Hans-Christoph Steiner @eighthave@librem.one

@andydavies @neil I'm looking for actual privacy policies since those would be legally binding and the company could be help liable for violations. I've seen a lot of language like that, it promises little, since it has broad, vague exceptions like "except where explicitly stated in the Documentation and related to the functional performance of the services". Like, if some gov asks nicely for data, would handing it over be considered "functional performance of the services"?

@miyuru Does the AWS mirror have a clearer privacy policy somewhere? That front page is just as minimal as the Fastly one

@andydavies @neil that would be nice, do you have any documentation on that?

The #EuropeanCommission is having workshops to get feedback about making companies that have been designated #gatekeepers comply with the #DigitalMarketsAct. You can register to attend in person or online:

* #Alphabet / #Google https://digital-markets-act.ec.europa.eu/events-poolpage/alphabet-dma-compliance-workshop-2024-03-21

* #Apple https://digital-markets-act.ec.europa.eu/events-poolpage/apple-dma-compliance-workshop-2024-03-18

* all https://digital-markets-act.ec.europa.eu/events

We need more voices for #FreeSoftware and #Privacy present to counterbalance #BigTech and #SurveillanceCapitalism!

#Debian has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, #Fastly. It works well, but also feeds an enormous amount of #metadata to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the #privacy policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

@divested this sounds quite interesting and useful. Is STIR/SHAKEN relevant in places outside of the US and Canada? Also, it seems like this functionality should be built into the OS. Would that make sense?

@orangesunny @fdroidorg We have funding from #NLnet #NGI to do a dev sprint on parallelizing the build infrastructure. We will start before Winter is over. https://gitlab.com/groups/fdroid/-/milestones/7

@r3vilo @fdroidorg If you think its a bug, could you file a bug report on this: https://gitlab.com/fdroid/fdroidclient/-/issues/new

Please provide your Android version, F-Droid version, and which ROM you're running.

@dreua it is indeed a nice feature that the connection is separately maintained from the username. I was responding to the discussion about reusing well known public usernames. For all my public code repos, I use "eighthave". I could claim "eighthave" for Signal then lots of people could easily connect with me via Signal. But then anyone could also send me spam or Pegasus. So I think it was a mistake for Signal to call this a "username" it behaves differently, it is more like an invite link

@mdosch @timbray @element good point, for spammers, they can just generate all the phone numbers. For user names, they can generate all the shorter usernames. I imagine to have a long lived Signal username and avoid spam, it would have to be longer than 16 characters.

@r3vilo @fdroidorg you should only see this message after your base OS has changed. I wonder if there is a bug somewhere in that logic, since you said your Android version hasn't changed.

@austin @dreua @timbray right, just like with an email address or even a phone number. My point is that people should assume that this Signal username has all the same downsides as other systems with user-selected identifiers and treat it accordingly.

The #DigitalMarketsAct and other #competition actions against #gatekeeper app stores are based on the idea that an app store companies should not "self-preference" their own apps or services. This makes sense to a certain degree, especially when thinking about business. Ethical reasons must also be considered. #FDroid preferences apps based on #FreeSoftware and Anti-Features, which we as a community define. We should always be allowed to preference apps that follow standards of #UserFreedom.

@jlou that doesn't sounds possible to make work. I think it is important to stick to the four freedoms with Free Software. Copyright licenses are not an effective tool for trying to enforce other societal values. Such licenses are more likely to harm the people you're actually trying to help because it means they'll have to get lawyers involved in order to understand how and when they can use software with that license. #GPL means every individual is free to use it without needing legal help