Hans-Christoph Steiner @eighthave@librem.one

@newstik
There is a bunch of metadata that is made available when Signal links your Signal account to your Google device ID (which is needed to send push notifications):
- If your device has a Google account signed in (most do to install Signal from the Play Store) your Signal account will be linked to your Google account
- If you connect your phone to any wifi network, your Signal account will be linked to that wifi's IP address, often revealing your exact location to authorities

@newstik
- If you have any other apps installed that use push notifications, those would be linked to your Google device ID and thus your Signal account as well. Authorities can then link any data they get from those other apps also to your Signal account (and thereby phone number and identity).

Hey! We've been thinking a lot about what's next for the postmarketOS project,
we have a lot of ideas, but we can't do it without your help. We've decided to
join OpenCollective, this makes it possible for us to be financially supported
by and beholden to you - our community.

If you like postmarketOS and want to help us continue on our quest of true
ownership, we would highly appreciate your donations!

More info here 👇

https://postmarketos.org/blog/2023/12/14/pmos-on-oc/

This week in F-Droid (TWIF) was just published.

We have new alpha versions for F-Droid 1.19., and something about the Epic vs. Google trial.

On the app side, we talk about Threema, Xmp Mod Player, Orion Viewer, Transdroid, Minetest and Syncthing-Fork.

Last but not least, we had another 6 added apps, 109 updated apps and one removed app.

https://f-droid.org/2023/12/14/twif-threema-in-fdroid.html

#FDroid

I've just published a blog post on a new sample of Android/BianLian botnet which uses (1) an intentionally bad formed ZIP, and (2) uses a new packer.

https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb

By the way, this will be covered in my @ringzer0 training.

#android #malware #zip #packer #kavanoz #medusa #JEB

🎉 Best News Of The Year! 🎉

Google confirms they will disable uBlock Origin in Chrome in 2024: Finally everyone understands it's time to quit Google. 😎

Here are our favorite browser alternatives:
➡️ https://tuta.com/blog/best-private-browsers

Which one did you pick?

🦊 Firefox
🦆 DuckDuckGo
🕵️ Tor Browser
Mullvad
Pale Moon
Puffin
GNU IceCat
WaterFox
Brave
Hyphanet

Dropbox was caught enabling "Third-party AI" as an opt-out default to all user accounts.
Meanwhile users were deeply uninformed of the changes..

This is our new world: If your privacy matters, keep your data yours!

Our friends @arstechnica explore the debacle:

https://arstechnica.com/information-technology/2023/12/dropbox-spooks-users-by-sending-data-to-openai-for-ai-search-features/

The jury in Epic v. Google has delivered its verdict — and it found that Google turned its Google Play app store and Google Play Billing service into an illegal monopoly.

https://www.theverge.com/23994174/epic-google-trial-jury-verdict-monopoly-google-play

Also need to address Apple’s monopoly too. https://www.gov.uk/cma-cases/investigation-into-apple-appstore

https://ec.europa.eu/commission/presscorner/detail/es/ip_20_1073

Google verliert App-Store-Prozess gegen Fortnite-Macher Epic

Im Rechtsstreit mit dem Spieleentwickler Epic hat Google eine Niederlage erlitten. Der Internet-Riese betreibe mit seinem App-Store ein illegales Monopol, so das Gericht. Das Urteil könnte branchenweite Folgen haben.

➡️ https://www.tagesschau.de/wirtschaft/google-epic-app-store-100.html?at_medium=mastodon&at_campaign=tagesschau.de

#Monopol #Google #Epic #Fortnite #AppStore #PlayStore

In addition, we strongly advise developers to encrypt their push notifications, recommending #WebPush (following RFC 8291, forget about this draft abandoned 7 years ago!) or to adopt a sync-on-push strategy (which is what Signal does).

"Trust us", the FBI keeps saying.

Yet, they spy on your private messages without a warrant.

#Fight4Privacy & stop Section 702.

While Tuta is not impacted, this is such a bad law that everyone must take action now! 💪
➡️https://act.eff.org/action/tell-congress-they-must-defeat-hpsci-s-horrific-surveillance-bill

Share to help us #StopTheNDAA

Sehr schick: die Nachtzugkarte. Interaktiv mit (vermutlich) allen Nachtzug-Linien in Europa.

https://nachtzugkarte.de

@stf because it's more than time to stop depending on Microsoft Pages (tm)? #Codeberg #sourcehut

This week in F-Droid (TWIF) was just published.

We have new mirrors and some news about Simple Mobile Tools.
Also, we wrote about DiskUsage, Sithakuru and Karma Firewall.

https://f-droid.org/en/2023/12/07/twif.html

#FDroid

We are pleased to announce the new 27M€ NGI0 commons fund project let by @nlnetfdn that will support hundreds of new projects and innovators driving a human-centric internet. The innovators will be supported by a strong consortium comprising: @OpenForumEurope
APELL
Swiss chapter of the @internetsociety
@ow2
@fsfe
@ros @fsi
Tolerant Networks
HAN University
@APC
@techcultivation
Commons Caretakers
@nixos_org
#OpenSource

We invite you to nominate a FOSS project for the Bluehats prize. There are four prizes of €10.000 each, to be spent freely.

Bluehats are civil servants who promote the use and development of Free Software in public administrations.

The French public administration has established the Bluehats prize for maintainers of critical Free Software. To be eligible the software must be in use by at least one agency of the French administration.

https://nlnet.nl//bluehatsprize/2024/

Seems google/apple's push notifications services are regularly queried by state authorities for obtaining user data -- see this german #netzpolitik article https://netzpolitik.org/2023/push-dienste-behoerden-fragen-apple-und-google-nach-nutzern-von-messenger-apps/ --
#deltachat only uses apple's push notifications on iOS for "heartbeat" services -- otherwise it's too hard to ensure the app can show messages for their user (and many users are asking for tighter integration). On Android and Desktop platforms no push notifications are used or needed, also no heartbeat ones.