Show more

@jaschop I agree there needs to be better funding models, that's very difficult to establish given the cartel nature of the current copyright regimes. This handful of large copyright corporations have managed to buy lasting influence in so many governments.

Its frustrating to see how deeply cartels have infiltrated our culture, that people call making cost-free digital copies "theft" even in countries where it is fully legal to do so. It is not even "copyright infringement" if it is not against the local copyright laws. And yes, unlike laws about theft, copyright laws vary widely around the world. I've always liked "Copying Is Not Theft" has an illustration of the difference yewtu.be/watch?v=IeTybKL1pM4

I still don't get why or do not allow devs to give source when uploading apps for review. It makes review tasks much easier and more reliable, as we've seen with 's review. Would it scare the app devs too much? Are they more interested in cheap "window dressing" reviews than actually catching things? It is hard not to see bias since both are getting lots of money from apps they are policing.
For example
arstechnica.com/gadgets/2023/0 1/

@rene_mobile I can't think of a technical measure to detect any compromise, but it would surely be possible to detect compromise using other evidence. For example, someone suspects foul play, they ask group members they trust to let their devices be forensically inspected. Then any differences between the group transcripts should be clear upon visual inspection, and probably provable based on an export of Signal history from the devices. This kind of investigation caught NSO's

@rene_mobile In theory, it sounds great. I'm still curious to see how much it will affect real world communications. I haven't really heard about exploits to Signal's lack of Group Integrity.

@gwagner Victor Gruen, the inventor of the mall who grew up in Vienna, would agree: "...those bastard developments. They destroyed our cities." It is a classic example of someone with an idealistic vision being derailed when they partnered with people who were just in it for the money: theguardian.com/artanddesign/2

He did manage to redeem himself by helping to pioneer the car-free pedestrian zones in in the sixties.

@mark22k yeah me too, that's the hard part. We want to make it easy for users stuck on to escape. That means making things work well on Google devices.

@MyWoolyMastadon F-Droid Nearby is actually a different app, it is not the client app, it is just the nearby app swapping functionality, nothing else. does not allow other app stores in.

Crazy tool idea: set up then mine the emails for gateways, which are then automatically shared out to users who have browser plugin installed which unblocks access to anything in IPFS.

@pimterry OTF has been a major funder of @guardianproject and many other key projects. I've applied for and run a number of projects with OTF funding. I can recommend them as a funder. I'm happy to help free software projects get started asking for funding from OTF, , and others, especially if it is software that I rely on.

Turns out that Web Environment Integrity proposal everybody is getting angry about (imo very legitimately) was effectively already shipped by Apple in Safari last year: httptoolkit.com/blog/apple-pri

That means if Chromium ships it too, we could quickly move to 90%+ of browser traffic being attested. Not good!

@profoundlynerdy @silvereagle Chrome does fare better than Firefox in pwn2own and 0day pricing. Given a chosen target, Chrome is probably harder to break than Firefox. Real world security also means considering targeting. Holders of 0day exploits don't go around exploiting anyone they can, because that's a good way to burn your 0days. They choose targets. That means tracking targets. Firefox provides much stronger tracking protection than Chrome, making it harder for 0days to find their target.

#Mozilla has published its position on the "Web Environment Integrity API" proposal put forward by the #Google #Chrome team.

First paragraph: "Mozilla opposes this proposal because it contradicts our principles and vision for the Web."

github.com/mozilla/standards-p

@fsfe great book! My 10 and 12 year old boys both were quite interested in it, it clicked with them. I even saw them rereading it on their on, without prompting, and referencing it when talking about video games. This book should be in schools!

'Ada & Zangemann - A tale of software, skateboards, and raspberry ice cream' book reading

☑️ FrOSCon 2023
🗓️ 6 August
⏰ 10 h
📍HS7
💻 programm.froscon.org/2023/even

#SoftwareFreedom #FreeSoftware

"'s newest proposed web standard is... ?" -- Google is proposing yet another user-hostile feature and aims to make it an web standard called "Web Environment Integrity API". This lets websites confirm the browser has limitations on what it can do, going against . The internet standard RFC 8890 declares "The Internet Is For End Users". Google's API circumvents that.

Thanks to Ron Amadeo for his a concise, cutting analysis:
arstechnica.com/gadgets/2023/0

#Google’s nightmare “Web Integrity API” wants a #DRM gatekeeper for the web | #ArsTechnica

Oh, great! Seems we have a 180° turn, and we are now doing the #NetNeutrality 2.0 discussion. Honestly, I always wonder how they think they could possibly implement something like this?

Do they think no one in the tech world will notice and not resist something like this? Do they think this would just result in a 100% conversion rate and every single person would uinstall #Firefox and #Chrome would be the #Netscape of 2023?

Now I understand why they removed the dislike button from #Youtube before they pitched this idea. This is such a #Zuckerberg idea. And the worst part is, he'll probably slap his sticker on this and we'll have this argument again in 6 month's where he'll want to limit the internet to people having VR headsets and being in the #metaverse.

arstechnica.com/gadgets/2023/0

#infosec #webintegrity #security

Looks like the latest release of , v1.17.0, does not get flagged by , at least in the 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged , but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.

Show thread
Show more
image/svg+xml Librem Chat image/svg+xml