@fdroidorg @Aliyan A UI overhaul is already underway! It will be released as v1.23. We'll be releasing nightlies and alphas soon, and we are looking for feedback and testing. Follow the development here:
https://gitlab.com/fdroid/fdroidclient/-/milestones/52#tab-merge-requests
fdroidserver v2.3.5 was released to fix issues with `AllowedAPKSigningKeys` when used in specific configurations. More details in the changelog: https://gitlab.com/fdroid/fdroidserver/-/blob/2.3.5/CHANGELOG.md#235---2025-01-20 #FDroid
Michiel Leenaars (our director of strategy) speaks at #FOSDEM about Europe's ambition to increase its digital sovereignty in relation to the #NextGenerationInternet. Despite its contribution to tech sovereignty with over 1300 Free and Open technologies supported, so far #NGI is not in the EU's future plans. Michiel addresses the question: What should our new EU Commissioner for Tech Sovereignty be working on for the next 5 years from the the vantage point of NGI?
https://fosdem.org/2025/schedule/event/fosdem-2025-6508-next-generation-internet-2025-where-next-/
#FOSS
The gig economy is ground zero for the use of experimental algorithms that use workers' own data against them. Leaving workers playing a game that they don’t know the rules to and that the house always wins.
#TimeToDeliverAnswers
There's a "Signal deanonymized" thing going around:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Stay calm. Deep breaths.
👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location
👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as vulnerable
👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.
Reminder: Tech jobs with real impact are rare. At the Sovereign Tech Agency, we work to strengthen digital infrastructure – fostering security, innovation, and resilience to provide a stable foundation for participation and democracy.
You can still apply for our open positions! 📩
In the official release of the #AndroidSDK package "build-tools_r35.0.1_linux.zip", they included what looks like a hand-edited "source.properties" metadata file that is a key part of the "sdkmanager" packaging system:
```
Pkg.UserSrc=false
Pkg.UserSrc=false
Pkg.Revision=35.0.1
#Pkg.Revision=35.0.0 rc4h
```
I mean really? The Android SDK packages are not automatically generated?
@gwagner With Big Oil gaining more power via Trump, it is time for individuals to take responsibility. If you believe in climate change, get rid of your second car, ride a bike, take a train.
It is also time for city and state governments to step up. They have the power to do a lot of the things that Trump wants to stop the Federal Government from doing. And those actions would be out of reach of Trump's executive orders.
We need for community-run, ethical, well-moderated communication platforms more than ever.
I'm sure this is one of the reasons why many folks are joining fedi today. Welcome, glad to see you here! 👋
However:
👉 infrastructure is not free
👉 moderation is hard emotional labor
👉 managing a server takes time and effort
Please consider getting engaged and contributing, if you can. Help moderate your instance. Support your instance financially. Help make fedi sustainable.
@rysiek oh wow, this is awesome! I live somewhere where the Nazis reigned for 7 years, and I have been playing a version of this game with my family for a while now. This quote is prescient these days:
> Nazism has nothing to do with race and nationality. It appeals to a certain type of mind
Fun article
Citizens can only trust the 🇪🇺 digital ID if it’s transparent & gives them control over their data. The @EUCommission must protect users from illegal access to their sensitive information & fix loopholes in the upcoming #eID now! ☔
#eIDAS
https://epicenter.works/en/content/civil-society-demands-eu-commission-must-close-e-id-loopholes
🇪🇺 EU Commission's Microsoft 365 reliance raises privacy alarms!
Internal documents reveal the EU Commission's data privacy concerns over dependency on Microsoft.
Should the EU embrace #opensource to prioritize data sovereignty?
Remember that #Facebook's new name #Meta doesn't really refer to the doomed-from-the-start #Metaverse whim, but its much more important reliance on #metadata as the core business model.
#Instagram, #WhatsApp, and the other "products" are primarily metadata collectors. Who communicates with whom, when, how often, how much, through which types of data; which groups are they members of, how do they interact with them; which posts/articles/products do they read, like, or buy? This metadata is sufficiently detailed that the actual content of "what" somebody sent is no longer important - and therefore it doesn't hurt the business model to provide end-to-end encryption in WhatsApp and (more hesitantly) Facebook Messenger. Or, as Gen. Michael Hayden (ex-NSA) infamously once admitted "We kill people based on metadata" (https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata). And #Meta's metadata collection is much more detailed than the mere phone call/message and email and IP packet records the NSA/CIA/etc. use(d).
That metadata is the basis for targeted advertisement and manipulation of individual and public opinion. That's where the money and the power is, not some silly 3D avatars. So the company name #Meta is, actually, interestingly descriptive and honest about the exploitative business model.
Protect yourselves. Use @torproject, @signalapp, @Mastodon, @pixelfed, and other federated services instead of feeding more into the metadata collection.
@mnalis @IzzyOnDroid It has been years since we let new v1-only APKs into f-droid.org. There are some v1-only APKs there because they have been there for many years. It is one factor we consider when reviewing which APKs should archived.
It is now possible to use #Python as an #ECH client using the DEfO development fork:
https://guardianproject.info/2025/01/10/using-tls-ech-from-python/
I wrote a blog post about using TLS ECH from Python https://guardianproject.info/2025/01/10/using-tls-ech-from-python/
@IzzyOnDroid fdroidserver is fully safe for the tasks it was built for. It has been independently audited as well (we have two more audits coming up). If you have a trusted collection of APKs, then fdroidserver provides the entry point to a trustworthy pipe to the F-Droid client. It cannot protect against malicious upstreams, upstreams losing their signing keys, etc. It cannot fix the deprecated v1 signatures. Require v2+ signatures, and AllowedAPKSigningKeys works with no known weaknesses.
@IzzyOnDroid I'm saying v1 signatures should not be something that anyone relies on any more. Our current thinking is to remove support for v1-only signatures from AllowedAPKSigningKeys because of the weakness of v1 signatures means we cannot provide good security, so it would only provide a false sense of security. For distributing v1-only signed APKs, I'd recommend verifying them via an alternate method other than certificate pinning.
@IzzyOnDroid Since you're investing a lot of effort into AllowedAPKSigningKeys, I highly recommend switching the effort to parsing the signing certificate from v2+ signatures, and away from inspecting the deprecated v1 signatures. Apps with targetSdkVersion 30 or higher entirely ignore v1 signatures, so they are gradually disappearing from use.
Today Mastodon is taking another step towards its founding ideals: independence and non-profit ownership. We're transferring ownership of key assets to a new, European not-for-profit entity, ensuring our mission remains true to a decentralised social web, not corporate control. #MastodonNonProfit
https://blog.joinmastodon.org/2025/01/the-people-should-own-the-town-square/