Hans-Christoph Steiner @eighthave@librem.one

The gig economy is ground zero for the use of experimental algorithms that use workers' own data against them. Leaving workers playing a game that they don’t know the rules to and that the house always wins.
#TimeToDeliverAnswers

https://privacyinternational.org/news-analysis/5510/12-organsations-tell-just-eat-uber-and-deliveroo-time-deliver-answers

There's a "Signal deanonymized" thing going around:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Stay calm. Deep breaths.

👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location

👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as vulnerable

👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.

#Signal #InfoSec

Reminder: Tech jobs with real impact are rare. At the Sovereign Tech Agency, we work to strengthen digital infrastructure – fostering security, innovation, and resilience to provide a stable foundation for participation and democracy.

You can still apply for our open positions! 📩

https://mastodon.social/@sovtechfund/113792992197932834

We need for community-run, ethical, well-moderated communication platforms more than ever.

I'm sure this is one of the reasons why many folks are joining fedi today. Welcome, glad to see you here! 👋

However:
👉 infrastructure is not free
👉 moderation is hard emotional labor
👉 managing a server takes time and effort

Please consider getting engaged and contributing, if you can. Help moderate your instance. Support your instance financially. Help make fedi sustainable.

#NewHere #TikTokRefugee

Citizens can only trust the 🇪🇺 digital ID if it’s transparent & gives them control over their data. The @EUCommission must protect users from illegal access to their sensitive information & fix loopholes in the upcoming #eID now! ☔
#eIDAS
https://epicenter.works/en/content/civil-society-demands-eu-commission-must-close-e-id-loopholes

🇪🇺 EU Commission's Microsoft 365 reliance raises privacy alarms!

Internal documents reveal the EU Commission's data privacy concerns over dependency on Microsoft.

Should the EU embrace #opensource to prioritize data sovereignty?

#EUDataProtection #DigitalPrivacy

https://www.euractiv.com/section/tech/news/internal-documents-reveal-commission-fears-over-microsoft-dependency/

Remember that #Facebook's new name #Meta doesn't really refer to the doomed-from-the-start #Metaverse whim, but its much more important reliance on #metadata as the core business model.

#Instagram, #WhatsApp, and the other "products" are primarily metadata collectors. Who communicates with whom, when, how often, how much, through which types of data; which groups are they members of, how do they interact with them; which posts/articles/products do they read, like, or buy? This metadata is sufficiently detailed that the actual content of "what" somebody sent is no longer important - and therefore it doesn't hurt the business model to provide end-to-end encryption in WhatsApp and (more hesitantly) Facebook Messenger. Or, as Gen. Michael Hayden (ex-NSA) infamously once admitted "We kill people based on metadata" (https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata). And #Meta's metadata collection is much more detailed than the mere phone call/message and email and IP packet records the NSA/CIA/etc. use(d).

That metadata is the basis for targeted advertisement and manipulation of individual and public opinion. That's where the money and the power is, not some silly 3D avatars. So the company name #Meta is, actually, interestingly descriptive and honest about the exploitative business model.

Protect yourselves. Use @torproject, @signalapp, @Mastodon, @pixelfed, and other federated services instead of feeding more into the metadata collection.

It is now possible to use #Python as an #ECH client using the DEfO development fork:
https://guardianproject.info/2025/01/10/using-tls-ech-from-python/

#TLS #EncryptedClientHello

I wrote a blog post about using TLS ECH from Python https://guardianproject.info/2025/01/10/using-tls-ech-from-python/

Today Mastodon is taking another step towards its founding ideals: independence and non-profit ownership. We're transferring ownership of key assets to a new, European not-for-profit entity, ensuring our mission remains true to a decentralised social web, not corporate control. #MastodonNonProfit

https://blog.joinmastodon.org/2025/01/the-people-should-own-the-town-square/

We're starting a sprint to look at all the issues preventing #ReproducibleBuilds in all the apps we ship. Most of the issues are simple fixes in the upstream code, like unsorted outputs or timestamps included in the build.
You can help make the #FreeSoftware #Android ecosystem be more reproducible! See the failures here and help us report them upstream: https://verification.f-droid.org/failed.html

We wrote a blog post about trust and how to have a verified installation of our client.

One such source for the client could be our CLI tool, that recently got the ability to download the F-Droid.apk.

Read more at
https://f-droid.org/2024/12/11/verified-first-time-installs.html

This week in #FDroid (TWIF):

- european-alternatives.eu lists software and apps that come from the EU, some of them are regular guests in our TWIF
- we found a YouTube video about apps that are NOT on a centralized app store
- aTox and UniPatcher were updated again after a long hiatus
- Kodi fixed many bugs
- OsmAnd~ has a lot of new features
- Status, VLC and Zulip were also updated (and 111 more apps)
- MRT Buffy is new and helps you commute in Dhaka

Read more at https://f-droid.org/2024/11/21/twif.html

Happy 37th anniversary of the Max Headroom Incident, to those who celebrate.