Planet F-Droid

December 02, 2022


Purism at “Le Capitole du Libre” in France

On the 16th and 20th of November, Adrien Plazas and I had a booth at the French Free Software event “Le Capitole du Libre” in the city of Toulouse. It was the first time the event was taking place since 2019. As for the previous years, this edition was a success and we have met […]

The post Purism at “Le Capitole du Libre” in France appeared first on Purism.

by François Téchené at December 02, 2022 20:53

December 01, 2022

/e/ foundation

Leaving Apple & Google: Become a part of our journey to freedom: support e Foundation!

Leaving Apple & Google: Become a part of our journey to freedom: support e Foundation!

Still waiting for some important improvements in /e/OS? Want to ensure /e/OS remains independent? 

Consider supporting e Foundation now!

We are proud and thankful to be supported by such a vibrant and invested community from  day one.

Only this past year your support gave us the opportunity to launch /e/OS v1, to improve your privacy control with new features such as Advanced Privacy, to offer all Android apps in /e/OS via App Lounge, to grow the number of supported devices to more than 250, to offer the Easy Installer to 20 smartphone models and so on… 

In only a few years /e/OS has become the leading pro-privacy smartphone operating system, confirmed by academic research.

Thanks to your contributions, e Foundation and /e/OS can remain independent and  implement improvements much faster. Our goal remains the same since day one: let as many people as possible on this planet enjoy life without constant surveillance from the Big Techs!

It’s time to make it bigger, faster, stronger! We are committed to accelerating the development of much needed and awaited features as:

  • Improved support of community devices
  • /e/OS for tablets
  • End to End Encryption for your documents, pictures, …
  • Voice to Text feature
  • Wireless TV connection
  • Android auto compatibility

And to do this, we need your contributions! Every donation helps to pursue additional developments, rent servers for the compilation, recruit more developers, pay for domain names and other key expenses amongst other things.


How can you donate?

There are several ways you can support us financially:

1. Recurring donation: become an /e/ Patron!

2. Our ongoing crowdfunding, receive a gift in exchange!

3. One time donation via PayPal or crypto currencies 

4. Donate via the bank transfer: send us an e-mail at with your request and we’ll send you our bank information


How to support us differently?

Any other way to contribute to the project is priceless for us! 

You can also help us by:

Read more about our project’s ambitions in Gaël Duval’s letter.


Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community


by e_admin at December 01, 2022 11:58

November 30, 2022


Microsoft's Office 365 declared illegal for German schools - again!

German schools must not use Microsoft Office 365 due to privacy violations. After two years of negotiations with Microsoft, the German Data Protection Conference (DSK) issued a damning statement that given the missing transparency in regards to data protection and potential third-party access no personal data of German school children must be stored on Microsoft's servers outside of Germany. This could also affect other American cloud solutions such as Google's and Apple's.

November 30, 2022 00:00

This Week in F-Droid

Upcoming alpha release of F-Droid Client

At long last, the first alpha of the big overhaul of the official F-Droid client app for Android is about to be released. This round of work was focused on modernizing some of the oldest code in the client: the downloading, index parsing, and database layer. This code is now structured as standalone libraries so that other projects can benefit from using it as well. This changes a huge amount of code, and we have already confirmed it fixes many bugs and improves a wide range of functionality. There will be more on that here as it is finalized.

This also means that there will be breakage, so this alpha will probably be more unstable than previous alphas have been over the years. We always appreciate testing, feedback, issues, and crash reports. But if your F-Droid is customized in a way you would rather not reset, then you might want to sit this alpha testing round out. If you have a spare device, test device, or work with Android emulators, we also are happy to have testing on our nightly builds. Be aware: the nightly builds come from GitLab CI/CD, so not as secure a release process as the official releases. It is possible to have both official and nightly installed at the same time. The easiest way to get started with the nightly builds is to add the repo to an existing F-Droid install, then search for “Nightly”, then choose “F-Droid Debug”.

This work was funded by the FFDW-DVD grant

by F-Droid at November 30, 2022 00:00

November 29, 2022


Anonymous email: Tutanota keeps your data secure and private.

Tutanota is the best free anonymous email service you can get: No phone number required, no logging, no tracking, and all data is encrypted. Tutanota is built by a team of privacy-enthusiastic engineers committed to protecting your right to privacy. We aim to develop the most secure mailbox by focusing on automatic encryption and privacy-by-design.

November 29, 2022 00:00

November 28, 2022


Special Year End Promotion for Librem 5 USA

Score $100 off this holiday season on your order for Librem 5 USA. With the holiday season in full swing, this is a great gift for any one in your family concerned about secure supply chain or online privacy. Built with Made in USA electronics, we ship globally, within 10 business days. Order here with […]

The post Special Year End Promotion for Librem 5 USA appeared first on Purism.

by Purism at November 28, 2022 19:34


Why choose the Tutanota desktop clients?

The Tutanota desktop clients are amazing tools as they come with a lot of benefits compared to webmail access. Check here how our desktop clients for Linux, Windows and macOS can speed up and improve your workflow, particularly for business use.

November 28, 2022 00:00

Every day is Cyber Monday at Tutanota.

The Cyber Monday hype is just another method by marketers and advertisers to keep you buying. Higher, faster, further - that's the aim of marketers. But for consumers it leads to over-consumption and unnecessary spending. That's why we are saying no to Cyber Monday. Instead we are offering fair prices all year round.

November 28, 2022 00:00

November 27, 2022

Privacy Browser

Privacy Browser 3.7

Privacy Browser 3.7 has been released. It includes a major refactor of how Privacy Browser interacts with the Android file system. Beginning with Android 11 (API 30), Android is enforcing new storage restrictions called scoped storage. Under scoped storage, the Storage Access Framework allows apps to access files without requiring the READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE permissions. It does this by requiring that every interaction with a file requires the user to directly interact with a system UI to grant access for that action. This means that the user needs to press the Browse button for every download or other file action. It also means that the default download location was removed from the settings as it now no longer has any function.

