Hans-Christoph Steiner @eighthave@librem.one
Joined Aug 2019
@gwagner Victor Gruen, the inventor of the mall who grew up in Vienna, would agree: "...those bastard developments. They destroyed our cities." It is a classic example of someone with an idealistic vision being derailed when they partnered with people who were just in it for the money: https://www.theguardian.com/artanddesign/2022/jun/24/bastard-developments-inventor-world-first-shopping-mall-denounced
He did manage to redeem himself by helping to pioneer the car-free pedestrian zones in #Vienna in the sixties.
@MyWoolyMastadon F-Droid Nearby is actually a different app, it is not the #FDroid client app, it is just the nearby app swapping functionality, nothing else. #GooglePlay does not allow other app stores in.
Crazy #circumvention tool idea: set up #spam #honeypot then mine the emails for #IPFS gateways, which are then automatically shared out to users who have browser plugin installed which unblocks access to anything in IPFS.
@pimterry OTF has been a major funder of #Tor #Signal @guardianproject #FDroid #LetsEncrypt and many other key #FreeSoftware projects. I've applied for and run a number of projects with OTF funding. I can recommend them as a funder. I'm happy to help free software projects get started asking for funding from OTF, #NLnet, and others, especially if it is software that I rely on.
Hans-Christoph Steiner
boosted
Turns out that Web Environment Integrity proposal everybody is getting angry about (imo very legitimately) was effectively already shipped by Apple in Safari last year: https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
That means if Chromium ships it too, we could quickly move to 90%+ of browser traffic being attested. Not good!
@profoundlynerdy @silvereagle Chrome does fare better than Firefox in pwn2own and 0day pricing. Given a chosen target, Chrome is probably harder to break than Firefox. Real world security also means considering targeting. Holders of 0day exploits don't go around exploiting anyone they can, because that's a good way to burn your 0days. They choose targets. That means tracking targets. Firefox provides much stronger tracking protection than Chrome, making it harder for 0days to find their target.
Hans-Christoph Steiner
boosted
#Mozilla has published its position on the "Web Environment Integrity API" proposal put forward by the #Google #Chrome team.
First paragraph: "Mozilla opposes this proposal because it contradicts our principles and vision for the Web."
https://github.com/mozilla/standards-positions/issues/852#issuecomment-1648820747
@fsfe great book! My 10 and 12 year old boys both were quite interested in it, it clicked with them. I even saw them rereading it on their on, without prompting, and referencing it when talking about video games. This book should be in schools!
Hans-Christoph Steiner
boosted
'Ada & Zangemann - A tale of software, skateboards, and raspberry ice cream' book reading
☑️ FrOSCon 2023
🗓️ 6 August
⏰ 10 h
📍HS7
💻 https://programm.froscon.org/2023/events/2986.html
Hans-Christoph Steiner
boosted
"#Google's newest proposed web standard is... #DRM?" -- Google is proposing yet another user-hostile feature and aims to make it an web standard called "Web Environment Integrity API". This lets websites confirm the browser has limitations on what it can do, going against #UserFreedom. The #IETF internet standard RFC 8890 declares "The Internet Is For End Users". Google's API circumvents that.
Thanks to Ron Amadeo for his a concise, cutting analysis:
https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
Hans-Christoph Steiner
boosted
#Google’s nightmare “Web Integrity API” wants a #DRM gatekeeper for the web | #ArsTechnica
Oh, great! Seems we have a 180° turn, and we are now doing the #NetNeutrality 2.0 discussion. Honestly, I always wonder how they think they could possibly implement something like this?
Do they think no one in the tech world will notice and not resist something like this? Do they think this would just result in a 100% conversion rate and every single person would uinstall #Firefox and #Chrome would be the #Netscape of 2023?
Now I understand why they removed the dislike button from #Youtube before they pitched this idea. This is such a #Zuckerberg idea. And the worst part is, he'll probably slap his sticker on this and we'll have this argument again in 6 month's where he'll want to limit the internet to people having VR headsets and being in the #metaverse.
https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
Looks like the latest release of #FDroid, v1.17.0, does not get flagged by #Google, at least in the #Android 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged #targetSdkVersion, but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.
Hans-Christoph Steiner
boosted
reminder that #ETSI is overtly and institutionally #backdooring #standards https://media.ccc.de/v/26c3-3721-de-etsi-vorratsdatenspeicherung_2009
Hans-Christoph Steiner
boosted
What to do about the lack of #DataSkills?
In the iTalks series organised by our iLab, 🔟 experts on #DataLiteracy discussed it with almost 7⃣0⃣0⃣ participants from public sector, academia, and civil society! 👩💻
Missed it? Check the slides & recordings 👉 https://europa.eu/!x98WfB
On the other hand, #MLS includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. #Signal Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/
Hans-Christoph Steiner
boosted
New: NitroPhone MDM For Enterprise #cybersecurity #android https://www.nitrokey.com/news/2023/nitrophone-mdm-enterprise
One big concern I have about #MLS over something like #Signal Protocol is that it makes it so the cost of sending a message to a group of 10 is about the same as sending to a group of 1000 or more. This is the opposite of how physical social interaction works, it is much more effort to speak in front of large groups. This gives advantage to spam, disinfo, trolling, etc. as compared to protocols where the cost linearly increases as the number of users in the group increases. 2/
#MLS Messaging Layer Security has just been officially standardized by the #IETF, this is a great new development, especially in combination with standard protocols like #Matrix and #XMPP. https://blog.phnx.im/rfc-9420-mls/ 1/
@danb @webmink @fdroidorg We have some automated scans for license changes, but we always appreciate when people let us know when they see something. We have a harder problem than say Debian since #Android apps are basically all built using dependencies from #MavenCentral, which doesn't enforce that things published there are #FLOSS. https://f-droid.org/2022/07/22/maven-central.html
Joined Aug 2019
