Guardian Project @guardianproject@librem.one

If you want to try ECH (Encrypted ClientHello), the next generation of #TLS, you can use #Firefox nightlies and our test fork of #FDroid that forces an ECH connection to a mirror of f-droid.org hosted on Cloudflare: https://f-droid.org/packages/ie.defo.ech_apps/

If you are a developer who has posted on public mailing lists, watch out for spearphishing replies to your posts https://guardianproject.info/2022/02/23/spearphishing-for-developers/

For anyone looking to run a full fledged circumvention system, we're working to bring #Greatfire's proven software to any context, starting with https://github.com/greatfire/envoy

User accounts are so often a method of tracking users, yet they are not a requirement for running most internet services. #FDroid #Jitsi #CleanInsights #Wikipedia #Briar #FirefoxFocus all provide shining examples of working without accounts. https://f-droid.org/2022/02/28/no-user-accounts-by-design.html

"EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impact Google's, Amazon's and Microsoft's online advertising businesses."

https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europes-consent-popups-are-unlawful/

#ICCL

#Munich regional court finds embedding Google Fonts in a website violates #GDPR, "legitimate interest" did not apply since the fonts can easily be directly integrated into their website, thereby avoiding sending IP addresses to #Google.

https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html

Some of the #GuardianProject team will be at #IETF 113 in Vienna, it'll be good to see people in person again!

Registration for #IETF113 (19-24 March 2022) is now open. Sign up to participate in and read all the details about the first-ever hybrid IETF meeting: https://ietf.org/blog/113-registration-open/

The US State Dept's "Global Internet Freedom" funds (#OpenTechFund #StateDRL #USAGM and more) now require #OpenSource: section 7050, "Funds... may only be made available to support open-source technologies that undergo comprehensive security audits...".

https://www.congress.gov/bill/117th-congress/house-bill/4373/text?q=%7B%22search%22%3A%5B%22Department+of+State%2C+Foreign+Operations%2C+and+Related+Programs+Appropriations+Act%22%2C%22Department%22%2C%22of%22%2C%22State%2C%22%2C%22Foreign%22%2C%22Operations%2C%22%2C%22and%22%2C%22Related%22%2C%22Programs%22%2C%22Appropriations%22%2C%22Act%22%5D%7D&r=1&s=8#H33E670CAB846443F906B4EE722D7E91C

With #Debian, it is now possible to get all updates from official HTTPS sources. In combination with other work from the apt developers, this improves privacy and provides backup security https://guardianproject.info/2021/12/08/debian-over-https/

The FBI produced this nice chart comparing what kinds of privacy leaks the various messaging apps have.

https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/

Our first build of Conscrypt which includes the next version of #TLS known as #ECH (Encrypted ClientHello) is now available for Android and Java:

implementation 'info.guardianproject.conscrypt:conscrypt-android:2.6.alpha1638179154.job1828169525'
https://github.com/google/conscrypt/issues/730

One of the hazards of #TLS #ECH is that a deployment could end up leaking as much information as a non-ECH TLS connection if the ECH Config in DNS is only associated with a given domain. https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/#focusing-on-deployability

#Android apps can track users based on their wallpaper: https://lwn.net/Articles/873921/ https://fingerprintjs.com/blog/how-android-wallpaper-images-threaten-privacy/

#CalyxOS is leading the charge to deliver a truly #private mobile device, it is also #FreeSoftware. Since it is based on #AOSP, you can port it to lots of devices, even if they do not support a locked bootloader.