The URIs returned by the system browser start with content:// instead of being direct file paths.

Not very descriptive of the actual location.

With the change to using the Storage Access Framework, Privacy Browser can bump the target API to 30 and remove the READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE permissions. This has been an important goal for a while, and I am quite pleased to finally accomplish it. If a webpage were to exploit a weakness in Privacy Browser and run arbitrary code (in almost all cases, this would be because of a flaw in the JavaScript engine—don’t run JavaScript on untrusted websites), then previously it could read and write any public file on the phone. Now it would be limited to the information that is available to Privacy Browser unless it were also able to exploit a separate bug in the Android OS to gain system level permissions. Defense in depth.

Unfortunately, WebView’s save web archive functionality does not currently support the Storage Access Framework. As such, that feature has been temporarily removed from Privacy Browser. I have submitted a couple of bug reports to Google. Hopefully it is something they choose to address.

About > Permissions has been updated to reflect the change in permissions, as well as to update the list of permissions automatically added by AdMob for the free flavor. Quoting from the updated text:

Run at startup

Lets AdMob start when the phone boots even if you don’t open Privacy Browser Free. This is a concerning permission because it can allow Google to spy on you. I would either like to find a different ad provider or drop the free flavor of Privacy Browser entirely.

When downloading files, the snackbar used to display the download percentage and the file path. With the change to the Storage Access Framework, the file path is now nearly useless. Hence, the snackbar has been updated to display the download percentage, the downloaded and total bytes, and the URL being downloaded.

When downloading files with an unknown file size, only the downloaded bytes and the URL are displayed.

MetaGer has been added to the list of search engines. There is also a feature request to consider making it the default homepage and search engine, but it does not yet rise to that level, as described in the feature request itself. Those interested in this decision process will also be interested in reading the requirements for being included in the list of search engines.

Options are good.

A bug was fixed that caused Privacy Browser to use the installation status of Orbot to determine whether to display the warning about I2P not being installed. Hence, if a user had installed I2P but not Orbot, they would still see this error message when attempting to proxy via I2P.


Previously, in dialogs with radio groups, the icons and the radio buttons were misaligned if the descriptive text wrapped to multiple lines. That has been fixed.

The URL bar is now updated when switching tabs even if it is currently being edited. This used to cause problems if the URL was being edited, then Privacy Browser was placed in the background and a URL was loaded from another app that created a new tab in Privacy Browser.

The password can now be displayed in the HTTP authentication dialog.

Tapping the eye icon toggles password visibility.

A number of rare crashes were fixed. Also, a bug was fixed that caused the navigation menu hamburger menu to turn into an arrow if the drawer was opened when the app was restarted.

One of these things is not like the others.

The main options menu code was optimized so it can open more quickly.

The Brazilian Portuguese translation was updated by Thiago Nazareno Conceição Silva de Jesus, the French translation was updated by Kévin L. The German translation was updated by Bernhard G. Keller. The Italian translation was updated by Francesco Buratti. The Spanish translation was updated by Jose A. León. The Russian translation was also updated.

The next release of Privacy Browser will (as long as I can make it work well) include the option to move the app bar to the bottom of the screen.

by Soren Stoutner at November 27, 2022 01:44

November 24, 2022


Online Safety Bill Criticism

The Online Safety Bill was postponed in Parliament this summer when Boris Johnson resigned. But now it's back. This UK bill aims to lay down rules in law about how platforms should deal with harmful content. But the plans for a new "internet safety law" will do more harm than good and reduce everybody's security online. We have signed an open letter to urge Parliament to stop this bill.

November 24, 2022 00:00

November 23, 2022

This Week in F-Droid

Why curation and decentralization is better than millions of apps

Every desktop computer or mobile device comes with some form of “app store”. There is F-Droid for Android. Debian has “software repositories” at its core. Then there are the really big, proprietary ones: Apple App Store and Google Play. These have millions of apps, while Debian has tens of thousands, and F-Droid around 4,000. This statistic is commonly mentioned when the big app stores promote themselves. When comparing by this number, F-Droid is a tiny little blip. But really, how many apps do you need in your app store?

Every software collection is fundamentally an act of curation. Only useful software is included. Malicious software is filtered out. Software deemed illegal in your jurisdiction is blocked. Any software that does not meet the standards or terms of service is removed. In the cases of community-curated distros like Debian or F-Droid, the contributors curate by choosing which apps are worth their attention. There is no major end-user software distribution that does not curate. Ideally, it is software that is useful to you, the user. Sadly, that is often not true. Think of the companies that prioritize surveillance capitalism: they include software designed to capture your attention so they can sell to advertisers. Or some companies promise privacy protections from apps, but then exempt their own software from the privacy protections.

From the point of the user, the ideal app store would contain exactly what the user wants, and not one thing more. Nobody has millions of apps installed on their device. All those extra apps just get in the way of finding what is important. Even worse, in the big app stores, its not just noise, it is malware or companies trying to rope you into something. They are trying to be the flashiest thing so people click the “buy” button. Or worse, they are trying to addict you so that they can sell your data to advertisers.

F-Droid is organized around different principles: user choice, decentralization, and community-controlled curation. This means F-Droid gives you selected apps by default without bans or censorship. When you install the F-Droid app, it automatically connects to the collection on that is maintained by this community. F-Droid also makes it easy for anyone to publish their own repository, with their own curation rules. Repomaker is a easy web app for publishing, and the fdroidserver command line tools that power are available for power users.

Organizing this way makes a lot of hard questions go away. Children, hackers, religious people, grandparents, activists, bachelors, and adult film actors; we all use calendars, read the news, need help navigating, play games. Over the years, a rough consensus has formed within the community that our collection should be curated this way. This turns out to be quite similar to other free software communities, like Debian. This blog post aims to make this more explicit to our users.

