Have strong opinions, but I welcome any civil fact-based discussion.
Mastodon: @BrikoX@freeradical.zone
While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
Both. The cryptographic library in question is also used in other cryptographic applications too, so it’s a huge mess.
I’m aware. But some user data and metadata required for email protocol to function that can’t be encrypted is the fundamental issue. No provider can solve this issue, no matter how private and secure they are.
In this specific case, the user was a dumbass and linked another email that was tied to Apple. My point was more about email being flawed by design and a need for an alternative protocol if we want true privacy.
Check out https://www.techlore.tech/goincognito guide. It’s a good starting place.
Proton Mail desktop app officially launches, but remains for premium subscribers only
Encrypted email service Proton Mail is now available via a dedicated desktop app some three months after first arriving in beta.
Reposting as a comment since post got removed.
It’s about the EU Chat Control legislation, which goal is to break E2EE to “save” the world from CSAM.
These experts helped to write this draft: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=SWD:2022:209:FIN&from=EN
There would be way too much useless data to store and not useful.
Not really. They have so much data about people’s habbits and usage patterns that it’s easy to discard bad data with machine learning. And I have no idea if they log everything, but there is no reason why they couldn’t. That’s enough of a risk factor to consider not using it.
That doesn’t prevent it. Keyboard is tied to many core OS processes that connect to Google servers and relay that information. I would recommend replacing it with OpenBoard which is based on Android Open Source Project.
Not familiar with Lineage ROM, sorry. I would ask about it on XDA https://forum.xda-developers.com/c/lineageos.6080/
LSPosed is updated framework of Xposed with the same functionality.
Restricted accesibility settings is Android 13 security feature. You can bypass it on app-by-app basis if you want with the guide here or consider using LSPosed.
Accuracy. They are known to hallucinate. Sifting through various sources to verify information is already time consuming task without AI created nonsense that is impossible to source check.
It’s on lemmy.ml which is down at the moment (likely DDoS attack). Try searching a bit later.
EDIT: It seems they moved to !fossdroid@social.fossware.space
Haven’t used it, but according to their Privacy & Terms they started using FastGPT which is a dealbreaker for me. I’ll stick to SearX which allows more curation.
How does in compare to https://cryptpad.fr?
Another example is using F-Droid. I came across this article and this one went way over my head since I’m not really well versed on android. But the gist I got is that F-Droid is not only insecure but is also bad for getting timely updates. I checked and some apps are something like 7 patches behind which is unacceptable for me.
F-Droid allows you to add any repository, not just the one managed by them. So you don’t have to trust the platform to take advantage of F-Droid.
F-Droid build/sign cycles are a lot faster that Google Play in most cases. Google claims updates are proccessed from several hours to 7 business days. But basically if do anything more than fix a typo it’s always days before it gets processed.
If apps are out of date it’s due to a developer, not F-Droid.
The attack vector was fixed in 0.18.2 and it was limited to instances that used custom emojis.
Also there are multiple different frontends for Lemmy:
5 alternatives listed on AlternativeTo are all proprietary https://alternativeto.net/software/songkick/
Not very familiar with this, but with how ticketing and venues are consolidated all the agreggated information is probably put behind paid API hence no FOSS alternatives. Could be wrong though.
It’s definitely not something a regular user should panic over. But it’s a huge deal since a lot of high security, sensitive targets also rely on the same library.