Guardian Project @guardianproject@librem.one

First #Weblate team member just arrived to #Brussels for #FOSDEM25, more on their way. We all can’t wait to meet our lovely community! At the @libreoffice stand, Saturday morning #BoF, Friday meetup, or anywhere else #FOSDEM. Read updated https://weblate.org/FOSDEM and join us! #LiberateYourTranslations #YourSoftwareYourLanguage

The Debian Publicity Team will no longer post on X/Twitter. We took this decision since we feel X doesn't reflect Debian shared values as stated in our social contract, code of conduct and diversity statement. X evolved into a place where people we care about don't feel safe. You are very much invited to follow us on https://bits.debian.org , on https://micronews.debian.org/ , or any media as listed on https://wiki.debian.org/Teams/Publicity/otherSN #debian

We've signed the open letter to the @EUCommission calling for strong enforcement of the #DMA.

The EU must act decisively to create opportunities, protect innovation and increase consumer choice.

https://appfairness.org/the-digital-markets-act-europes-digital-competitiveness-at-stake/

Meta tracks your activity across millions of websites and apps, regardless of whether you use its platforms, and profits from that data through targeted ads. Here’s what you need to know if you want to limit the company’s ability to harvest and profit from your personal data. https://www.eff.org/deeplinks/2025/01/mad-meta-dont-let-them-collect-and-monetize-your-personal-data

The court’s decision “would be front-and-center in any argument that Congress needs to impose a warrant requirement for these backdoor searches,” EFF’s Andrew Crocker told @theintercept. “That tends to be the kind of thing that Congress takes note of.” https://theintercept.com/2025/01/27/fbi-government-spying-surveillance-702-fisa/

Seven new projects have been selected to contribute to the three NGI Pilots. IzzyOnDroid and OWASP blint will join forces with NGI Mobifree which works on a more ethical mobile ecosystem. Nuxt, Flohmarkt & Open Banking Gateway will work on integrations with Taler, the privacy-preserving digital payment system. And NGI Fediversity - the effort to create a hosting stack in-a-box - will be joined by Drupal & Source-based Nextcloud + Onlyoffice.
https://nlnet.nl/news/2025/20250122-project-selection-pilots.html
#NGI #FOSS

fdroidserver v2.3.5 was released to fix issues with `AllowedAPKSigningKeys` when used in specific configurations. More details in the changelog: https://gitlab.com/fdroid/fdroidserver/-/blob/2.3.5/CHANGELOG.md#235---2025-01-20 #FDroid

Michiel Leenaars (our director of strategy) speaks at #FOSDEM about Europe's ambition to increase its digital sovereignty in relation to the #NextGenerationInternet. Despite its contribution to tech sovereignty with over 1300 Free and Open technologies supported, so far #NGI is not in the EU's future plans. Michiel addresses the question: What should our new EU Commissioner for Tech Sovereignty be working on for the next 5 years from the the vantage point of NGI?
https://fosdem.org/2025/schedule/event/fosdem-2025-6508-next-generation-internet-2025-where-next-/
#FOSS

The gig economy is ground zero for the use of experimental algorithms that use workers' own data against them. Leaving workers playing a game that they don’t know the rules to and that the house always wins.
#TimeToDeliverAnswers

https://privacyinternational.org/news-analysis/5510/12-organsations-tell-just-eat-uber-and-deliveroo-time-deliver-answers

There's a "Signal deanonymized" thing going around:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Stay calm. Deep breaths.

👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location

👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as vulnerable

👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.

#Signal #InfoSec

Reminder: Tech jobs with real impact are rare. At the Sovereign Tech Agency, we work to strengthen digital infrastructure – fostering security, innovation, and resilience to provide a stable foundation for participation and democracy.

You can still apply for our open positions! 📩

https://mastodon.social/@sovtechfund/113792992197932834

Citizens can only trust the 🇪🇺 digital ID if it’s transparent & gives them control over their data. The @EUCommission must protect users from illegal access to their sensitive information & fix loopholes in the upcoming #eID now! ☔
#eIDAS
https://epicenter.works/en/content/civil-society-demands-eu-commission-must-close-e-id-loopholes

🇪🇺 EU Commission's Microsoft 365 reliance raises privacy alarms!

Internal documents reveal the EU Commission's data privacy concerns over dependency on Microsoft.

Should the EU embrace #opensource to prioritize data sovereignty?

#EUDataProtection #DigitalPrivacy

https://www.euractiv.com/section/tech/news/internal-documents-reveal-commission-fears-over-microsoft-dependency/

Remember that #Facebook's new name #Meta doesn't really refer to the doomed-from-the-start #Metaverse whim, but its much more important reliance on #metadata as the core business model.

#Instagram, #WhatsApp, and the other "products" are primarily metadata collectors. Who communicates with whom, when, how often, how much, through which types of data; which groups are they members of, how do they interact with them; which posts/articles/products do they read, like, or buy? This metadata is sufficiently detailed that the actual content of "what" somebody sent is no longer important - and therefore it doesn't hurt the business model to provide end-to-end encryption in WhatsApp and (more hesitantly) Facebook Messenger. Or, as Gen. Michael Hayden (ex-NSA) infamously once admitted "We kill people based on metadata" (https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata). And #Meta's metadata collection is much more detailed than the mere phone call/message and email and IP packet records the NSA/CIA/etc. use(d).

That metadata is the basis for targeted advertisement and manipulation of individual and public opinion. That's where the money and the power is, not some silly 3D avatars. So the company name #Meta is, actually, interestingly descriptive and honest about the exploitative business model.

Protect yourselves. Use @torproject, @signalapp, @Mastodon, @pixelfed, and other federated services instead of feeding more into the metadata collection.

I wrote a blog post about using TLS ECH from Python https://guardianproject.info/2025/01/10/using-tls-ech-from-python/