Every society has accepted ways to communicate about offensive things. If is the one source of software, then our curation would be censorship, since we would be preventing speech. As supporters of free software and privacy, we also want nothing to do with censorship. That’s where decentralization comes in. Decentralization means people can choose who they trust in a fine-grained way, not all or nothing. We have put a lot of work into making it easy for anyone to make their own app repos, and those repos can follow any rules that its creators want. Since F-Droid repos are a form of user-controlled subscription, it is not the place for F-Droid contributors to decide. Which apps or repos an F-Droid user includes in their own devices is entirely up to them.

One common complaint about decentralized systems is that they work badly. That is not true for the Android app ecosystem, and software distribution in general. Software repositories are usually not monolithic, the big mobile app stores are really the exception. Windows allows many sources. GNOME Software has one seamless experience based on apt, dnf, Flatpak, Snapcraft, etc. as software sources. In the Chinese app store market five to ten commonly used app stores, and yet even the largest has less than a majority market share. Most Chinese people have more than one app store on their phone, so there is no monolith there, whereas “outside of China, Apple and Google control more than 95 percent of the app store market share”. Ecosystems with multiple app sources work, and governments around the world believe that monopoly forces are what keeps Google Play and Apple App Store dominant. Even Apple’s famous strictly walled garden can coexist with AltStore, AppFair, and Cydia. This clearly demonstrates that the only barrier to breaking down the app monoliths are the policies of monopolist companies.

The point remains: for the vast majority of Apple iOS and Google Play device users, when the store removes or restricts an app it is essentially censorship. Using alternatives requires a high level of technical skill. Google Play devices at least allow third party app stores, albeit with a much lower level of integration than Google Play itself. Not only does F-Droid offer truly open app distribution, the F-Droid model offers an improved user experience: many decentralized app repositories can be managed in a single F-Droid client app. So there is the ease of use provided by a unified user experience, but it is not locked to a single provider. Only when there is a free, open, decentralized ecosystem can everyone decide for themselves what apps they want while also choosing which apps they do not want to see. The freedom to get apps will always be in tension with the things that people want to keep out of their life. Decentralization is the only solution, and F-Droid is built from the ground up to enable it.

by eighthave at November 23, 2022 00:00

November 22, 2022


What We Are Thankful For

It’s that time of year when many people find themselves in a reflective mood. For those of us in the US, it’s the week of the Thanksgiving holiday and this week people commonly reflect on the past year and what they are thankful for. Normally our posts are status updates, tech tips, or thought pieces, […]

The post What We Are Thankful For appeared first on Purism.

by Kyle Rankin at November 22, 2022 19:05

Privacy Browser

Privacy Browser 3.12.2

Privacy Browser 3.12.2 contains a fix for a problem with WebView’s dark mode on API 29 – 32 (Android 10 – Android 12L) that was introduced with the switch to target API 33 in Privacy Browser 3.12. Initially this was fixed for only API 33 (unless you had a really old and insecure WebView), but this release extends the fix back to API 29. Unfortunately, for reasons that don’t make sense to me, Google has disabled support for WebView’s dark mode on older APIs, so users on API 23 – 28 (Android 6 – Android 9) will no longer be able to force a dark WebView.

As described on the Wikipedia page, API 29 is currently the oldest maintained version of Android. Even though I will continue to release Privacy Browser on older versions of Android as long as it is feasible, this is done on a best-case effort and sometimes there might be features beyond my control that do not work.

From a security perspective, users are encouraged to always use both supported software and hardware. Even if you are using a modified ROM that is attempting to backport security fixes to versions of Android that are no longer supported by Google, if your firmware is not receiving active security patches you are likely vulnerable. For example, in the November 2022 Security Bulletin, there are a number of high severity vulnerabilities in the Android Open Source Project, but the only critical severity vulnerability is in the Qualcomm closed-source firmware.

by Soren Stoutner at November 22, 2022 00:33


e-Evidence: Open letter calls for privacy safeguards.

e-Evidence negotiations have put fundamental rights on the line in an attempt to make cross-border criminal investigations more efficient. However, the cost for this efficiency would be very high. We call on policymakers to do better. The EU Council must acknowledge the need for stronger protection of Free Speech and privacy rights.

November 22, 2022 00:00

Every day is Black Friday at Tutanota.

The Black Friday hype is just another method by marketers and advertisers to keep you buying. Higher, faster, further - that's the aim of marketers. But for consumers it leads to over-consumption and unnecessary spending. That's why we are saying no to Black Friday. Instead we are offering fair prices all year round.

November 22, 2022 00:00

November 21, 2022


How Purism is Advancing Made in USA Electronics

If you are curious to know how and why it matters where your phone is manufactured, CNBC’s new short documentary is for you. “Purism is one American company that has been able to do what many are calling the impossible” it says. CNBC wanted to find out why tech giants aren’t making smartphones in America. Take […]

The post How Purism is Advancing Made in USA Electronics appeared first on Purism.

by Yavnika Khanna at November 21, 2022 19:56

November 17, 2022

Privacy Browser

Privacy Browser 3.12.1

Privacy Browser 3.12.1 is an emergency release to fix a crash. The transition to SwitchPreferenceCompat in Privacy Browser 3.12 was incomplete. Specifically, it was not possible for the new SwitchPreferenceCompat to set default values. As no new preferences (settings) were added in 3.12, this did not cause any problems for upgrades from 3.11. But it did cause problems for new installs, for upgrades from 3.10.1 or older, or if the apps data was wiped and it needed to repopulate the default values. In these cases, the app would crash every time it tried to start.

by Soren Stoutner at November 17, 2022 19:16


Swinging Back to Open Standards

History is a series of pendulum swings between opposite extremes. A generation moves in a certain direction, and the next generation reacts based on the consequences (often rejecting it). Eventually a new generation appears that never directly experienced the consequences and lessons from the previous generations, who then moves back toward that direction and the […]

The post Swinging Back to Open Standards appeared first on Purism.

by Kyle Rankin at November 17, 2022 17:01

/e/ foundation

Leaving Apple & Google: Easy Installer is now available for 5 more devices, Meet us this week-end at Capitole Du Libre in Toulouse

Leaving Apple & Google: Easy Installer is now available for 5 more devices, Meet us this week-end at Capitole Du Libre in Toulouse

  • Easy Installer is now available for 5 more devices
  • Meet us this week-end at Capitole Du Libre in Toulouse, France

Easy Installer is now available for 5 more devices!

