Hans-Christoph Steiner @eighthave@librem.one

@matthew_d_green "differential privacy" is not a privacy tool, in my opinion. It just slightly reduces how bad the privacy issues are, but they are still all there. The privacy must be provided in a different way, like via regulations like #GDPR or health data laws. "Differential privacy" definitely seems to be very valuable as a PR tool to respond to #SurveillanceCapitalism to hide what is really going on.

@daniel of course sandboxes improve #security. It is important to remember that sandboxes by definition are sets of restrictions. If a sandbox only restricts things you don't use, you win. Sandbox restrictions often break features that users want. Since I'm focused on #UserFreedom and #FreeSoftware, I want community control over which restrictions are in place. #Android does not provide that unless you have the skills to hack and make your own ROM, even then its hard. #Debian does provide that.

Want to see a visual example of why #beef and #dairy have such a big #climate impact? Massive amounts of water and resources go to growing cheap alfalfa, which is mostly cattle feed.

https://edition.cnn.com/2022/11/05/us/arizona-water-foreign-owned-farms-climate/index.html

#ACM took another big step towards "transition[ing] to a fully Open Access publisher... under a financially sustainable model". #OpenAccess publishing is clearly the future of disseminating academic, scientific, and medical knowledge. Not so long ago, people were being jailed for opening up access while the publishers were not.

https://cacm.acm.org/news/cacm-is-now-open-access-2/

@olasd @interpipes I understand why DSA would make that choice, I'm not faulting them. My goal is to raise awareness of the advantages and disadvantages of each approach, and to increase user privacy. That requires transparency about what happens with the data and metadata, and commitments from any organizations running the mirrors.

@andydavies @neil I'm looking for actual privacy policies since those would be legally binding and the company could be help liable for violations. I've seen a lot of language like that, it promises little, since it has broad, vague exceptions like "except where explicitly stated in the Documentation and related to the functional performance of the services". Like, if some gov asks nicely for data, would handing it over be considered "functional performance of the services"?

@miyuru Does the AWS mirror have a clearer privacy policy somewhere? That front page is just as minimal as the Fastly one

@andydavies @neil that would be nice, do you have any documentation on that?

The #EuropeanCommission is having workshops to get feedback about making companies that have been designated #gatekeepers comply with the #DigitalMarketsAct. You can register to attend in person or online:

* #Alphabet / #Google https://digital-markets-act.ec.europa.eu/events-poolpage/alphabet-dma-compliance-workshop-2024-03-21

* #Apple https://digital-markets-act.ec.europa.eu/events-poolpage/apple-dma-compliance-workshop-2024-03-18

* all https://digital-markets-act.ec.europa.eu/events

We need more voices for #FreeSoftware and #Privacy present to counterbalance #BigTech and #SurveillanceCapitalism!

#Debian has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, #Fastly. It works well, but also feeds an enormous amount of #metadata to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the #privacy policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

@divested this sounds quite interesting and useful. Is STIR/SHAKEN relevant in places outside of the US and Canada? Also, it seems like this functionality should be built into the OS. Would that make sense?

@orangesunny @fdroidorg We have funding from #NLnet #NGI to do a dev sprint on parallelizing the build infrastructure. We will start before Winter is over. https://gitlab.com/groups/fdroid/-/milestones/7

@r3vilo @fdroidorg If you think its a bug, could you file a bug report on this: https://gitlab.com/fdroid/fdroidclient/-/issues/new

Please provide your Android version, F-Droid version, and which ROM you're running.

@dreua it is indeed a nice feature that the connection is separately maintained from the username. I was responding to the discussion about reusing well known public usernames. For all my public code repos, I use "eighthave". I could claim "eighthave" for Signal then lots of people could easily connect with me via Signal. But then anyone could also send me spam or Pegasus. So I think it was a mistake for Signal to call this a "username" it behaves differently, it is more like an invite link

@mdosch @timbray @element good point, for spammers, they can just generate all the phone numbers. For user names, they can generate all the shorter usernames. I imagine to have a long lived Signal username and avoid spam, it would have to be longer than 16 characters.