Hey, so #RFC9460 HTTPS/SVCB records are neat, right?
- speed up your time-to-first-packet (by basically stuffing the Alt-Svc HTTP header / ALPN TLS extension into the #DNS);
- let you do redirection on the zone apex without using CNAMEs;
- allow for simple DNS load distribution and failover;
- obviate HSTS and the cumbersone preloading process;
- enable stronger privacy protections via Encrypted Client Hello aka #ECH
#Wireshark can now present some of the details of #EncryptedClientHello in #TLS streams, as of v4.2.0. For example, it can dissect the #ECH config data that comes from DNS. https://gitlab.com/wireshark/wireshark/-/merge_requests/12260
We have started the second round of our partnership https://defo.ie to ensure that the new #TLS standard called #EncryptedClientHello (#ECH) works for public interest use cases. We also are working to reduce the pressure towards #centralization inherent to the #privacy improvements of hiding the domain name. You can find more details in our project announcement: https://guardianproject.info/2023/11/09/defo-developing-ech-for-openssl-round-two/
Tired of Clicking On "I Agree" To Use Your Smartphone?
No Requirement To Click Away Your Privacy And Security To Use Smartphones, Tablet PCs, Servers, And Laptop PCs Supported By PureOS From Purism.
Purism Puts You In Control Of Your Privacy And Security Instead Of Giving Control Over To Google, Apple, Microsoft, Or Any Other Tech Giant Who Employs Predatory Surveillance Business Practices.
We just created a #HOWTO for how to set up dev/test servers using our #TLS #EncryptedClientHello #ECH enabled forks of #OpenSSL #nginx and #curl running on #Debian. It should be very quick to get started using a new domain: https://guardianproject.info/2023/11/10/quick-set-up-guide-for-encrypted-client-hello-ech/
The first fully merged, audited and shipped bit of code from our https://defo.ie project is Hybrid Public Key Encryption (#HKPE RFC9180), it has been shipped by #OpenSSL https://www.openssl.org/blog/blog/2023/10/18/ossl-hpke/ It is a building block for #EncryptedClientHello #ECH and #MessagingLayerSecurity #MLS, providing standard methods for using public key cryptography to encrypt arbitrary blocks of data.
Mozilla is ringing the alarm bell on a dangerous EU regulation.
Willkommen bei #ORFodon!
Der @ORF_News Bot hat jetzt seine eigene Instanz und eine Menge neuer Funktionen. Die Sparten und Bundesländernachrichten haben jetzt ihre eigenen Konten und dementsprechend ist eine viel flexiblere Filterung der Nachrichten und Beiträge des #ORF möglich.
Um Mehrfachbeiträge zu vermeiden, boosten die Kanäle einander.
Der Dienst wird weiterhin inoffiziell und privat betrieben.
austrian public broadcaster is on the fediverse, in case you are into monitoring int'l news: https://orfodon.org/@ORFodon/111375092254666650
Apparently #iPhone's #WiFi MAC privacy protection never really worked as released in 2020, they apparently just fixed it in 17.1 after years of touting this privacy protection.
For example, the biggest #mobile #malware incident that I know about remains #XCodeGhost https://en.wikipedia.org/wiki/XcodeGhost, which got into over 4000 apps, which all passed #Apple's review and were shipped by the Apple App Store. All told, those apps were installed 128 million times. Another measure is #NSOGroup #Pegasus which seems to have maintained zero click access to #Android and #iOS for years. That is spread by exploiting messenger apps, not by #AppStore or "sideloading" 3/
Google and Apple provide data about the malware they catch in their app store review processes. Both of them talk about "sideloading" as a security risk. Notably, neither Apple nor Google provide data on how much malware comes from outside of their app stores. Nor do they provide data-based analysis of which is the bigger threat: malware that makes it into their app stores or from other channels. They have this data, they track installs and active apps plus there is #PlayProtect #XProtect etc 2/
In my work with #FDroid I've discussed our work with gov regulators for South Africa, UK, EU and Japan as well as competition litigators from multiple US States and the EU. From this, I'm starting to see a picture of #Apple's and #Google's semi-related strategies of making "sideloading" (installing apps outside of their #gatekeeper control) look bad as a way to keep their monopolies in the face of #DMA and other regulatory actions. I'm still looking for data about the actual real world risks 1/
* Build the tool with itself
* Circular dependencies: Gradle needs #Kotlin to build which needs Gradle to build...
* Depend on snapshots to build releases, but then they don't keep a way to reproduce the snapshot releases https://github.com/gradle/gradle/issues/26516
* Java-style bundling of all dependencies
* Hidden proprietary depends https://github.com/gradle/gradle/issues/16439
thanks ebourg for keeping on!
People, apps and code you can trust