On the other hand, #MLS includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. #Signal Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/
One big concern I have about #MLS over something like #Signal Protocol is that it makes it so the cost of sending a message to a group of 10 is about the same as sending to a group of 1000 or more. This is the opposite of how physical social interaction works, it is much more effort to speak in front of large groups. This gives advantage to spam, disinfo, trolling, etc. as compared to protocols where the cost linearly increases as the number of users in the group increases. 2/
#MLS Messaging Layer Security has just been officially standardized by the #IETF, this is a great new development, especially in combination with standard protocols like #Matrix and #XMPP. https://blog.phnx.im/rfc-9420-mls/ 1/
A decade ago, #AmnestyInternational did some extensive UX work on #panic buttons using the power button. They used 10 presses as their trigger, and still got far too many false positives. Their conclusion was power button triggers were not workable. #GuardianProject reached a similar conclusion back then. I guess #Google missed that research: they shipped #Android with a 5-press trigger, and now emergency services numbers are receiving record numbers of false calls:
https://arstechnica.com/gadgets/2023/06/uk-police-blame-android-for-record-number-of-false-emergency-calls/
Gathering technical details of unpatched vulns is dangerous, no matter who is doing it. The #EU Cyber Resilience Act should avoid making this a requirement, it will not make us safer.
More info in the blog post:
https://guardianproject.info/2023/06/11/eu-should-not-require-sharing-unpatched-vulnerabilities/
1/5 🚨The final EU Parliament position on #AIAct is here 🚨
Some wins for #FundamentalRights but also missed opportunities to protect and empower people.
Read our statement: https://edri.org/our-work/eu-parliament-plenary-ban-of-public-facial-recognition-human-rights-gaps-ai-act/
1/4🔎#Google's harmful tracking ads business is now officially under investigation in Europe.
🚨In preliminarily findings, @EU_Commission confirms: since at least 2014, Google has abused its dominance in the #AdTech market - harming people, online journalism and competitors.
https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3207
4/4 The @EU_Commission findings against Google make clear once again that the harm done by the #surveillance ads business cannot effectively be remedied unless we put an end to it 🙅♀️
https://edri.org/our-work/surveillance-based-advertising-an-industry-broken-by-design-and-by-default/
1/5 🚨WIRED leak shows that Spain, Cyprus & Hungary want to use the #CSAR law to push for illegal #surveillance.
Contrary to what the European Commission says, the intention is to allow the police to break into people's private digital life. https://wired.com/story/europe-break-encryption-leaked-document-csa-law/
📺 #Encryption is vital for creating safe spaces, especially in insecure situations: https://youtu.be/--iCgH1KgI0
This screen that #Google shows on #Android when installing #FDroid really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if #FDroid marked anything that comes from Google as containing ads and trackers. 1/2
@grote we are glad that gnome-calls and chatty are in the Debian repository. Android's openness is a story of death by a thousand cuts.
Google made it official that important apps like Messaging and Dialer are no longer maintained in the Android Open Source project. A free Android on its own is pretty much useless now.
https://android-review.googlesource.com/c/platform/packages/apps/Messaging/+/2614297
https://android-review.googlesource.com/c/platform/packages/apps/Dialer/+/2613992
Want to disseminate our messages in your native 🇪🇺 language?
Join our translators team! And help us to empower people to control technology!
https://fsfe.org/contribute/translators/translators.html
You don't need to download the #android #sdk #binaries from #google .
You can compile the #sdk by yourself from the source code to write #android #apps.
Check this repository at #codeberg , it will do the job for you.
All you need are the scripts from this #repo , 32 GB #ram , approx. 300 GB free disk space and some patience.
Then, you can start coding for #android without the proprietary #sdk binaries from #google!
I'm often surprised to hear that many people believe that #OpenSource was this new radical idea in software development that came about in the 80s. That is actually backwards. Open Source was the default way software was developed before the 80s, and #proprietary development changed that. The #FreeSoftware movement was a direct response to software going #proprietary. It put #UserFreedom front and center as the reason why #software should be free and open.
Episode 57: F-Droid (featuring Sylvia van Os & Hans-Christoph Steiner!) https://fossandcrafts.org/episodes/057-f-droid.html
F-Droid, a repository of free software on your Android device! @cwebber interviews F-Droid developers @SylvieLorxu and @eighthave@social.librem.one alongside chair of the F-Droid board... @mlemweb!!!
#WhatsApp implementing #KeyTransparency is pretty nice, and definitely an excellent step in the right direction against shadow accounts and the service provider trust problem. However, without the client being #OpenSource, it is not that meaningful. Yes, of course somebody could implement an independent monitor for the transparency log to check keys registered for an identity, but what percentage of the user base will actually do that when the only realistic way to use the service is to rely on the #proprietary client, which can still be used to maliciously target (groups of) users to break #E2EE?
Secure messenger clients should both use identity security protections like #KeyTransparency and have a *default* implementation that is #OpenSource and, ideally, be distributed with #BinaryTransparency and verified through #ReproducibleBuilds. Oh, and allow other identifiers than just phone numbers (still looking at you, @signalapp - which is otherwise ticking a lot of the right checkboxes).
* Make software that works on older devices, the older the better.
* Make software that will keep on working for a very long time.
* Make software that uses the least amount of total energy to achieve its results.
* Make software that also uses the least amount of network data transfer, memory and storage.
* Make software that encourages the user to use it in a frugal way.
I wrote a blog post: How to use the new F-Droid libraries, like @calyxos https://f-droid.org/en/2023/05/02/three-client-libraries.html cc @fdroidorg
RT @Iwillleavenow
Biden issued an order that doesn't even fully ban commercial spyware, just spyware that has a few high-risk issues (controlled by a foreign gov, previously used by foreign nation to access U.S. gov devices, etc.) and the industry is in a full panic.
https://thehill.com/policy/cybersecurity/3955358-bidens-order-spyware-pegasus/
People, apps and code you can trust