Guardian Project @guardianproject@librem.one

RT @Iwillleavenow
Biden issued an order that doesn't even fully ban commercial spyware, just spyware that has a few high-risk issues (controlled by a foreign gov, previously used by foreign nation to access U.S. gov devices, etc.) and the industry is in a full panic.
https://thehill.com/policy/cybersecurity/3955358-bidens-order-spyware-pegasus/

"Microsoft Edge sends a request to bingapis .com with the full URL of nearly every page you navigate to"

Microsoft secretly tracks people across myriads of websites/apps via pixel. Now it was caught tracking them directly in the browser, by default. Wild.
https://www.theverge.com/2023/4/25/23697532/microsoft-edge-browser-url-leak-bing-privacy

Learn how @guardianproject and @torproject are working together to bring Arti, the Rust-based next-gen Tor, to mobile devices https://guardianproject.info/2023/03/04/arti-next-gen-tor-on-mobile/ #orbot #rust #privacy #circumvention #torproject

@mxmehl @fdroidorg ah nice, the export/import workflow should help smooth the process. I'm interested in hearing about how many users find it worth it to do that kind of procedure. It is possible to fully automate it, but would take a chunk of work. A key question is: how many users are not going to update because of this? This will be valuable information as more apps transition to #ReproducibleBuilds in #FDroid

#WireGuard becomes the first VPN app on #FDroid to be built reproducibly! This means that WireGuard on F-Droid is now guaranteed to be 100% (bit-by-bit) equal to the WireGuard the developer builds.

If you're using WireGuard from F-Droid, please export your tunnels and re-install to switch to the developer's signature and continue receiving updates.

More details in the official WireGuard announcement: https://lists.zx2c4.com/pipermail/wireguard/2023-April/008045.html

New to reproducible builds? Check out https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html

👍We recently interviewed Hans-Christoph Steiner ( @eighthave ) of the F-Droid project ( @fdroidorg ) to get their view on @reproducible_builds! 🤝 Check it out below
👇👇👇

https://reproducible-builds.org/news/2022/06/24/supporter-spotlight-hans-christoph-steiner-f-droid-project/

Have you heard about #ReproducibleBuilds? This is one of the biggest #security benefits of #FOSS. On #Android, this technique ensures that the #FDroid version of an app exactly matches the developer's version.

Read our article below for more details and to see how easy it is for developers to get set up:
https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html

🎉 We're growing! Our global #FDroid community is pleased to announce that we now have an official governance plan and a brand-new volunteer Board of Directors. We're excited to work with them to keep improving the leading all #FOSS mobile app catalogue!

https://f-droid.org/en/2023/03/20/f-droid-board.html

#FreeSoftware #OpenSource #Android

When the tool-chain you've got to use (#flutter) doesn't care about #gdpr or #privacy in general:

`flutter config --no-analytics`

It would be nice to have a #homebrew package for https://gitlab.com/fdroid/sdkmanager, I have no access to #macOS, but I can assist. It should be easy, it has very minimal dependencies.

Do you sometimes just want one tool from the #AndroidSDK in a container or VM, and don't want to deal with the whole pain of setting up #Java and everything? Try the #FDroid sdkmanager instead of the official one. For example, `apt-get install sdkmanager` then `sdkmanager platform-tools`. Plus this verifies all packages using `apt-get` style GPG-signed index with SHA256 values. Useful in #research on #Android #malware #tracking etc. In pypi, Debian, Ubuntu, and https://gitlab.com/fdroid/sdkmanager/

Congrats to #matrix co-founder @matthew for rocking the last #DMAWorkshop, there was still quite a bit of buzz about how the live bridging demo carried a ton of weight, despite the lobbying efforts from #Meta, you can see it at around 14:00 in the live stream recording https://webcast.ec.europa.eu/dma-workshop-2023-02-27

#FreeSoftware was almost mentioned at #DMAWorkshop: one key point was that mobile operating systems in 2008 were in a race to get developers. #iOS and #Android were tiny newcomers with no developers. The idea from app stores came from free software and hackers. #Debian APT started in the 90s, #Cydia was on iOS when #Apple was still saying web apps were the only way. And of course, #Android used #OpenSource as a key strategy to get #developers interested in their platform.

It is so disappointing to see @ubuntu reverting to #DarkPatterns and #Microsoft-style fear-mongering to increase sales.

The entire message is designed to make people believe that there are #security updates they're not getting without #UbuntuPro (which as far as I understand is not true). #DeceptiveDesign
CC @beuc @finnmyrstad

The #gatekeepers have huge resources as compared to the regulators, so regulators must be strategic and pool resources. Also, communities based on tracking and reviewing the actions of the #gatekeepers can also play a role here. #Developers know the APIs they have to work with, and can report fishy business. Bloggers can report on key technical details that steer things towards the #gatekeepers. #Hackers can show when things ate technically possible, despite what #gatekeepers say. #DMAWorkshop

So far no mention of #FreeSoftware at the #DMAWorkshop but I guess that's not surprising since it opens with in-app payments as a central topic. It would be great to see free options like #Liberapay and #OpenCollective represented. I was happy to meet @murena here, so I know I'm not alone as an #FLOSS-based implementer.

#DMAWorkshop has started, many more suits than I'm used to. The first interesting insight I gathered in conversation: "sideloading" is a loaded word which serves the monopolists. On other platforms, this is called "installing". Sideloading highlights that there is a main source, and installing outside of that source. Of course, many people don't want to think about the source, but we need choice over which is the main source.

Over the last few months, I put a lot of work into the @fdroidorg app. Here's what's new: https://f-droid.org/en/2023/03/01/new-repo-format-faster-smaller-updates.html

🕵️‍♂️ Today, the Open Source Programme Office (@EC_OSPO) held a Secrets Management Hackaton for the developers from the 🇪🇺 Commission.

The goal was to remove secrets from the internal projects' codes so that more 🇪🇺 projects can become #opensource and be shared on http://code.europa.eu.