Learn how @guardianproject and @torproject are working together to bring Arti, the Rust-based next-gen Tor, to mobile devices https://guardianproject.info/2023/03/04/arti-next-gen-tor-on-mobile/ #orbot #rust #privacy #circumvention #torproject
@mxmehl @fdroidorg ah nice, the export/import workflow should help smooth the process. I'm interested in hearing about how many users find it worth it to do that kind of procedure. It is possible to fully automate it, but would take a chunk of work. A key question is: how many users are not going to update because of this? This will be valuable information as more apps transition to #ReproducibleBuilds in #FDroid
#WireGuard becomes the first VPN app on #FDroid to be built reproducibly! This means that WireGuard on F-Droid is now guaranteed to be 100% (bit-by-bit) equal to the WireGuard the developer builds.
If you're using WireGuard from F-Droid, please export your tunnels and re-install to switch to the developer's signature and continue receiving updates.
More details in the official WireGuard announcement: https://lists.zx2c4.com/pipermail/wireguard/2023-April/008045.html
New to reproducible builds? Check out https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html
πWe recently interviewed Hans-Christoph Steiner ( @eighthave ) of the F-Droid project ( @fdroidorg ) to get their view on @reproducible_builds! π€ Check it out below
πππ
Have you heard about #ReproducibleBuilds? This is one of the biggest #security benefits of #FOSS. On #Android, this technique ensures that the #FDroid version of an app exactly matches the developer's version.
Read our article below for more details and to see how easy it is for developers to get set up:
https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html
π We're growing! Our global #FDroid community is pleased to announce that we now have an official governance plan and a brand-new volunteer Board of Directors. We're excited to work with them to keep improving the leading all #FOSS mobile app catalogue!
It would be nice to have a #homebrew package for https://gitlab.com/fdroid/sdkmanager, I have no access to #macOS, but I can assist. It should be easy, it has very minimal dependencies.
Do you sometimes just want one tool from the #AndroidSDK in a container or VM, and don't want to deal with the whole pain of setting up #Java and everything? Try the #FDroid sdkmanager instead of the official one. For example, `apt-get install sdkmanager` then `sdkmanager platform-tools`. Plus this verifies all packages using `apt-get` style GPG-signed index with SHA256 values. Useful in #research on #Android #malware #tracking etc. In pypi, Debian, Ubuntu, and https://gitlab.com/fdroid/sdkmanager/
Congrats to #matrix co-founder @matthew for rocking the last #DMAWorkshop, there was still quite a bit of buzz about how the live bridging demo carried a ton of weight, despite the lobbying efforts from #Meta, you can see it at around 14:00 in the live stream recording https://webcast.ec.europa.eu/dma-workshop-2023-02-27
#FreeSoftware was almost mentioned at #DMAWorkshop: one key point was that mobile operating systems in 2008 were in a race to get developers. #iOS and #Android were tiny newcomers with no developers. The idea from app stores came from free software and hackers. #Debian APT started in the 90s, #Cydia was on iOS when #Apple was still saying web apps were the only way. And of course, #Android used #OpenSource as a key strategy to get #developers interested in their platform.
It is so disappointing to see @ubuntu reverting to #DarkPatterns and #Microsoft-style fear-mongering to increase sales.
The entire message is designed to make people believe that there are #security updates they're not getting without #UbuntuPro (which as far as I understand is not true). #DeceptiveDesign
CC @beuc @finnmyrstad
The #gatekeepers have huge resources as compared to the regulators, so regulators must be strategic and pool resources. Also, communities based on tracking and reviewing the actions of the #gatekeepers can also play a role here. #Developers know the APIs they have to work with, and can report fishy business. Bloggers can report on key technical details that steer things towards the #gatekeepers. #Hackers can show when things ate technically possible, despite what #gatekeepers say. #DMAWorkshop
So far no mention of #FreeSoftware at the #DMAWorkshop but I guess that's not surprising since it opens with in-app payments as a central topic. It would be great to see free options like #Liberapay and #OpenCollective represented. I was happy to meet @murena here, so I know I'm not alone as an #FLOSS-based implementer.
#DMAWorkshop has started, many more suits than I'm used to. The first interesting insight I gathered in conversation: "sideloading" is a loaded word which serves the monopolists. On other platforms, this is called "installing". Sideloading highlights that there is a main source, and installing outside of that source. Of course, many people don't want to think about the source, but we need choice over which is the main source.
Over the last few months, I put a lot of work into the @fdroidorg app. Here's what's new: https://f-droid.org/en/2023/03/01/new-repo-format-faster-smaller-updates.html
π΅οΈββοΈ Today, the Open Source Programme Office (@EC_OSPO) held a Secrets Management Hackaton for the developers from the πͺπΊ Commission.
The goal was to remove secrets from the internal projects' codes so that more πͺπΊ projects can become #opensource and be shared on http://code.europa.eu.
Has anyone ever setup a multihop #wireguard? How about chaining more than one commercial #VPN provider? If it is easy to setup and fast enough, it could be a nice way to improve privacy without having to entirely trust the provider. https://mullvad.net/en/help/multihop-wireguard/
We have generally avoided recommending #VPN providers for #privacy since it is a thorny proposition, although they are clearly useful for #censorship #circumvention. We recently mapped out what a VPN provider needs to do to gain users' trust https://guardianproject.info/2023/02/28/steps-towards-trusted-vpns/
#DMAWorkshop
I have to observe that the stakeholders who only sent a lawyer to this messaging interoperability workshop are clearly indicating their intent by doing so. The people who want to make it work sent people to talk about solutions.
People, apps and code you can trust