We have just released the /e/OS Easy Installer for 5 new phones!

The Easy Installer is a desktop application that helps to install /e/OS on your phone with a few clicks. No need for command line or other complex processes to switch to /e/OS. Just install the right package depending on your computer, follow the steps on screen, and you’ll be all set in minutes. This tool runs on Linux, macOS and Windows OS.

The newly supported devices are:

  • Fairphone 4
  • OnePlus 8
  • OnePlus 8 Pro
  • OnePlus Nord
  • Pixel 4A 5G

As a reminder, the /e/OS Easy Installer already supports the following phones:

  • Gigaset GS290
  • Fairphone 3
  • Fairphone 3+
  • Samsung Galaxy S9 (Exynos only)
  • Samsung Galaxy S9 Plus (Exynos only)
  • Samsung Galaxy S8 (Exynos only)
  • Samsung Galaxy S8 Plus (Exynos only)
  • Samsung Galaxy S7 (Exynos only)
  • Samsung Galaxy S7 Edge (Exynos only)
  • Google Pixel 4
  • Google Pixel 4XL
  • Google Pixel 4a
  • Oneplus 7T
  • Oneplus 7 pro
  • Teracube 2e (2021)

You can find the Easy Installer guide as well the links to download in this page.

Meet us this week-end at Capitole Du Libre in Toulouse, France

Our team will be at Capitole Du Libre, the annual meeting centered around Open Source, taking place in Toulouse on November 19 & 20, 2022!

We will be present at the booth eFoundation. If you are attending this event, feel free to pass by and speak privacy with us!

For the most motivated, we can even help you install /e/OS on your phone. Please, check if your phone is compatible with /e/OS in this list and come see us at the booth. Ideally you can also grab your PC with you (Windows or Linux) and make sure to have a backup of your data (files, contacts, SMS/MMS, eventually app data etc.), as the phone will evidently be reset.

In addition, you can meet Gaël Duval, our founder, at the panel discussion on November 19 at 7 p.m. and assist at his conference around /e/OS & Murena on November 20 at 10:30 a.m.

We are looking forward to being there and meeting you!

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community


by e_admin at November 17, 2022 13:49

Privacy Browser

Privacy Browser 3.12

Privacy Browser 3.12 has been released. This adds a link to WebView DevTools in the navigation menu.

There you are, my pretty!

There is an entire post about WebView DevTools. I won’t repeat most of it here except to say that changes made in WebView DevTools affects all WebViews on a device, not just those inside Privacy Browser.

Currently the most interesting thing users can do with WebView DevTools is completely disable the X-Requested-With header.

It is now possible to open a bookmark in a new tab and switch to it automatically by long-pressing on a bookmark (previously the bookmark was opened in a new tab but users had to manually switch to that new tab). A new section has been added to the Guide to explain some of the less obvious aspects of dealing with bookmarks.

Explanations for any other unintuitive aspect of the interface will be added to this section in the future.

Privacy Browser now includes per-app language support on Android 13 (API 33). This is an OS level configuration that lets you set an app to use a different language than the rest of the device.

Pick a language, any language. (No, not really. Only supported languages are in the list.)

A crash was fixed that occurred when Add Domain Settings was called on an empty tab.

The color of red text and icons in night mode was improved.

A little easier on the eyes.

Privacy Browser now recognizes I2P installations from both F-Droid and Google Play (they use a different app ID). Previously, Privacy Browser did not detect the app ID from Google Play, which caused an alert dialog to pop up when a user selected I2P proxying if they had the Google Play version installed.

The Settings activity now has a bottom app bar version. Previously, the bottom app bar applied to all the activities except Settings (because it is generated using an XML file, which is different than the other activities).

The easier to reach you with, my dear.

The Service Worker directory is now deleted after each page loads. Previously this was only done in Incognito Mode. The Service Worker directory is like a secret, second cache dreamed up by browser developers who think the browser should be an OS. It serves no good purpose. Testing indicates there is no downside to continuously deleting it.

The file provider, used by OpenPGP import/export encryption, now uses a subdirectory of the cache directory. This provides a defense-in-depth design. Because of the way Android is designed, it should be impossible for any app besides OpenKeychain to read from this provider, and it should be impossible for OpenKeychain to read any file besides the export settings that is specifically created by the user for encryption, but by restricting the file provider to a subdirectory it prevents another app from reading the WebView cache if the previous two defenses are somehow thwarted.

This release bumps the target API to 33 (Android 13). The main difference with this API is that WebView’s dark mode works a bit differently. On previous versions of Android, the user could select a light app theme and a dark WebView mode. But beginning with API 33, when an app is using the day theme the only option for the WebView is to be in light mode. When using the night theme WebView defaults to light mode, but the option exists to force night mode. The interface has been updated accordingly.

The Download With External App summary has been updated with additional information to help users understand its limitations.

Knowledge is power.

The width of some of the WebViews in About have been shrunk so that they fit on an average phone screen.

The way some of the strings are handled has been updated to make it more efficient and to work better with present and future translations. Settings preferences now use the AndroidX library, which should make them work better across the range of Android versions and devices. There is now a donation entry in About > Links.

Donations are much appreciated.

The loading blocklists screen no longer shows on top of the rest of the interface when returning to the main activity if the app is restarted in a subactivity. The compress method used to generate PNGs from BMPs in MoveToFolderDialog has been moved to a coroutine to handling the processing on a background thread. The location of the service worker directory has been updated to match changes in Android’s WebView. OutputStream calls have also been moved to coroutines to make API 33 happy.

A new modification to EasyPrivacy was added to make work correctly.

