It’s definitely not something a regular user should panic over. But it’s a huge deal since a lot of high security, sensitive targets also rely on the same library.

While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

Both. The cryptographic library in question is also used in other cryptographic applications too, so it’s a huge mess.

Since Proton complied, it means there was enough there for Swiss courts to agree. All requests are subject to Switzerland laws.

Recovery email was tied to Apple, so they asked Apple to private the data they needed. No email content was shared at any point from Proton.

I’m aware. But some user data and metadata required for email protocol to function that can’t be encrypted is the fundamental issue. No provider can solve this issue, no matter how private and secure they are.

In this specific case, the user was a dumbass and linked another email that was tied to Apple. My point was more about email being flawed by design and a need for an alternative protocol if we want true privacy.

If you do, make sure you are savvy enough to lock down access and your network is secure. Misconfigured networks are one of the biggest vectors for data breaches.

They always complied with legal court orders, as all companies do. It just highlights the fundamental issue with email as a protocol.

Check out https://www.techlore.tech/goincognito guide. It’s a good starting place.

Proton Mail desktop app officially launches, but remains for premium subscribers only

Encrypted email service Proton Mail is now available via a dedicated desktop app some three months after first arriving in beta.

Reposting as a comment since post got removed.

7 decentralized data storage networks compared

It’s on me. I missed the word “legislation” initially and edited the title after your comment.

It’s about the EU Chat Control legislation, which goal is to break E2EE to “save” the world from CSAM.

These experts helped to write this draft: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=SWD:2022:209:FIN&from=EN

All VPN does is change your IP. They track more than your IP to fingerprint you. So while VPN removes one vector, there are plenty of other to identify and correlate a unique profile.

Not really. They have persistent tracking even between browsers.

While I agree that the case in question is not really a problem. This comment misses the point. The issue is the code regression happening in the first place and being fixed only after being caught again by 3rd party.

Well aware of that. Don’t have Google Play Services on my phone.

There would be way too much useless data to store and not useful.

Not really. They have so much data about people’s habbits and usage patterns that it’s easy to discard bad data with machine learning. And I have no idea if they log everything, but there is no reason why they couldn’t. That’s enough of a risk factor to consider not using it.

That doesn’t prevent it. Keyboard is tied to many core OS processes that connect to Google servers and relay that information. I would recommend replacing it with OpenBoard which is based on Android Open Source Project.

The simple fact that the article is posted under Business section is part of the problem…

Not familiar with Lineage ROM, sorry. I would ask about it on XDA https://forum.xda-developers.com/c/lineageos.6080/

LSPosed is updated framework of Xposed with the same functionality.

Restricted accesibility settings is Android 13 security feature. You can bypass it on app-by-app basis if you want with the guide here or consider using LSPosed.

It defintely works as I’m using it with Android 12. Try with EdXposed or LSPosed modules.

Xposed MaxLock https://forum.xda-developers.com/t/app-xposed-maxlock-an-applock-alternative.2883624/

They make it hard to export your seeds if you want to move to the other platform or new device + closed source.

On Android Aegis is the great alternative. On iOS Raivo OTP used to be the main recommendation, but they just got bought by relatively unknown company, which is sketcy in on itself.

No, but Nitrokey is well known and time tested at this point. And they have different models, so I’m sure you can find something that works for you.

Nitrokey or OnlyKey is you want FOSS are good options.

That is better than most other cases, but far from perfect. It can still be wrong and that’s even more harmul in “Quick Answer, or Universal Summarizer” as people are more liekly to trust it’s result instead of double checking with another source.

Accuracy. They are known to hallucinate. Sifting through various sources to verify information is already time consuming task without AI created nonsense that is impossible to source check.

It’s on lemmy.ml which is down at the moment (likely DDoS attack). Try searching a bit later.

EDIT: It seems they moved to !fossdroid@social.fossware.space

Haven’t used it, but according to their Privacy & Terms they started using FastGPT which is a dealbreaker for me. I’ll stick to SearX which allows more curation.

How does in compare to https://cryptpad.fr?

Another example is using F-Droid. I came across this article and this one went way over my head since I’m not really well versed on android. But the gist I got is that F-Droid is not only insecure but is also bad for getting timely updates. I checked and some apps are something like 7 patches behind which is unacceptable for me.

F-Droid allows you to add any repository, not just the one managed by them. So you don’t have to trust the platform to take advantage of F-Droid.

F-Droid build/sign cycles are a lot faster that Google Play in most cases. Google claims updates are proccessed from several hours to 7 business days. But basically if do anything more than fix a typo it’s always days before it gets processed.

If apps are out of date it’s due to a developer, not F-Droid.

The attack vector was fixed in 0.18.2 and it was limited to instances that used custom emojis.

Also there are multiple different frontends for Lemmy:

• https://mlmym.org
• https://nemmy.app
• https://slemmy.libdb.so
• https://alexandrite.app

!unethicallifeprotips@lemmy.world

5 alternatives listed on AlternativeTo are all proprietary https://alternativeto.net/software/songkick/

Not very familiar with this, but with how ticketing and venues are consolidated all the agreggated information is probably put behind paid API hence no FOSS alternatives. Could be wrong though.