Guardian Project @guardianproject@librem.one

Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now

https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889

@eb I really hope that this causes an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html

In collaboration with @fdroidorg, the @fsfe prepared a study for the Japanese Competition Authority HDMC on how Apple's plans to comply with the #DMA represent a risk for #FreeSoftware and #DeviceNeutrality.

Key recommendations: 👇
- Full and unfettered side-loading
- No distribution via DRM encryption
- No residency or credit requirements for
3rd party app stores
- No interoperability request forms
- More competition on trustworthiness

https://download.fsfe.org/device-neutrality/fsfe-apple-report-final.pdf

#Sideloading apps and using alt stores like #Flathub is a major feature of elementary OS and a competitive edge over closed platforms that only let you install apps from a locked down store. In this release we’ve made several improvements to smooth out the experience of using alt stores based on your feedback and the latest #CrossPlatform standards.

Just in case you're wondering why #Apple & #Google etc. are such jerks about implementing #DMA, here are some numbers:

* play store revenue 2019: $ 11.2 Billion
https://www.reuters.com/technology/google-play-app-store-revenue-reached-112-bln-2019-lawsuit-says-2021-08-28/
* apple appstore revenue 2021: $ 85.1 Billion
https://www.statista.com/statistics/296226/annual-apple-app-store-revenue/
* apple app store made more money on games alone in 2019 than nintendo, microsoft and sony combined
https://www.techspot.com/news/91577-apple-reportedly-made-more-money-games-2019-than.html

Today: #DMA compliance workshop with #Alphabet/#Google :)

While Alphabet seems to be better in terms of the new #browser & #search choice screens, they have a strange view regarding their new obligation to allow un-installing pre-installed apps like #PlayStore or #Gmail:

Alphabet's lobbyists argue un-install and remove are two different things and as the #DigitalMarketsAct's Art 6(3) only mandates un-install but not removal, the current "deactivation" feature in Android would be enough. 🤔

EU antitrust chief Margrethe Vestager called out Apple’s proposed core technology fee for what it is: a way to protect its monopoly instead of actually complying with the Digital Markets Act.

“…if the new Apple fee structure will de facto not make it in any way attractive to use the benefits of the DMA. That kind of thing is what we will be investigating.”

https://www.reuters.com/technology/eus-vestager-warns-about-apple-meta-fees-disparaging-rival-products-2024-03-19/

#DMA

#Google said it has no involvement of OEM's including app stores by default. To ship an #GooglePlay device, it has to comply with secret NDA'd "GMS Compliance", which requires OEMs to justify to Google pre-installed app store needs to access the same APIs that Play uses to install and uninstall apps. Somehow, I don't think Google will stop requiring OEMs be granted permission by Google to include the app stores of their choosing.

#DMA #DigitalMarketsAct

#Google desparately wants to limit the scope of the #DMA as much as possible, and wants the European Commission that #GooglePlayServices is not part of the operating system, even though users cannot uninstall it. Google is even working to change the definition of "uninstall" so that it means the same as what #Android currently calls "disabling". Even Google Play itself will entirely delete the app when users click "uninstall" except of course for the stuff where Google prevents uninstallation.

It looks like #Apple is using salami tactics with the @EU_Commission on #DMA compliance, giving up tiny slices in hope that might sway (and shut up) the regulator and the public.

I sincerely hope the Commission's enforcement team is not being fooled by this.

#DigitalMarketsAct #competition #appstore #appfreedom #foss
Source: #PoliticoPro newsletter

I'm sitting in the @EU_Commission #DMA compliance workshop for #Apple right now and as much as I appreciate the format, it's frustrating to see that Apple is the only party on the panel and in addition has its proxies like #CCIA and the #AppAssociation #ACT in the audience that are allowed to ask convenient questions and steer the discussion in Apple's interest.

#DigitalMarketsAct #competition #appfreedom #deviceneutrality #foss

At the #europeancommission‘s #Apple #DMA Enforcement Workshop today!

With today's votes on #CRA and #PLD on the introduction of liability rules for software, a broad exception for #FreeSoftware was made, so that after long and intense debates individual developers and non for profit work are safeguarded.

https://fsfe.org/news/2024/news-20240312-01.html #SoftwareFreedom

Tor Browser 13.0.11 is now available as an emergency release which updates our the domain fronting configuration for the Snowflake pluggable transport and the moat connection to the rdsys backend used by the censorship circumvention system. ⬇️ Learn more: https://blog.torproject.org/new-release-tor-browser-13011/

@matthew_d_green "differential privacy" is not a privacy tool, in my opinion. It just slightly reduces how bad the privacy issues are, but they are still all there. The privacy must be provided in a different way, like via regulations like #GDPR or health data laws. "Differential privacy" definitely seems to be very valuable as a PR tool to respond to #SurveillanceCapitalism to hide what is really going on.

A thing I worry about in the (academic) privacy field is that our work isn’t really improving privacy globally. If anything it would be more accurate to say we’re finding ways to encourage the collection and synthesis of more data, by applying a thin veneer of local “privacy.”

The #EuropeanCommission is having workshops to get feedback about making companies that have been designated #gatekeepers comply with the #DigitalMarketsAct. You can register to attend in person or online:

* #Alphabet / #Google https://digital-markets-act.ec.europa.eu/events-poolpage/alphabet-dma-compliance-workshop-2024-03-21

* #Apple https://digital-markets-act.ec.europa.eu/events-poolpage/apple-dma-compliance-workshop-2024-03-18

* all https://digital-markets-act.ec.europa.eu/events

We need more voices for #FreeSoftware and #Privacy present to counterbalance #BigTech and #SurveillanceCapitalism!

#Debian has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, #Fastly. It works well, but also feeds an enormous amount of #metadata to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the #privacy policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

Message from our Board of Directors:

Nominations are now open for the F-Droid board of directors!

https://f-droid.org/2024/02/28/help-advance-mobile-device-user-freedom-nominate-candidates-for-the-f-droid-board-of-directors.html

#FDroid