As with previous releases, the majority of development effort is currently being spent preparing Privacy Browser PC for alpha release, which is getting fairly close and will likely happen in early 2023. Minimal development of Privacy Browser Android will continue with interspersed releases until Privacy Browser PC reaches feature parity, at which point the two will be developed in tandem.

by Soren Stoutner at November 17, 2022 03:35

November 16, 2022


How to Setup Encrypted Chat on Librem Devices

Whether on a Librem 14 laptop or a Librem 5 phone, using Matrix is one of the best free software solutions for communication. It offers end-to-end encryption where the keys are fully in your control; In other words, Matrix servers can’t read your encrypted messages at all. Recently our Librem 5 chat application, Chats, announced […]

The post How to Setup Encrypted Chat on Librem Devices appeared first on Purism.

by David Hamner at November 16, 2022 00:15

November 15, 2022

Pine 64

November Update: Tune(d) in

We’ve got three key hardware availability announcements this month: for the PineBuds Pro, the Ox64 and Star64, all of which ought to be available in the coming weeks. However, reading this update I’d like you to keep in mind that Chinese factories and logistics are currently experiencing significant restrictions due to the zero-COVID policy. This means that some of the predicted availability dates...


by Lukasz Erecinski at November 15, 2022 15:15

Tux Phones

GNOME Shell is one step closer to Linux phones

GNOME Shell is one step closer to Linux phones

Our first post ever on this website was about the GNOME Project "getting ready" to adapt their environment to the growing demand of responsive, mobile-friendly Linux devices. That was back in 2019, before libhandy (Gtk mobile library) was considered stable, and when Librem 5s and PinePhones were less than a clear mockup on their engineers&apos desk. One year later, the first concepts of a tablet-friendly GNOME Shell were released, which would then see its first realization in the major GNOME 40 update from 2021.

Six months ago, I was at the Linux App Summit (LAS) 2022 when I had the opportunity to see one of the very first experiments of a responsive, mobile-friendly GNOME Shell experience, from its developer Jonas "verdre" Dreßler.

Tobias Bernard 🦣 (@tobias_bernard)
Productive hacking at LAS today: Jonas managed to get an initial implementation of two-dimensional navigation gestures working 🎉
GNOME Shell is one step closer to Linux phones

Although its new gesture-based system would remain somewhat buggy for the weeks to come, it felt surprisingly consistent and smooth to see, and its usability was one of its strengths. In fact, it was a matter of weeks until some distributions started packaging it (sometimes too early), and videos started appearing and comparing the overall experience to other shells like Phosh - often with excellent results.

Tobias Bernard 🦣 (@tobias_bernard)
Playing with Jonas’ latest WIP mobile shell branch. It’s honestly more fluid than my Android phone with Lineage, super impressive given the much weaker hardware✨
GNOME Shell is one step closer to Linux phones

Fast-forwarding to September 2022, Jonas made his work on a mobile GNOME Shell finally official by releasing an in-depth blog post showcasing the new Shell, including some demo videos of it running on a PinePhone Pro. As you can see, at a first glance the experience does not differ much from that of iOS and Android devices, and all happens in a smooth flow.

GNOME Shell on mobile: An update – GNOME Shell & Mutter
GNOME Shell is one step closer to Linux phones

With progress on the mobile shell happening so quickly, one YouTube channel has recently posted an in-depth overview of the usability of Shell on mobile devices, specifically on a "mainlined" Android (Qualcomm Snapdragon845) device in this case.

Although the OnePlus 6 is still one of the most powerful Linux-supported phones around, there has been considerable work spanning from Gtk, St, and Mutter to the high-level JS code in bringing Shell to such an optimized stage. As you can see from the video, performance never appears to be an issue, and multitasking is extremely smooth with the interface looking generally complete. Furthermore, the new Shell animations do their job in enhancing the "cool" appearance of this project.

At around 3:00 in the video, Niko mentions the battery life of the OnePlus 6 on Linux to be loosely comparable to that on Android, which would also be an impressive achievement for a mobile platform that has so far been killed by terrible battery life and lack of efficient standby consumption. Although no official ETA exists, considering the current stage of things, it would not be surprising to see this work land in the final Shell in the relatively near future.

by Raffaele T. at November 15, 2022 11:14


Offline mode is here: Enjoy your encrypted mailbox faster than ever!

We are incredibly happy to let you know that all Tutanota apps now support offline mode. This brand-new feature enables you to view your emails, calendars and contacts whenever and wherever you are - even if you do not have an internet connection! On top of that, the new feature reduces loading time of the Tutanota app immensely.

November 15, 2022 00:00

November 10, 2022

Privacy Browser

WebView DevTools

Privacy Browser Android uses Android’s WebView to render web pages. WebView provides fairly limited controls compared to the upstream Chromium source. However, there are small set of user-configurable controls that Google has baked into WebView. Users can tweak these controls using WebView DevTools. If you are using a pre-stable channel (Beta, Dev, or Canary) there is a launcher icon for WebView DevTools. Users on the stable release of WebView are not provided with such a launcher, but it is possible for another program, like Privacy Browser, to include an intent that does launch it. Beginning with the 3.12 release, Privacy Browser has such a launcher in the navigation drawer.

Open to me the secrets of the WebView!

By default, if you change any of the WebView flags, a persistent notification will be displayed in the status bar to warn you of how dangerous your life is. But that can be disabled if desired.


It is important to note that any changes made to WebView DevTools affects the way WebView works in all the apps on your device. These are not Privacy Browser specific settings. As such, it will affect any other browser based on WebView, like Lightning and FOSS Browser, as well as any other app that uses WebView to display documentation and information or interact with the internet (there are a number of apps that use WebView to handle logins). Privacy Browser will need to be restarted for any changes made in WebView DevTools to take effect. In addition, changes to WebView DevTools will need to be made on each of your devices and will not be carried over with an import of Privacy Browser’s settings to a new device.

