow it to become such a cesspool? Is it that they believe they can just make their recommender engines find the good ones? Or do they want to remove friction for developers to ensure their monopoly? https://www.statista.com/statistics/266217/customer-ratings-of-android-applications/

@cnx YouTube Premium is another example of the cracks forming in surveillance capitalism. Google is the biggest "innovator" when it comes to developing surveillance capitalism as a model, and has probably done the most to make it look "respectable". They were generally true believers in that model, but now, even they are exploring ways out.

Requiring everything be free software is the standard of the best distros, and what #F-Droid strives for. This goes against what Google is trying to with the Android ecosystem. They are pushing hard to get everything using their proprietary bits so that they can control the ecosystem. #F-Droid is the biggest force pushing back.

https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/

The #F-Droid build system can feel restrictive to devs because we require building from source and only use binary build tools that are confirmed to be built from source. That means allowlisting trusted organizations to do the right thing, then looking for exceptions. This is looser than reputable GNU/Linux distros (Debian, Ubuntu, Fedora, Gentoo, etc), which build only with system packages. linsui wrote why Maven Central cannot be blindly trusted to provide free software
https://f-droid.org/2022/07/22/maven-central.html

@hund @fdroidorg@mastodon.technology Google did buy Android, but it was proprietary then, and Google open sourced it. They were tactical, doing that to get developers' attention, given all the other mobile platforms were proprietary then. Now Android is the biggest platform in the world, and Google controls it, and they want more control. So they go proprietary.

@cnx I have no specific info there, but switching business models would open up that possibility. I see it more that the business types are starting to think that there is an expiration date for surveillance capitalism business models because people are catching on to how bad they are.

@ben @matthew_d_green I agree, but many pieces can be solved and built into infrastructure. Not everything has to be constantly fought over. Big Tech knows the value of data, so they don't want to shut themselves out of it. #F-Droid is architected to remove as much data as possible: no user accounts, servers can't see devices' locale, signed static files can safely come from any source on the internet, etc. Even if the maintainers wanted to, it would be hard to track users without rebuilding.