I'm often surprised to hear that many people believe that #OpenSource was this new radical idea in software development that came about in the 80s. That is actually backwards. Open Source was the default way software was developed before the 80s, and #proprietary development changed that. The #FreeSoftware movement was a direct response to software going #proprietary. It put #UserFreedom front and center as the reason why #software should be free and open.
Episode 57: F-Droid (featuring Sylvia van Os & Hans-Christoph Steiner!) https://fossandcrafts.org/episodes/057-f-droid.html
F-Droid, a repository of free software on your Android device! @cwebber interviews F-Droid developers @SylvieLorxu and @eighthave@social.librem.one alongside chair of the F-Droid board... @mlemweb!!!
#WhatsApp implementing #KeyTransparency is pretty nice, and definitely an excellent step in the right direction against shadow accounts and the service provider trust problem. However, without the client being #OpenSource, it is not that meaningful. Yes, of course somebody could implement an independent monitor for the transparency log to check keys registered for an identity, but what percentage of the user base will actually do that when the only realistic way to use the service is to rely on the #proprietary client, which can still be used to maliciously target (groups of) users to break #E2EE?
Secure messenger clients should both use identity security protections like #KeyTransparency and have a *default* implementation that is #OpenSource and, ideally, be distributed with #BinaryTransparency and verified through #ReproducibleBuilds. Oh, and allow other identifiers than just phone numbers (still looking at you, @signalapp - which is otherwise ticking a lot of the right checkboxes).
* Make software that works on older devices, the older the better.
* Make software that will keep on working for a very long time.
* Make software that uses the least amount of total energy to achieve its results.
* Make software that also uses the least amount of network data transfer, memory and storage.
* Make software that encourages the user to use it in a frugal way.
I wrote a blog post: How to use the new F-Droid libraries, like @calyxos https://f-droid.org/en/2023/05/02/three-client-libraries.html cc @fdroidorg
RT @Iwillleavenow
Biden issued an order that doesn't even fully ban commercial spyware, just spyware that has a few high-risk issues (controlled by a foreign gov, previously used by foreign nation to access U.S. gov devices, etc.) and the industry is in a full panic.
https://thehill.com/policy/cybersecurity/3955358-bidens-order-spyware-pegasus/
"Microsoft Edge sends a request to bingapis .com with the full URL of nearly every page you navigate to"
Microsoft secretly tracks people across myriads of websites/apps via pixel. Now it was caught tracking them directly in the browser, by default. Wild.
https://www.theverge.com/2023/4/25/23697532/microsoft-edge-browser-url-leak-bing-privacy
Learn how @guardianproject and @torproject are working together to bring Arti, the Rust-based next-gen Tor, to mobile devices https://guardianproject.info/2023/03/04/arti-next-gen-tor-on-mobile/ #orbot #rust #privacy #circumvention #torproject
@mxmehl @fdroidorg ah nice, the export/import workflow should help smooth the process. I'm interested in hearing about how many users find it worth it to do that kind of procedure. It is possible to fully automate it, but would take a chunk of work. A key question is: how many users are not going to update because of this? This will be valuable information as more apps transition to #ReproducibleBuilds in #FDroid
#WireGuard becomes the first VPN app on #FDroid to be built reproducibly! This means that WireGuard on F-Droid is now guaranteed to be 100% (bit-by-bit) equal to the WireGuard the developer builds.
If you're using WireGuard from F-Droid, please export your tunnels and re-install to switch to the developer's signature and continue receiving updates.
More details in the official WireGuard announcement: https://lists.zx2c4.com/pipermail/wireguard/2023-April/008045.html
New to reproducible builds? Check out https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html
👍We recently interviewed Hans-Christoph Steiner ( @eighthave ) of the F-Droid project ( @fdroidorg ) to get their view on @reproducible_builds! 🤝 Check it out below
👇👇👇
Have you heard about #ReproducibleBuilds? This is one of the biggest #security benefits of #FOSS. On #Android, this technique ensures that the #FDroid version of an app exactly matches the developer's version.
Read our article below for more details and to see how easy it is for developers to get set up:
https://f-droid.org/en/2023/01/15/towards-a-reproducible-fdroid.html
🎉 We're growing! Our global #FDroid community is pleased to announce that we now have an official governance plan and a brand-new volunteer Board of Directors. We're excited to work with them to keep improving the leading all #FOSS mobile app catalogue!
It would be nice to have a #homebrew package for https://gitlab.com/fdroid/sdkmanager, I have no access to #macOS, but I can assist. It should be easy, it has very minimal dependencies.
Do you sometimes just want one tool from the #AndroidSDK in a container or VM, and don't want to deal with the whole pain of setting up #Java and everything? Try the #FDroid sdkmanager instead of the official one. For example, `apt-get install sdkmanager` then `sdkmanager platform-tools`. Plus this verifies all packages using `apt-get` style GPG-signed index with SHA256 values. Useful in #research on #Android #malware #tracking etc. In pypi, Debian, Ubuntu, and https://gitlab.com/fdroid/sdkmanager/
Congrats to #matrix co-founder @matthew for rocking the last #DMAWorkshop, there was still quite a bit of buzz about how the live bridging demo carried a ton of weight, despite the lobbying efforts from #Meta, you can see it at around 14:00 in the live stream recording https://webcast.ec.europa.eu/dma-workshop-2023-02-27
#FreeSoftware was almost mentioned at #DMAWorkshop: one key point was that mobile operating systems in 2008 were in a race to get developers. #iOS and #Android were tiny newcomers with no developers. The idea from app stores came from free software and hackers. #Debian APT started in the 90s, #Cydia was on iOS when #Apple was still saying web apps were the only way. And of course, #Android used #OpenSource as a key strategy to get #developers interested in their platform.
It is so disappointing to see @ubuntu reverting to #DarkPatterns and #Microsoft-style fear-mongering to increase sales.
The entire message is designed to make people believe that there are #security updates they're not getting without #UbuntuPro (which as far as I understand is not true). #DeceptiveDesign
CC @beuc @finnmyrstad
The #gatekeepers have huge resources as compared to the regulators, so regulators must be strategic and pool resources. Also, communities based on tracking and reviewing the actions of the #gatekeepers can also play a role here. #Developers know the APIs they have to work with, and can report fishy business. Bloggers can report on key technical details that steer things towards the #gatekeepers. #Hackers can show when things ate technically possible, despite what #gatekeepers say. #DMAWorkshop
People, apps and code you can trust