The purpose of this page is to document any options in WebView that are likely to be of interest to Privacy Browser’s users. The available options can change with each WebView release. If you become aware of any option that ought to be added to this page, feel free to leave a comment at the bottom or to post a suggestion to the forum.

X-Requested-With Header

Currently, the only flag that most users would like to alter is WebViewXRequestedWithHeaderControl.

That doesn’t even sound grammatically correct.

The X-Requested-With header is discussed in some depth in a separate post. Needless to say, Google is highly incentivized to make it easy to track you around the web, and adding this to Android’s WebView makes it easier to do so. I have found that companies like Google, who have such conflicts of interest, often have a very hard time setting defaults that are in the best interest of their users.

by Soren Stoutner at November 10, 2022 19:37


Social Credit System in China: Why it is so scary.

Imagine a world where everyone bins their trash, no one crosses a red light and everyone pays their taxes so that schools are always well funded. This sounds like a nice utopia. But add to this surveillance cameras, face recognition, and the requirement to always praise the government. Now it sounds like an Orwellian nightmare come true: Meet China's Social Credit System.

November 10, 2022 00:00

November 09, 2022


Librem-EC 1.11

Librem-EC 1.11 for the Librem 14 laptop includes several improvements targeting device stability and reliability.  As with our previous posts on the EC, it has been quite an adventure investigating corner cases!  Update to this release with our update instructions, and as always the source code is available. Battery Power Limits Despite several EC releases addressing […]

The post Librem-EC 1.11 appeared first on Purism.

by Jonathon Hall at November 09, 2022 18:35

Toward Matrix support in Chats

We have been aiming for proper Matrix support for the Chats application since the beginning of its development. The initial support for Matrix was provided with the purple-matrix plugin. It had rudimentary Matrix support for non-encrypted chats and decryption (but not for encryption). This plug-in has been unmaintained for quite a long time and making […]

The post Toward Matrix support in Chats appeared first on Purism.

by Mohammed Sadiq at November 09, 2022 16:23

November 05, 2022


NewPipe 0.24.1 released: Et tu, channels?!

So, YouTube channel videos up and vanished, and even refreshing the feed didn’t get them back. That’s never a good sign, so we went looking for them and found the slippery little things. Make sure you tie them properly to the fence next time. Put the bell icon around their necks. Might help, or so we’ve heard from several popular YouTubers ad nauseam.

This release is quite interesting, because we had a bunch of new users sneaking into the repo all nearly at the same time, eagerly asking to fix issues. We look squinty-eyed at any gift horse, so some probing revealed that these were students of the Australian National University. As part of their Software Engineering course, they are required to contribute to a real-life OSS project (Which. Is. AWESOME.), and NewPipe was one of the suggestions.

Seriously, more programming courses should focus on this aspect. There are dozens of blog posts every year bemoaning the hard transition from programming courses to real-world projects.

By the way, these weren’t mere token changes either, just to make them feel good about participating and ticking a box on their course checklist! Each contribution has either added a nifty new feature, or fixed an actual bug faced by our users, which is worth appreciating. No low-effort Hacktoberfest PRs here. You could even say that this release was largely ANU contributor-driven, because without their participation, we would have likely issued a simple hotfix.

We’ve highlighted the ANU contributors with an asterisk. They were working in groups, so take the usernames to mean the entire team. Please join us in congratulating these students for successfully contributing to a real-world open source project! There were some who didn’t make it in time for their project deadline, and will swing back around later to finish their PRs. Yet others had their contributions rejected for one reason or another. But even that is a great learning experience (we made sure to give detailed feedback), and we hope it hasn’t discouraged them from future contributions. You’re all welcome to help out any time! Bring your friends as well! Hold a NewPipe hackathon, even!


  • Comment reply count support on YouTube has been added to the Extractor thanks to @xz-dev! The app-side work is still under way. Watch out for it in coming releases.

  • @AudricV added support for YouTube handles. This refers to channel links starting with ‘@’. Also, more kinds of usernames are supported now.

  • @Sandelinos added a monochrome icon for the app to fit in with the cool kids on Android 13. Gotta keep up with the ever-changing fashion trends, or there will be all sorts of terrible gossiping behind your back.

  • @Yuuu2990* added a link to our FAQ in the app’s About section.

  • @YonghaoDeng* added an ‘Open in browser’ button on the error page shown when a video page fails to load.

  • @cernunnos1710* added a list layout for channel groups, to improve accessibility for users with sight issues. There is now a button to toggle between list and grid layouts. The default layout is the one selected in Appearance settings.

  • @Callisto404* added the ability to long-press on YouTube chapters to share a timestamped URL.


  • @HybridAU added a button to the minimised bottom player which opens the play queue.

  • @Jfax510* made it so that the app shows the “Hold to enqueue” tooltip for the playback header buttons in local playlists, which should help new users.


  • YouTube changed the layout of the channel page, which broke extraction of videos in channels, and caused feed update requests to return empty-handed. @Theta-Dev adapted the code to correctly parse the new layout and fetch videos properly again. Note that since YouTube has separated Shorts and Livestreams into their own dedicated tabs, those won’t be shown in the channel page… for now. (Dun dun duuun!)

  • @Isira-Seneviratne fixed a potential NullPointerException error in’s Recent kiosk.

  • @TurtleArmyMc fixed the extraction of SoundCloud playlists, which tracks were not necessarily being returned in the correct order.

  • @TobiGr fixed the error seen when trying to fetch more comments on SoundCloud.

  • YouTube rolled out a new metadata format for playlists, which broke extraction of video count and uploader name. This is now supported thanks to @AudricV.

  • @AudricV added a workaround for all the 403 HTTP errors users were getting. Basically, YouTube is testing a new method to detect 3rd-party clients and push them to use the official one, so we’ve changed the code to avoid said detection.

  • @devlearner fixed the crash that sometimes occurred when the user touched a comment while scrolling.

  • They also fixed the crash that occurred upon rotating the screen while the Download dialog was visible.

