Guardian Project @guardianproject@librem.one

#Debian has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, #Fastly. It works well, but also feeds an enormous amount of #metadata to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the #privacy policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

Message from our Board of Directors:

Nominations are now open for the F-Droid board of directors!

https://f-droid.org/2024/02/28/help-advance-mobile-device-user-freedom-nominate-candidates-for-the-f-droid-board-of-directors.html

#FDroid

The US data broker Bazze secretly obtains location and identity data about a hundred million people via smartphone apps, digital advertising and consumer records and sells it to the US military.

NSA-like global mass surveillance, but based on commercial data.

Forbes has now a report about it:
https://www.forbes.com/sites/sarahemerson/2024/02/22/bazze-data-broker-is-selling-data-that-can-locate-people-at-military-bases-and-embassies/

#Apple and #Google are also acting as #gatekeepers when it comes to medical, health and wellness software. #SurveillanceCapitalism and #monopoly control do not belong in health care.

https://www.nature.com/articles/s41746-023-00754-6

#DMA #digitalmarketsact #gatekeeper

One down, three to go!

#Tiktok: we're not a #gatekeeper and this will expose our shady #surveillance business to the world mimimimi

Court of Justice: yeah whatever, no. 👏

#ECJ #DMA #digitalmarketsact #Competition
https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-02/cp240028en.pdf

Thanks @eighthave! IMHO by running an F-Droid repo (whether it builds from source or just offers binaries) intended to be used by others, one accepts responsibility. So one should take the best possible measures to make it as safe and as transparent as possible. I try my best here, and I won't stop where I'm standing now – but hopefully improve it even more. 🤞 @fdroidorg

One concrete example of the damage that #BigTech #gatekeeper companies like #Apple and #Google are doing to the mobile ecosystems is clear to see with media codec libraries. Right now, malware companies like #NSOGroup have maintained zero-click exploits in both #iOS and #Android for years. This is mostly via media exploits. iOS and Android have obscene profit margins, meaning both companies have plenty of cash for improving things. Yet where is the big outflow for fixing media codecs?

I installed #Orbot by @torproject roughly two weeks ago to help people circumvent #censorship. In that short time I already helped almost 400 people reach the #internet. You can learn how it works and how to help (it's a click of a button) here: https://snowflake.torproject.org/

Journalist Maurits Martijn is writing an article series on his search for a better internet. If that's what you're looking for you'll inevitably end up with free and open source.
In that light he wrote a portrait [1] of NLnet Foundation which financially supports #FOSS projects. Big thanks to Maurits [2] who has been working for many years to inform people about how the internet is broken and ways to make it better.
[In Dutch] [1] https://decorrespondent.nl/15131/deze-nederlandse-club-zorgt-voor-een-internet-dat-wel-voor-iedereen-werkt/14e4d369-934a-04ed-31ed-a3c67bca00e1
[2] https://decorrespondent.nl/mauritsmartijn

It’s finally happening — sideloading is coming to the EU!

We’ve started the process of becoming a legitimate “app marketplace”, allowing our European friends to download @delta and other AltStore apps officially for the first time ever!

See you in March ☘️

Now that we’re here, time for an #introduction!

We’re an open-source app store making it possible to #sideload apps that aren’t allowed in the iOS App Store. We’re just 2 people @rileytestut @shanegillio working on this full-time, alongside a great community that’s motivated to bring new experiences to iOS

We’re solely funded through donations with no interest in VC backing. If you like what we’re doing & want to support a FOSS project, consider joining our Patreon 💚 https://www.patreon.com/rileyshane

I wish the #AndroidSDK team would follow repository best practices and stop silently reissuing binary releases under the same name/version. #MavenCentral does not allow this, for example. The #FDroid transparency log shows the newest violation: two version of sources-34_r01.zip with the file name, version code, and metadata.

https://gitlab.com/fdroid/android-sdk-transparency-log/-/blob/e7bf63a1ad3327e3e3115bfc0852c8cc8ddac067/checksums.json#L4849

Last weekend I co-organised a "EU policy devroom" at #FOSDEM, marking the end of a wild 17 month ride in EU policy land working on the #CyberResilienceAct.
A blog I just published provides an overview of CRA #FOSDEM content, including my personal story starting #FOSS policy engagement in Brussels.
I hope it will contribute to a shared understanding of how the #CRA will most likely affect developers of #opensource software. Feedback welcome.

https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/

Think tank funded by Big Tech argues #AI’s climate impact is nothing to worry about - https://www.theregister.com/2024/02/07/ai_climate_impact/ it's the "cryptocurrencies don't use much energy" argument all over again...

For people asking why Encrypted Client Hello is so important:

https://techcrunch.com/2024/01/26/national-security-agency-americans-internet-browsing-records-warrantless/

Even if you are using DOH (or ODoH), your ISP can see what websites your visiting (and then sell to NSA) by inspecting the certificate SNI field. Even with Encrypted SNI (ESNI), there are artifacts of the TLS session establishment leaked that can be used for TLS Fingerprinting - things like ALPN, and cipher suite.

#privacy #EncryptedClientHello #ECH

Mozilla added scanning of data broker sites to its privacy protecting Mozilla Monitor

https://blog.mozilla.org/en/mozilla/introducing-mozilla-monitor-plus-a-new-tool-to-automatically-remove-your-personal-information-from-data-broker-sites/

#mozilla #firefox #data #privacy

The White House just announced visa restrictions on those involved in spyware misuse. Are you a family member of someone misusing or facilitating spyware? You can be sanctioned as well! Great step to further delegitimise the highly invasive surveillance industry!

https://www.state.gov/announcement-of-a-visa-restriction-policy-to-promote-accountability-for-the-misuse-of-commercial-spyware/