The first fully merged, audited and shipped bit of code from our https://defo.ie project is Hybrid Public Key Encryption (#HKPE RFC9180), it has been shipped by #OpenSSL https://www.openssl.org/blog/blog/2023/10/18/ossl-hpke/ It is a building block for #EncryptedClientHello #ECH and #MessagingLayerSecurity #MLS, providing standard methods for using public key cryptography to encrypt arbitrary blocks of data.
For anyone who is interested in implementing #TLS Encrypted ClientHello (#ECH), we have set up a new public room: https://matrix.to/#/#ech-dev:matrix.org or irc://irc.oftc.net/ech-dev
Mozilla is ringing the alarm bell on a dangerous EU regulation.
@calyxinstitute's #CalyxOS developers did some review of their #Android-based project and found no leaks:
https://gitlab.com/CalyxOS/calyxos/-/issues/1947
I wonder if #GooglePlay uses the deobfuscation data in the "mapping.txt" file in the app review process? It would bring the binary code a bit closer to being more readable like source code. Their documentation only mentions crash reports as a use case:
https://support.google.com/googleplay/android-developer/answer/9848633
Willkommen bei #ORFodon!
Der @ORF_News Bot hat jetzt seine eigene Instanz und eine Menge neuer Funktionen. Die Sparten und Bundesländernachrichten haben jetzt ihre eigenen Konten und dementsprechend ist eine viel flexiblere Filterung der Nachrichten und Beiträge des #ORF möglich.
Um Mehrfachbeiträge zu vermeiden, boosten die Kanäle einander.
Der Dienst wird weiterhin inoffiziell und privat betrieben.
Viel Spaß!
Weitere Informationen:
https://orfodon.org/about
austrian public broadcaster is on the fediverse, in case you are into monitoring int'l news: https://orfodon.org/@ORFodon/111375092254666650
Looks like #Google's keeping the #DRM "Web Integrity API" alive in the #Android WebView, despite widespread disapproval for the "Web Integrity API" as a web standard. https://arstechnica.com/google/2023/11/google-kills-web-integrity-drm-for-the-web-still-wants-an-android-version/
Apparently #iPhone's #WiFi MAC privacy protection never really worked as released in 2020, they apparently just fixed it in 17.1 after years of touting this privacy protection.
https://arstechnica.com/security/2023/10/iphone-privacy-feature-hiding-wi-fi-macs-has-failed-to-work-for-3-years/
#Microsoft #Apple #Google etc have massive piles of "cash on hand". They are supposed to be innovative companies which hire as much talent as they can, so something is clearly wrong with this picture. Lots of skilled people also have morals, and want to build things they believe are beneficial and #ethical. So many developers would rather work on things they believe in and are willing to get paid a fraction of what they could earn: so they reject working for #BigTech
It makes me happy to read that #Amazon's #drone delivery program is barely functional. It would be such a nightmarish thing if it ever caught on. All that buzzing noise, drones falling out of the sky when they hit things like birds, ever more resources used for unnecessary delivery. Its like flying cars and space tourism; oligarchs like #Bezos keep investing in these ideas while ignoring the hard technical realities as well as the well being of most people on this planet
https://news.yahoo.com/look-sky-soup-155037137.html?guccounter=1
This #GDPR complaint against #YouTube for illegally gathering user data with explicit consent gives me a lot of optimism that it is possible to defeat the "free" #tracking business models and bring back real freedom in media distribution to the internet. Paying with your data and privacy gives the illusion of freedom when getting media on the internet. These regulations will pop that bubble if the #EU actually enforces them.
https://www.theregister.com/2023/10/26/privacy_advocate_challenges_youtube/
It looks like the future of mobile #malware is exploiting messenger apps. #NSOGroup #Pegasus has clearly demonstrated it is possible to silently exploit and own devices via messenger apps. Now #ransomware gangs have a proven pattern to follow with their millions for dev budgets. And it could spread from there. Could it be that this becomes a bigger threat than install by #sideload?
I wonder why they stopped publishing this report in 2018? Since then, they have implemented and rolled out a number of key #security features in #Android that make installing outside of #GooglePlay a lot safer. I think the changes to "Unknown Sources" improved both the user experience and the security of the platform. I would have thought they would want to advertise that.
#ArsTechnica just posted a pointer to a bit of related data:
"Google hasn't published detailed stats about the dangers of sideloading in a while, but in 2018, it used to publish yearly security reports with statistics on malware installation sources. Back then, Google found that 0.04 percent of all downloads from the Google Play Store were "PHAs" (potentially harmful apps), while sources "Outside of Google Play" had a 0.92 percent PHA install rate."
For example, the biggest #mobile #malware incident that I know about remains #XCodeGhost https://en.wikipedia.org/wiki/XcodeGhost, which got into over 4000 apps, which all passed #Apple's review and were shipped by the Apple App Store. All told, those apps were installed 128 million times. Another measure is #NSOGroup #Pegasus which seems to have maintained zero click access to #Android and #iOS for years. That is spread by exploiting messenger apps, not by #AppStore or "sideloading" 3/
Google and Apple provide data about the malware they catch in their app store review processes. Both of them talk about "sideloading" as a security risk. Notably, neither Apple nor Google provide data on how much malware comes from outside of their app stores. Nor do they provide data-based analysis of which is the bigger threat: malware that makes it into their app stores or from other channels. They have this data, they track installs and active apps plus there is #PlayProtect #XProtect etc 2/
While all software has security issues, the irresponsible behavior of Microsoft shows why anti-trust action is needed to reduce the stranglehold the big tech firms have over the cloud computing market. Without external pressure, companies tend to hide rather than fix problems. https://arstechnica.com/security/2023/08/microsoft-cloud-security-blasted-for-its-culture-of-toxic-obfuscation/ #security #bigtech #oversight
In my work with #FDroid I've discussed our work with gov regulators for South Africa, UK, EU and Japan as well as competition litigators from multiple US States and the EU. From this, I'm starting to see a picture of #Apple's and #Google's semi-related strategies of making "sideloading" (installing apps outside of their #gatekeeper control) look bad as a way to keep their monopolies in the face of #DMA and other regulatory actions. I'm still looking for data about the actual real world risks 1/