  • If a user opened a Download dialog on the History page and then backed out of the page before the dialog could load, it caused a crash. @plasticanu* has fixed this.

  • @Isira-Seneviratne fixed the bug where the ‘remove watched streams from playlist’ one-off function would get turned on permanently instead of running only once, and so any newly watched videos would get removed immediately.

  • When the same channel was added to multiple channel groups, its videos would appear multiple times in the What’s New (a.k.a. All) feed upon refreshing. @Stypox has fixed this.


  • OneGuitars* added new localizations, namely Icelandic, Latvian, and Malayalam, to the language selector.

  • @TobiGr updated the PrettyTime library from v5.0.3 to v5.0.6 to include new localizations made by NewPipe contributors. Thanks to @Nizami20052022 for bringing this to our notice, as well as for being one such contributor.

Nerd Talk

  • dependabot updates:
    • Bump junit-bom from 5.9.0 to 5.9.1
    • Bump spotbugs-annotations from 4.7.1 to 4.7.3
  • @FireMasterK added uploaderUrl() and uploaderVerified() methods to the PlaylistInfoItem class for YouTube.

  • YouTube has started to use attributed text descriptions, which allow internal links (YT to YT) to be shown as clickable chips. @Theta-Dev has added support for this to the Extractor.

  • @TacoTheDank replaced the manual android:summary="%s" usage with the useSimpleSummaryProvider attribute to display the current value of a set preference.

  • @Stypox improved the FeedGroupDialogViewModel factory to match the previous improvements to FeedViewModel.

  • In this month’s IsiraNews, @Isira-Seneviratne:
    • replaced Linkify with its Compat variant to work on older Android versions.
    • Updated Android Gradle Plugin to 7.3.0.
    • Used range-limiting methods in more places.
    • Replaced the manual calculation of checksums of downloaded files with Okio’s ByteString version.
    • Used the Java 8 Streams API to calculate the search score of items when searching inside Settings.
    • Used the TextViewCompat.setCompoundDrawableTintList() method to simplify some code.
    • Updated AppCompat to v1.5.1, and the compileSdk to 32.

New members!

Please join us in welcoming @SameenAhnaf and @Isira-Seneviratne to the team! You’re probably already used to seeing Isira’s name from the huge number of PRs in nearly every blog post.

Sameen has been around for a couple of years now, helping out with issue maintenance and interacting with the community members.

Where to get this brand-new version

NewPipe notifies you about new versions. You can download them when you press the notification, which will take you to the GitHub Releases page.

If you use the F-Droid app, it, too, notifies you about updates for NewPipe. Please keep in mind that it can take F-Droid a while to update their repository. If you have problems installing the update, you may need to uninstall NewPipe and then install it afresh. (Make sure to backup data by exporting your database from the Settings > Content menu.)

If you already installed NewPipe from F-Droid’s repository, to get this version of NewPipe you can do one of the following:

Note: If you installed NewPipe from GitHub Releases you will not have to uninstall NewPipe to switch to our custom repo. Just let it update your current version. Make sure you back up your data as mentioned in the warning at the top of the FAQ page!

Now that you’ve (hopefully) updated, please let us know what your experience of the latest release is, especially bugs in need of fixing. As usual, you can reach out to us via IRC (#newpipe on Libera.Chat), open issues on GitHub or, ideally, use our built-in crash reporter to send us machine-readable issue reports. You can even send in fixes yourself.

If you have any other questions, feel free to post them in the comments here and someone will reply to you. Also, thanks for reading it until the end! We put quite some time into these blog posts.

November 05, 2022 07:00

November 04, 2022


Cheers, to the Future of Libcamera

Earlier this month, the “OpenGL for cameras” libcamera project enjoyed its first release, versioned 0.0.1.  Congratulations, libcamera team! At Purism, we’re especially happy about this milestone, because we recognize how important libcamera is for the future of the Librem 5 phone. That doesn’t mean that we sit back and wait for libcamera to gain support for […]

The post Cheers, to the Future of Libcamera appeared first on Purism.

by Dorota Czaplejewicz at November 04, 2022 18:00

Tux Phones

The rvPhone is a hybrid RISC-V + ARM phone experiment

The rvPhone is a hybrid RISC-V + ARM phone experiment

Around one year ago, Sipeed announced initial support for Android on their RISC-V development boards, hinting that a first functional prototype of RISC-V phone could be coming within one or two years. Although Android is now supported by several development kits based on this architecture, as can be seen in the relatively new RISC-V Android Source repositories, we have yet to see a major mobile device implementing this architecture. Although still in the depths of the Linux kernel&aposs architectural porting, things are moving fast.

The rvPhone is a hybrid RISC-V + ARM phone experimentThe RISC-V based Sipeed Maix Amigo kit PDA (2020)

But if the very first PDA to support a quasi-RISC-V architecture was the Precursor, released in late 2020, the NLnet Foundation is now funding a new, homegrown RISC-V phone project. As for many other mobile Linux projects, such as postmarketOS, MNT Research&aposs Reform and PocketReform, and others, the rvPhone also appears to be sponsored by the European Union&aposs Next Generation Internet project.

To put things clear, the rvPhone is quite different from the devices above, as in spite of what its name may suggest, it is still far from doing the tasks of even a basic smartphone, and is rather focused on enabling mobile communication on a low-power RISC-V platform than about providing a modern smartphone user experience.

