Show more

Now that we’re here, time for an #introduction!

We’re an open-source app store making it possible to #sideload apps that aren’t allowed in the iOS App Store. We’re just 2 people @rileytestut @shanegillio working on this full-time, alongside a great community that’s motivated to bring new experiences to iOS

We’re solely funded through donations with no interest in VC backing. If you like what we’re doing & want to support a FOSS project, consider joining our Patreon 💚 patreon.com/rileyshane

I wish the team would follow repository best practices and stop silently reissuing binary releases under the same name/version. does not allow this, for example. The transparency log shows the newest violation: two version of sources-34_r01.zip with the file name, version code, and metadata.

gitlab.com/fdroid/android-sdk-

Last weekend I co-organised a "EU policy devroom" at #FOSDEM, marking the end of a wild 17 month ride in EU policy land working on the #CyberResilienceAct.
A blog I just published provides an overview of CRA #FOSDEM content, including my personal story starting #FOSS policy engagement in Brussels.
I hope it will contribute to a shared understanding of how the #CRA will most likely affect developers of #opensource software. Feedback welcome.

blog.nlnetlabs.nl/what-i-learn

Think tank funded by Big Tech argues #AI’s climate impact is nothing to worry about - theregister.com/2024/02/07/ai_ it's the "cryptocurrencies don't use much energy" argument all over again...

As part of 's work towards memory-safe infrastructure for the internet, @cpu has opened a merge request that implements TLS ECH support on the client side:
github.com/rustls/rustls/pull/

We agree that "the ECH spec is very challenging to implement and required a lot of trial/error" and we are working with to help implementers. Please reach out if that is you:
defo.ie/#contact

For people asking why Encrypted Client Hello is so important:

techcrunch.com/2024/01/26/nati

Even if you are using DOH (or ODoH), your ISP can see what websites your visiting (and then sell to NSA) by inspecting the certificate SNI field. Even with Encrypted SNI (ESNI), there are artifacts of the TLS session establishment leaked that can be used for TLS Fingerprinting - things like ALPN, and cipher suite.

#privacy #EncryptedClientHello #ECH

The White House just announced visa restrictions on those involved in spyware misuse. Are you a family member of someone misusing or facilitating spyware? You can be sanctioned as well! Great step to further delegitimise the highly invasive surveillance industry!

state.gov/announcement-of-a-vi

This week in F-Droid (TWIF) was published again.

Our highlight this week:

F-Droid and F-Droid Basic were updated to the stable version 1.19.0. It brings automatic background updates and a new and better workflow for adding repositories. Please note: this version is not yet the suggested version, so you need to enable beta updates, if you don't want to wait any longer.

Also we talk about notable updates oft some apps and the ongoing spring cleaning.

f-droid.org/2024/02/01/twif.ht
#FDroid

Do you share F-Droid repos with the NFC feature in our client app?

Background: the support for Android NFC Beam was removed in Android 14, so we probably have to remove this feature in the future. We want to know if anybody is impacted by this.

#FDroid

Hello #FOSDEM, this guy, Alberto Marti, announced 3bn euros for this open source European cloud project with an explicit focus on interoperability.That’s more than 2x the funding announced here back in December. Is there a link online for more info?

Did the other 2bn come from private sector investors?

digital-strategy.ec.europa.eu/

After my current understanding of how and affects and anyone who contributes to it:

* F-Droid org makes the "product" so it would be liable
* F-Droid is currently entirely non-commercial, handles no money
* Volunteer contributors are very clearly exempt from all this
* Donation funded contributions are also exempt
* Contracted contributors are helping build the regulated product, so the legal entities of the contractors would not be liable for F-Droid's "product"

#FOSDEM 2024 will be happening in a bit more than 1 week in Brussels!

Catch my talk "From phone hardware to mobile Linux" on Saturday morning or "Open Source for Sustainable and Long lasting Phones" (together with @agnes007 in the big Janson room!) on Sunday afternoon!

Or come by the postmarketOS (+friends) stand in the AW building!

I hope to see you there!

Links:

fosdem.org/2024/schedule/event
fosdem.org/2024/schedule/event
fosdem.org/2024/stands/

This week in F-Droid (TWIF) was published again.

We have a lot of information in it, so jump right in: f-droid.org/2024/01/25/twif.ht

In short:

- FOSDEM is around the corner.
- We specifically talk about the following apps: Money Manager Ex, Open Video Editor, Tachiyomi, Fossify Phone, KOReader, OnionShare, Organic Maps and OsmAnd~.
- The spring-cleaning of our repo is underway, and we have found some proprietary dependencies. The affected versions were removed.

#FDroid

VICTORY! Ring has announced it will no longer facilitate warrantless police requests for footage to Ring’s users. This comes after years of sustained pressure from EFF and other civil liberties and privacy advocates. eff.org/deeplinks/2024/01/ring

Nächste Woche geht es wieder los: Ihr könnt euch mit euer #OpenSource-Software-Idee bei uns bewerben. Es warten 47.500€, Coachings sowie Vernetzungs- und Bildungsangebote auf euch!
Alle Infos:
prototypefund.de

Court ruling rejects spyware vendor’s motion to dismiss lawsuit filed by Apple. Judge says anti-hacking laws fits #Pegasus case „to a T“. #NSOGroup will fight on theregister.com/2024/01/24/us_ #Staatstrojaner

“Ring hopefully will altogether be out of the business of platforming casual and warrantless police requests for footage to its users,” EFF’s Matthew Guariglia told @verge though we remain "deeply skeptical" about how police and Ring will cooperate.
theverge.com/2024/1/24/2404916

Fun fact: it's data privacy week 🔒 so here are some of our favorite extensions for a safer online experience.

1. Multi-account containers! cookies are separated by container, so you can use multiple accounts at the same time.

2. Privacy badger: this extension automatically blocks invisible trackers and opts you out of data sharing & selling.

3. History cleaner: this deletes browsing history older than a specified number of days 👀

Which ones are you currently using?

We have defined a secure and usable architecture for decentralized package repositories that any mobile user can use and understand possible risks.

The next official release of the official F-Droid client will widely deploy this to our users. We then plan to make a final architecture document, so others can understand the whole model.

We would love any kind of feedback, our drafts are here: gitlab.com/fdroid/wiki/-/wikis

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml