All you need to know about #oil & #climate is the Saudis opening the spigot by another 1m barrels/day last week, and Putin getting the royal treatment in Abu Dhabi today, all while Dubai is hosting #COP28
https://www.axios.com/2023/12/06/oil-production-biden
Upcoming releases of F-Droid will change how repositories are added. We are interested in feedback about this overhaul.
Please tell us (if you already have the latest F-Droid or F-Droid Basic 1.19.0-alpha installed):
* Does adding repos still work for you?
* And did adding repos became easier or harder?
If you don't have 1.19.0 yet: Note that this is still in beta, so brave users need to install this manually (enable Beta updates for the app or from Client expert settings).
@U039b yeah, that's understandable. If there is any subset that you would like to receive, we could look into implementing that. For example, new releases for a specific app or a handful of apps.
We hit a major new milestone our DEfO partnership project to accelerate adoption of #TLS Encrypted ClientHello (#ECH): Stephen Farrell made a pull request to #OpenSSL with a complete, working implementation: https://github.com/openssl/openssl/pull/22938
Google's war on ad-blockers continues! Google will slow down the update process for third-party extensions by requiring them to be reviewed by the Chrome Web Store. 🚫
This means YouTube can counter ad-blockers while slowing their release of workarounds. 🤢
This David and Goliath situation looks to be even more unbalanced than previously thought.
👉 https://tuta.com/blog/google-search-monopoly
@fennek @fdroidorg F-Droid is alive and well, but unfortunately the Community Council did not get off the ground. We'll still be moderating our forums of course, and welcome volunteers interested in helping there. I wish the two that left well, they both have contributed a lot.
Delta chat and end-to-end encryption https://f-droid.org/en/2023/11/30/twif-delta-chat-e2e-encryption.html
@U039b FYI it should be possible for MITMproxy or things like it to work with ECH, but they will need to intercept the DNS and know how to process HTTPS RR types.
@U039b For HTTP that would require things work without the Host: header, I wonder if any CDNs would use the domain name from ClientHelloInner if Host: was missing?
@U039b ECH just affects ClientHello, the rest of the TLS session should remain the same. If the ClientHelloInner cannot be decrypted, then the actual domain name remains hidden. That could be important with CDNs, e.g. is the client app connecting to badtracker.com or cloudflare-ech.com? In that case, it might be possible to get the domain name by MITMing the DNS but not guaranteed. The client could store IP addresses to avoid leaking DNS to avoid detection. I think Facebook's app does this.
@U039b interesting, nice approach. Have you looked at how to do that with #ECH? It uses a new public key that is generated using https://www.rfc-editor.org/rfc/rfc9180.html
Also, will that work with apps that use #SafetyNet etc so they refuse to run on rooted devices? It seems for those apps, we still need a way to use something like #MITMproxy, e.g. inserting a custom CA cert. But the ECH key is not related to any CA cert.
If you have detailed questions about ECH, please ask here or on https://matrix.to/#/#ech-dev:matrix.org
@eighthave It is one of the many reasons why in PiRogue Tool Suite we decided to use another technique enabling TLS traffic decryption. Instead of using MITM proxy, we retrieve encryption keys directly from the device's memory: https://pts-project.org/guides/g8/#tls-traffic-decryption-techniques
One thing about #EncryptedClientHello (#ECH) that I'm a little worried about is that it will make #MITM inspection of #TLS traffic harder to the point where it might restrict lots of important kinds of inspection. When the software we use is not #FreeSoftware, then we cannot see what it is doing by reading the source code. We need to inspect the network traffic. So it is very important that it is possible to inspect traffic that uses ECH as well, despite that middleware companies will abuse this
#EncryptedClientHello (#ECH) plus private DNS will enable a nice privacy improvement in combination with a VPN: set the DNS nameserver to something other than the VPN provider's nameserver. For ECH-enabled sites, the VPN provider sees your IP and connections to the CDN. The CDN and the DNS nameserver sees the VPN's IP.
* VPN sees who (account, personal IP, etc.) and what (CDN)
* CDN sees where (domain name)
* DNS sees where (domain name)
Before ECH, the VPN could see who, what, and where
🕵️ 🇨🇳 In #China, social media platforms #Weibo, #WeChat, #Douyin, #Zhihu, #Xiaohongshu, and #Kuaishou now require users to reveal their real names to the public. People are quitting as a result.
https://restofworld.org/2023/weibo-legal-display-name-influencers/
#WhatsApp is not a messenger, it really had become the next generation of #Facebook. It has all the pieces in place: masses of users, massive groups where anyone can join, #advertising, etc. The only real difference is that they have to put some of the logic in the client app, because servers see message #metadata, but not content.
As a company, Facebook only knows how to do #SurveillanceCapitalism so it is no wonder that they turn everything into #addictive spying machines to #track us.
@drwhax Sounds like a christmas cactus?
@Werhaus What is relatively new is that masses of people followed the same stupid route all while #tiktok-ing and #instagram-ing away about it. The police had to physically block the route to stop the sheeple stream