We hear a lot about this guy, why not a little more. This podcast is doing a series on Musk that is quite revealing, totally worth a listen if you are interested in business or tech.

They are currently on part 2 of 4.

This would probably fit in better in the technology community and I'm pretty sure it has been shared already, so sorry for the duplicate, especially since it was already on the !privacyguides@lemmy.one and and !europe@feddit.de communities.

I found it interesting because just a few months ago The Linux Experiment made a video that I shared and, while that video was talking about laws in France that I believed at the time would lead to eventually banning encrypted apps it now appears that the possibility of that is now looming over us...moreso after what happened in Arras.

Edit (in French) https://www.numerama.com/tech/1533652-attaque-a-arras-darmanin-vise-les-messageries-et-leur-chiffrement.html

Yes, the attack in Arras is being used as a reason to consider banning encrypted chat apps like Signal and WhatsApp.

It is perhaps another sign of how bad things have become with Google's search results—full of algorithmically generated junk sites—that publications like CNET are driven to such extremes to stay above the sea of noise.

Archive.org / Archive.is

*or distribution

Having been a (GNU-)Linux user since 2006 (desktop only), I have done what many Linux users have also done: hop around from one thing to another.

That all stopped a few years ago when I decided that I would just stick with Debian. I was happy and comfortable. It worked. I used Stable, Testing, Unstable... no issues.

That is until about 4 months ago I was cleaning and found an older laptop and decided to try something different on it: Alpine Linux.

I even wrote about it on my blog. It was such a nice installation and process that I decided to put it on my main personal laptop.

Since April I have been using Alpine and I must say I am pleased. Differences from one Linux to the next aren't much to write about. With Alpine however, I finally experienced another part of Linux that I hadn't had the opportunity to enjoy: the community.

Package requesting? Easy. Asking for help? No shame. Patience and help provided? Excellent.

None of those comments are to disparage other OS communities. It is simply that I had only ever used popular distros (Debian- and Arch-based) so I never needed to ask for help. Either way, I am still using Alpine.

So, just to repeat the titular question: what have you tried out this year? What are your impressions?

Archive link

Not a big fan of the title (asking question in the title isn't a great idea) but the conclusions give a good summary:

The Cyber Resilience Act (CRA) represents a significant step in Europe’s efforts to enhance cybersecurity. However, its potential implications for the open source software community have raised serious concerns. Critics argue that the legislation, in its current form, could impose undue burdens on open source contributors and inadvertently increase the risk of software vulnerabilities being exploited.

New insights from GitHub’s blog post highlight additional concerns. The CRA could potentially introduce a burdensome compliance regime and penalties for open source projects that accept donations, thereby undermining the sustainability of these projects. It could also regulate open source projects unless they have “a fully decentralised development model,” potentially discouraging companies from allowing their employees to contribute to open source projects. Furthermore, the CRA could disrupt coordinated vulnerability disclosure by requiring any software developer to report to ENISA all actively exploited vulnerabilities within a timeline measured in hours after discovering them.

ARCHIVE

Reposting because rules

The Fairphone 4 will be launching across the pond. It will sport the /e/OS "deGoogled" ROM.

The past few days, I've seen more and more users mentioning flashing their devices or changing ROMs because they may have fallen down the rabbit hole.

Here is a quick list of different custom ROMs for Android phones. I don't use any, so don't take anything written here as endorsement or suggestion.

Alternative/Custom ROMS

In no particular order, these ROMs usually change the UX/UI and maybe add some security enhancements.

• LineageOS – LineageOS Android Distribution: successor to CyanogenMod, a good place to start

• BlissRoms: Close to stock with "some" added privacy

• OmniROM: Android with custom enhancements

• ArrowOS: An AOSP project that is light and promises longer battery life

• Evolution X: Android 13 with the Pixel UI

• Paranoid Android: Android with custom enhancements

• PixelExperience: Another Android 13 with the Pixel UI

Privacy|Hardened ROMS

Security-wise, LineageOS is a start but (correct me if I am wrong) you need to unlock the bootloader, which is not great. These ROMs purport heightened privacy or "hardened" security.

• iodéOS: "deGoogled" LineageOS fork, uses lots of blacklists for ad- and tracker-blocking. Sells pre-installed devices.

• CalyxOS: Provides a fair amount of privacy. Limited device support. microG is optional. Uses F-Droid and Aurora Store.

• DivestOS: Soft fork of LineageOS. "Hardened" with things like the Mulch WebView, uses F-Droid repositories for updates. Comes loaded with a tracker blocker, Mull browser, removal of proprietary blobs to reduce attack surface. ROMs available for many devices.

• /e/OS: A "deGoogled" Android experience. Uses microG, no telemetry sent to Google, modified NTP and DNS servers, modified GPS service. Uses the "App Lounge" which combines the Aurora Store with F-Droid and PWAs. Has a tracker blocker. Requires you to have an @murena.io account for some functionalities.

• Replicant: Android distribution with an emphasis on freedom and privacy/security.

• GrapheneOS: Private, secure, hardened... has a long list of features. Updates are fast, exploitations are quickly mitigated, non-profit. Probably the most recommended, but Pixel-only.

Yesterday while browsing the front page of that other site I came across a video of a TikTok user who finds people based on short videos.

Their TikTok page can be viewed here: https://proxitok.privacy.com.de/@the_josemonkey

(and they also have a webpage https://josemonkey.wordpress.com/)

I find it amazing, geeky, fascinating, and creepy that a single person with a computer — not a government organisation — is able to do this.

It all reminds me of that Wired article from 2009 about the man who tried to go off grid and was eventually found by internet sleuths.

TL;DR doxxing has never been easier, don't say or share anything on the web that you wouldn't want printed on the front page of a newspaper.

An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.