Show more

Episode 57: F-Droid (featuring Sylvia van Os & Hans-Christoph Steiner!) fossandcrafts.org/episodes/057

F-Droid, a repository of free software on your Android device! @cwebber interviews F-Droid developers @SylvieLorxu and @eighthave@social.librem.one alongside chair of the F-Droid board... @mlemweb!!!

Let's be clear: $1.8b for "AI" translates to ~$1.8b handed to Big Tech companies to license infrastructure, data, and APIs.

AI is a corporate technology.

This is a subsidy to the richest companies in the world, justified via rewarmed cold war imaginaries.

bloomberg.com/news/articles/20

Putin’s energy blackmail has failed.

One year after presenting #REPowerEU, we have reduced our dependency on Russian gas by three-quarters.

Everyone has played their part in building a more independent 🇪🇺 and we are more united and stronger than ever in preparing for next winter.

I'm often surprised to hear that many people believe that was this new radical idea in software development that came about in the 80s. That is actually backwards. Open Source was the default way software was developed before the 80s, and development changed that. The movement was a direct response to software going . It put front and center as the reason why should be free and open.

again: paying for travel and lodging is nice, but traveling abroad and talking at a conference is *work* - I can't work for free. Especially if your conference charges >1000 USD entrance fees.

@bagder @mjgardner @icing In the case of well established, well documented, widespread protocols, I totally agree. There are other factors that change the equation. Is it a new protocol? Are the docs good? Do the people involved in implementing have a means to communicate? And human input changes the equation in a big way. No one expects humans to type HTTP, TLS, or TCP.

Mullvad VPN and the Tor Project today present the release of the Mullvad Browser.

A privacy-focused web browser designed to be used with a trustworthy VPN instead of the Tor Network.

Read the full story and download the browser here.

mullvad.net/browser

Tik Tok ist zwar lustig, kann aber zum echten Sicherheitsrisiko werden, wenn man die User:innendaten aggregiert & analysiert. Thomas Lohninger war dazu in der ZIB 1:

youtu.be/J2UvvISWJxQ

@rene_mobile @reto @signalapp Your post is a nice breakdown. There is a tricky balance here: of course more systems implementing trusted E2EE methods is a good thing, but its turned into a marketing bullet point, like "fully private because E2EE". As for , last I've seen, they don't really do Reproducible Builds. Their process uses the binaries for their own native code, and just reproduces the Java and Android resources part. And Signal releases still include proprietary libraries.

@jr @Bubu @mynacol @Foxboron I would love to see documentation of real world cases of that APK signing key rotation in action. Know of any? Seems like thing we should include in the docs too.

@jr @mynacol @Foxboron

Which means, you can only use that if your app's minSDK is >= Android 9. (At least that's what I remember from when this feature was originally introduced)

Wireguard's minSDK is Android 5.0.

F-Droid might start to look into this though, it's only a few years off until this can can be reaslistically used in the wild.

#WhatsApp implementing #KeyTransparency is pretty nice, and definitely an excellent step in the right direction against shadow accounts and the service provider trust problem. However, without the client being #OpenSource, it is not that meaningful. Yes, of course somebody could implement an independent monitor for the transparency log to check keys registered for an identity, but what percentage of the user base will actually do that when the only realistic way to use the service is to rely on the #proprietary client, which can still be used to maliciously target (groups of) users to break #E2EE?

Secure messenger clients should both use identity security protections like #KeyTransparency and have a *default* implementation that is #OpenSource and, ideally, be distributed with #BinaryTransparency and verified through #ReproducibleBuilds. Oh, and allow other identifiers than just phone numbers (still looking at you, @signalapp - which is otherwise ticking a lot of the right checkboxes).

@Gargron @fdroidorg That is incorrect and the GitHub issue shows it. The F-Droid team asked for .apk files of the Google Play build as it was compliant with F-Droid policy. Not a new flavor.

Mastodon made a change to the version they provided to F-Droid (the GitHub version) that broke policy. F-Droid even went out of their way to tweak policy in Mastodon'a favour to not require complete removal of the in-app updater, just a good explanation.

@jr @Wyndix It is supported in the latest version of the official client. You have to enable it in an expert preference. The guardianproject.info/fdroid repo is also shipped on IPFS.

Help needed: are there any graphic designers who could help create matching #FDroid category images for missing categories? My "quick hack" doesn't really fit: gitlab.com/fdroid/fdroiddata/-

Thanks in advance!

PS: if the same could be done for the additional categories in the #IzzySoftRepo that would be great :awesome:

@iThreepwood @fdroidorg this whole drama actually went down exactly because F-Droid distributed the developer signed version at the beginning, but for this to work, F-Droid needs a reference APK that complies with F-Droid policy, which then in turn became to much work for the Mastodon team to upload, so they asked to get switched to the F-Droid owned signing key.

In other words: F-Droid tries their best, but sometimes upstream developers won't/can't cooperate

@indyradio I don't have DMs in Mastodon, I choose this instance because it does not have them. Email and Matrix are good.

This turning so much work towards this huge focus on locking everything down and limiting things. started out as a much more hackable mobile OS than any major one before it, and that's why it became so popular. Locked down devices have their use cases, like for journalists and whistleblowers. And computing devices should not be easy to abuse. Locking down devices is also useful for maintaining monopolies. All this is also limiting the promise of mobile computing.

Show thread

I see a shift in how people think about in . Now that people are aware of how bad software can be for privacy, I see a lot of pressure to not include useful functions because they might appear to be invading privacy. permissions are a good example: so many people are rightly concerned about location tracking, as represented by location permissions. The first question is ask when seeing a suspicious one is: do I trust that app's people and process to do the right thing?

Show more
image/svg+xml Librem Chat image/svg+xml