@unifiedpush have you considered applying for a grant from #NLnet? I'd be happy to help with the process https://nlnet.nl/commonsfund/
@Codeberg as part of https://defo.ie, we are assisting free software projects of all kinds to implement #EncryptedClientHello (#ECH). This would hide the domain that users are connecting to, e.g. codeberg.org, *.codeberg.page, etc. If you are interested, let me know and I'll see what we can do to help.
Sehr schick: die Nachtzugkarte. Interaktiv mit (vermutlich) allen Nachtzug-Linien in Europa.
@stf because it's more than time to stop depending on Microsoft Pages (tm)? #Codeberg #sourcehut
#FDroid is consistently growing in its bandwidth usage over the years, as shown by this stats graph from the #UniFAU mirror. Interesting to see the short downward section when we added new official mirrors in April and November.
Thanks @FAU for the mirror, the bandwidth, and the stats! https://ftp.fau.de/cgi-bin/show-ftp-stats.cgi
This week in F-Droid (TWIF) was just published.
We have new mirrors and some news about Simple Mobile Tools.
Also, we wrote about DiskUsage, Sithakuru and Karma Firewall.
We are pleased to announce the new 27M€ NGI0 commons fund project let by @nlnetfdn that will support hundreds of new projects and innovators driving a human-centric internet. The innovators will be supported by a strong consortium comprising: @OpenForumEurope
APELL
Swiss chapter of the @internetsociety
@ow2
@fsfe
@ros @fsi
Tolerant Networks
HAN University
@APC
@techcultivation
Commons Caretakers
@nixos_org
#OpenSource
We invite you to nominate a FOSS project for the Bluehats prize. There are four prizes of €10.000 each, to be spent freely.
Bluehats are civil servants who promote the use and development of Free Software in public administrations.
The French public administration has established the Bluehats prize for maintainers of critical Free Software. To be eligible the software must be in use by at least one agency of the French administration.
Seems google/apple's push notifications services are regularly queried by state authorities for obtaining user data -- see this german #netzpolitik article https://netzpolitik.org/2023/push-dienste-behoerden-fragen-apple-und-google-nach-nutzern-von-messenger-apps/ --
#deltachat only uses apple's push notifications on iOS for "heartbeat" services -- otherwise it's too hard to ensure the app can show messages for their user (and many users are asking for tighter integration). On Android and Desktop platforms no push notifications are used or needed, also no heartbeat ones.
"Unidentified governments are surveilling smartphone users via their apps' push notifications".
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
#Push services from #Google and #Apple are used in many messaging apps, letting those companies see a lot of about what the users are doing on their #mobile devices. It is clearly a rich source of #metadata with huge #privacy concerns.
Been a good day in #Brussels. Attending the #DigitalCompetitionDay event.
I believe that the Digital Markets Act (#DMA), has the potential to make a significant difference.
Explained a bit what I have experienced over the years with #Microsoft , #Apple and #Google.
Talked about the importance of not leaving holes through not designating products, such as #edge
Talked about the importance of regulating use of data. Data may be the new oil and oil is ruining the planet. We can allow use of data for services, without saying that the data can be used for profiling and marketing as well!
Got great feedback, so happy about that.
All you need to know about #oil & #climate is the Saudis opening the spigot by another 1m barrels/day last week, and Putin getting the royal treatment in Abu Dhabi today, all while Dubai is hosting #COP28
https://www.axios.com/2023/12/06/oil-production-biden
Upcoming releases of F-Droid will change how repositories are added. We are interested in feedback about this overhaul.
Please tell us (if you already have the latest F-Droid or F-Droid Basic 1.19.0-alpha installed):
* Does adding repos still work for you?
* And did adding repos became easier or harder?
If you don't have 1.19.0 yet: Note that this is still in beta, so brave users need to install this manually (enable Beta updates for the app or from Client expert settings).
We hit a major new milestone our DEfO partnership project to accelerate adoption of #TLS Encrypted ClientHello (#ECH): Stephen Farrell made a pull request to #OpenSSL with a complete, working implementation: https://github.com/openssl/openssl/pull/22938
Google's war on ad-blockers continues! Google will slow down the update process for third-party extensions by requiring them to be reviewed by the Chrome Web Store. 🚫
This means YouTube can counter ad-blockers while slowing their release of workarounds. 🤢
This David and Goliath situation looks to be even more unbalanced than previously thought.
👉 https://tuta.com/blog/google-search-monopoly
Delta chat and end-to-end encryption https://f-droid.org/en/2023/11/30/twif-delta-chat-e2e-encryption.html
@eighthave It is one of the many reasons why in PiRogue Tool Suite we decided to use another technique enabling TLS traffic decryption. Instead of using MITM proxy, we retrieve encryption keys directly from the device's memory: https://pts-project.org/guides/g8/#tls-traffic-decryption-techniques
One thing about #EncryptedClientHello (#ECH) that I'm a little worried about is that it will make #MITM inspection of #TLS traffic harder to the point where it might restrict lots of important kinds of inspection. When the software we use is not #FreeSoftware, then we cannot see what it is doing by reading the source code. We need to inspect the network traffic. So it is very important that it is possible to inspect traffic that uses ECH as well, despite that middleware companies will abuse this
#EncryptedClientHello (#ECH) plus private DNS will enable a nice privacy improvement in combination with a VPN: set the DNS nameserver to something other than the VPN provider's nameserver. For ECH-enabled sites, the VPN provider sees your IP and connections to the CDN. The CDN and the DNS nameserver sees the VPN's IP.
* VPN sees who (account, personal IP, etc.) and what (CDN)
* CDN sees where (domain name)
* DNS sees where (domain name)
Before ECH, the VPN could see who, what, and where