Show more

@kgbvax TRUST. Yes, that's the key.

With CLOSED source you need to trust the dev, ans solely the dev (unless there were audits).

With FOSS, everyone (technically capable of) can review/audit the source. At F-Droid, that is done: many eyes on the code, many mechanisms cross-checking it. True, not every line and every minute, but it's done.

Knowing the dev behind it then is only needed to put blame – and THAT is not what F-Droid stand for :awesome:

Unlike Google, F-Droid does not force developers to publicize their name or address information.

We understand that people have many reasons to develop under another name than their legal one and to keep their personal information private. And that what matters is the trust between user and developer, not private details of their lives.

For more information on how we designed F-Droid to protect your privacy, see f-droid.org/2022/02/28/no-user.

#Mozilla has published its position on the "Web Environment Integrity API" proposal put forward by the #Google #Chrome team.

First paragraph: "Mozilla opposes this proposal because it contradicts our principles and vision for the Web."

github.com/mozilla/standards-p

'Ada & Zangemann - A tale of software, skateboards, and raspberry ice cream' book reading

☑️ FrOSCon 2023
🗓️ 6 August
⏰ 10 h
📍HS7
💻 programm.froscon.org/2023/even

#SoftwareFreedom #FreeSoftware

"'s newest proposed web standard is... ?" -- Google is proposing yet another user-hostile feature and aims to make it an web standard called "Web Environment Integrity API". This lets websites confirm the browser has limitations on what it can do, going against . The internet standard RFC 8890 declares "The Internet Is For End Users". Google's API circumvents that.

Thanks to Ron Amadeo for his a concise, cutting analysis:
arstechnica.com/gadgets/2023/0

Looks like the latest release of , v1.17.0, does not get flagged by , at least in the 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged , but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.

Show thread

What to do about the lack of #DataSkills?

In the iTalks series organised by our iLab, 🔟 experts on #DataLiteracy discussed it with almost 7⃣0⃣0⃣ participants from public sector, academia, and civil society! 👩‍💻

Missed it? Check the slides & recordings 👉 europa.eu/!x98WfB

On the other hand, includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/

Show thread

One big concern I have about over something like Protocol is that it makes it so the cost of sending a message to a group of 10 is about the same as sending to a group of 1000 or more. This is the opposite of how physical social interaction works, it is much more effort to speak in front of large groups. This gives advantage to spam, disinfo, trolling, etc. as compared to protocols where the cost linearly increases as the number of users in the group increases. 2/

Show thread

Messaging Layer Security has just been officially standardized by the , this is a great new development, especially in combination with standard protocols like and . blog.phnx.im/rfc-9420-mls/ 1/

A decade ago, did some extensive UX work on buttons using the power button. They used 10 presses as their trigger, and still got far too many false positives. Their conclusion was power button triggers were not workable. reached a similar conclusion back then. I guess missed that research: they shipped with a 5-press trigger, and now emergency services numbers are receiving record numbers of false calls:

arstechnica.com/gadgets/2023/0

Gathering technical details of unpatched vulns is dangerous, no matter who is doing it. The Cyber Resilience Act should avoid making this a requirement, it will not make us safer.

More info in the blog post:
guardianproject.info/2023/06/1

1/5 🚨The final EU Parliament position on #AIAct is here 🚨

Some wins for #FundamentalRights but also missed opportunities to protect and empower people.

Read our statement: edri.org/our-work/eu-parliamen

1/4🔎#Google's harmful tracking ads business is now officially under investigation in Europe.

🚨In preliminarily findings, @EU_Commission confirms: since at least 2014, Google has abused its dominance in the #AdTech market - harming people, online journalism and competitors.
ec.europa.eu/commission/pressc

4/4 The @EU_Commission findings against Google make clear once again that the harm done by the #surveillance ads business cannot effectively be remedied unless we put an end to it 🙅‍♀️
edri.org/our-work/surveillance

Show thread

1/5 🚨WIRED leak shows that Spain, Cyprus & Hungary want to use the #CSAR law to push for illegal #surveillance.

Contrary to what the European Commission says, the intention is to allow the police to break into people's private digital life. wired.com/story/europe-break-e

📺 #Encryption is vital for creating safe spaces, especially in insecure situations: youtu.be/--iCgH1KgI0

This screen that shows on when installing really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if marked anything that comes from Google as containing ads and trackers. 1/2

@grote we are glad that gnome-calls and chatty are in the Debian repository. Android's openness is a story of death by a thousand cuts.

Google made it official that important apps like Messaging and Dialer are no longer maintained in the Android Open Source project. A free Android on its own is pretty much useless now.

android-review.googlesource.co
android-review.googlesource.co

Want to disseminate our messages in your native 🇪🇺 language?

Join our translators team! And help us to empower people to control technology!
fsfe.org/contribute/translator

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml