Hans-Christoph Steiner @eighthave@librem.one
Joined Aug 2019
@bagder @mjgardner @icing In the case of well established, well documented, widespread protocols, I totally agree. There are other factors that change the equation. Is it a new protocol? Are the docs good? Do the people involved in implementing have a means to communicate? And human input changes the equation in a big way. No one expects humans to type HTTP, TLS, or TCP.
Hans-Christoph Steiner
boosted
Mullvad VPN and the Tor Project today present the release of the Mullvad Browser.
A privacy-focused web browser designed to be used with a trustworthy VPN instead of the Tor Network.
Read the full story and download the browser here.
Hans-Christoph Steiner
boosted
Tik Tok ist zwar lustig, kann aber zum echten Sicherheitsrisiko werden, wenn man die User:innendaten aggregiert & analysiert. Thomas Lohninger war dazu in der ZIB 1:
@rene_mobile @reto @signalapp Your post is a nice breakdown. There is a tricky balance here: of course more systems implementing trusted E2EE methods is a good thing, but its turned into a marketing bullet point, like "fully private because E2EE". As for #Signal, last I've seen, they don't really do Reproducible Builds. Their process uses the binaries for their own native code, and just reproduces the Java and Android resources part. And Signal releases still include proprietary libraries.
Hans-Christoph Steiner
boosted
Which means, you can only use that if your app's minSDK is >= Android 9. (At least that's what I remember from when this feature was originally introduced)
Wireguard's minSDK is Android 5.0.
F-Droid might start to look into this though, it's only a few years off until this can can be reaslistically used in the wild.
Hans-Christoph Steiner
boosted
The Wireguard android app is now Reproducible and distributed with Jasons own signing key.
https://lists.zx2c4.com/pipermail/wireguard/2023-April/008045.html
Pretty cool.
Hans-Christoph Steiner
boosted
🇺🇦 🇹🇼
#WhatsApp implementing #KeyTransparency is pretty nice, and definitely an excellent step in the right direction against shadow accounts and the service provider trust problem. However, without the client being #OpenSource, it is not that meaningful. Yes, of course somebody could implement an independent monitor for the transparency log to check keys registered for an identity, but what percentage of the user base will actually do that when the only realistic way to use the service is to rely on the #proprietary client, which can still be used to maliciously target (groups of) users to break #E2EE?
Secure messenger clients should both use identity security protections like #KeyTransparency and have a *default* implementation that is #OpenSource and, ideally, be distributed with #BinaryTransparency and verified through #ReproducibleBuilds. Oh, and allow other identifiers than just phone numbers (still looking at you, @signalapp - which is otherwise ticking a lot of the right checkboxes).
Hans-Christoph Steiner
boosted
@Gargron @fdroidorg That is incorrect and the GitHub issue shows it. The F-Droid team asked for .apk files of the Google Play build as it was compliant with F-Droid policy. Not a new flavor.
Mastodon made a change to the version they provided to F-Droid (the GitHub version) that broke policy. F-Droid even went out of their way to tweak policy in Mastodon'a favour to not require complete removal of the in-app updater, just a good explanation.
@jr @Wyndix It is supported in the latest version of the official client. You have to enable it in an expert preference. The https://guardianproject.info/fdroid repo is also shipped on IPFS.
Hans-Christoph Steiner
boosted
Help needed: are there any graphic designers who could help create matching #FDroid category images for missing categories? My "quick hack" doesn't really fit: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/13059
Thanks in advance!
PS: if the same could be done for the additional categories in the #IzzySoftRepo that would be great 
Hans-Christoph Steiner
boosted
@iThreepwood @fdroidorg this whole drama actually went down exactly because F-Droid distributed the developer signed version at the beginning, but for this to work, F-Droid needs a reference APK that complies with F-Droid policy, which then in turn became to much work for the Mastodon team to upload, so they asked to get switched to the F-Droid owned signing key.
In other words: F-Droid tries their best, but sometimes upstream developers won't/can't cooperate
@indyradio I don't have DMs in Mastodon, I choose this instance because it does not have them. Email and Matrix are good.
This turning so much #FreeSoftware #Android work towards this huge focus on locking everything down and limiting things. #Android started out as a much more hackable mobile OS than any major one before it, and that's why it became so popular. Locked down devices have their use cases, like for journalists and whistleblowers. And computing devices should not be easy to abuse. Locking down devices is also useful for maintaining monopolies. All this is also limiting the promise of mobile computing.
I see a shift in how people think about #privacy in #software. Now that people are aware of how bad software can be for privacy, I see a lot of pressure to not include useful functions because they might appear to be invading privacy. #Android permissions are a good example: so many people are rightly concerned about location tracking, as represented by location permissions. The first question is ask when seeing a suspicious one is: do I trust that app's people and process to do the right thing?
@stefan @Gargron I've worked on #decentralized systems for many years now, including #XMPP clients, #Matrix, #Tor, and @fdroidorg and I think the new #Mastodon client onboarding experience is a good idea. But it also means there is a new slippery slope towards centralization, and it needs to be heeded and monitored to make sure it doesn't do more harm than good. The good news is that there are multiple, good clients, so that helps quite a bit.
Hans-Christoph Steiner
boosted
Truly disturbing information. You certainly should not trust any large tech companies, but #ByteDance makers of #TikTok is emerging as just about a worst-case scenario. Support #decentralization
https://arstechnica.com/tech-policy/2023/05/tiktok-spied-on-me-why/
Hans-Christoph Steiner
boosted
🤔 What are your favorite #OpenSource / #FreeSoftware projects on the #Fediverse that we should collectively try to convince to move away from mastodon.social and toward other instances, so more people can easily see and interact with them?
📋 Give them an @-mention in this thread!
Hans-Christoph Steiner
boosted
Guten Morgen meine Damen und Herren, wir begrüßen Sie zur tagesschau!
Hans-Christoph Steiner
boosted
Last year we announced we would be joining Mastodon to explore an alternative to today's social media.
We’re excited to announce we’re expanding Mozilla.social to a private beta, with hopes to open to the public soon.
This is just the beginning. Read more about the launch of our instance, including how to join the public waitlist. https://blog.mozilla.org/en/mozilla/mozilla-social-mastodon-private-beta-announcement/
Joined Aug 2019