The rvPhone is a hybrid RISC-V + ARM phone experimentA screenshot of the current rvPhone firmware

And if the rvPhone developments are more about its open-source hardware than the software, some specifications can be derived from the current prototype:

  • todotodo proc
  • CPU: SiFive Freedom E310 RISC-V microcontroller (320MHz, RV32IMAC)
  • CPU (on daughterboard / SoM): NXP i.MX 8M (the same family as the Librem 5&aposs), e.g. CL-SOM-iMX8 (4x ARM Cortex-A53@1.5GHz + ARM Cortex-M4 coprocessor)
  • Display: 480x854 IPS LCD capacitive touchscreen, ILI9806E  (FocusLCDs E50RG84885LWAM520-CA)
  • Graphics: BT817 controller
  • Wireless: Espressif ESP32 Wi-Fi + Bluetooth
  • Cellular: SIMCom SIM7600X or Quectel EC-25 broadband modem via mini-PCIe
  • Audio: I2S audio subsystem, Class D amp (MAX98357A) + microphone (ICS-43434)
  • Others: gyro, accelerator, magnetometer (LSM9DS1), haptic driver (DRV2605L)
  • Camera: ArduCAM / OV2640 sensor (5MP)
  • Power: Lithium battery + charger (BQ25895)
  • Storage: SD card (FAT filesystem, AES/Blowfish encryption support), possibly eMMC on i.MX8 daughterboard
The rvPhone is a hybrid RISC-V + ARM phone experimentBack of the rvPhone&aposs prototype motherboard (source)

As can be seen, this prototype seems to be an interesting combination of an inexpensive, low-power RISC-V SoC sharing the board with a relatively high-performance i.MX8 ARM module. Although the electrical schematics are available, it is not entirely clear how the two subsystems interface with each other, or how the switching logic occurs between the ultra-low-power RISC-V system and the fully-featured i.MX8 board.

For instance, although electrical specifications are open and downloadable (also in KiCad format from the hw directory of its repository), the general documentation looks to be still limited. Similarly, no videos or pictures of the prototype apart from that above seem to be released at the time of writing.

The project looks developed by one developer, Uroš Majstorović ("majstor"), and its official Git repository looks to be relatively active. This probably falls into the spectrum of homebrew projects, and it represents the first experimentally working RISC-V mobile device. Having some kind of Linux integration through the i.MX8 subsystem, it could also be a good source of inspiration for privacy-oriented RISC-V hardware stacks - although for ypu will need to wait at least until next year to see more fully-featured RISC-V phones.

RISC-V Phone
The rvPhone is a hybrid RISC-V + ARM phone experiment

by Raffaele T. at November 04, 2022 17:29


Tutanota keeps growing: Welcome Nikita and Colin with us!

New year, new students! Every year we onboard at least two students doing a dual studies program to support young people with their education. This winter semester, Nikita and Colin joined our software development team. As they already have experience, they started right away with improving our website.

November 04, 2022 00:00

November 03, 2022


Introducing PureBoot Restricted Boot

We have been busy on the PureBoot front! Recently we announced “PureBoot Basic Mode” which is a low-security option for PureBoot that disables tamper detection, but leaves you with the robust PureBoot recovery console for debugging boot issues. To balance our last “low security” feature, our most recent PureBoot release, version 23, offers a new […]

The post Introducing PureBoot Restricted Boot appeared first on Purism.

by Kyle Rankin at November 03, 2022 22:54

Privacy Browser

Why I Insist People Use the Forums and Issue Trackers

From time to time I come across people who are frustrated when I insist that they use the forums and the issue trackers to communicate with me regarding the project. Instead of having to explain my reasoning over and over again, I thought it would be valuable to post it here.

When I first started working on Privacy Browser, I had the attitude that I would meet people wherever they were to answer any of their questions. That initially worked, but as the project grew I realized there were some structural problem with that approach that disserved Privacy Browser’s users in ways I wasn’t expecting. I describe these below in what I consider to be their order of importance.

Public Transparency

One of the things that I think is important for maintaining trust in software that is designed to protect privacy and security is that, not only should the source code be publicly available, but also all the communication from the project regarding the reasons why decisions are made and the direction the project will take in the future. If users can be certain that all communication regarding bug reports and feature requests and decisions about which search engines will be included and who is funding the project are public record, it increases their ability to trust the project itself. If someone submits a feature request and I decline to implement it because I don’t think it is good for the project, everyone should be able to see the reasoning I put forth so they can make their own determinations as to if I am operating in the user’s best interests. If (this has never happened, but it might in the future) a user contacts me and would like to fund the development of a feature that is already planned for down the road, but that the user would like to pay to move up the list of priorities, any discussion about that should happen in the public sphere, so that everyone can make their own determination if that in any way compromises the privacy and security of the project or distorts my focus from the users’ best interests.

Only in rare instances can I imagine ever discussing significant aspects of the software I develop outside of public channels. For example, if a user has a security bug report that is not being actively exploited, it would be appropriate to communicate that via email, so that it can be fixed before bad guys become aware of it. In a case like that, after the bug is fixed and deployed, I would copy the text of the email communication into a bug report for public consideration. Recently I had email communication with Mojeek regarding a blog post they were writing about Privacy Browser. After their blog post went public, I copied that email conversation into my own blog post so that everyone would be aware of what was discussed. (If you ever send me an email of significance to the project, as per my privacy policy, expect me to make it public.)

Searchable Record

Many users ask questions similar to what has been asked before. In the early days, I used to write email after email after email explaining the same things to different people. I also answered questions in various forums across the internet. I eventually realized that wouldn’t scale very well, partially because when a user asked a question I had already answered sometimes the location of the answer was private, so I couldn’t just link them to it. And sometimes I knew I had answered that question before but I couldn’t remember where it was (was it in an email, was it on a forum, was it in a blog post, was it in a private XDA message?) Not only did this make it hard for me to find the answer to link in my response, but it also made it hard for people to search to see if the question had already been answered.

In response to this, I decided that all substantive discussions about software Stoutner produces should take place in only two places, the WordPress instance that runs and the Redmine instance that runs Both of these have fairly easy to use search functionality, meaning that two quick searches should pull up everything I have written on a subject.

I understand that sometime it is hard to figure out what terms to search for to find a particular piece of information. Probably more than half of the responses I post to questions are simple links to where the answers can already be found. As the person who wrote the original information, usually I can remember which terms were used to discuss it, which may be slightly different than those terms used by person asking the question. Every time this happens, it makes the information easier for the next person to find, because now they can pull it up based either on the terms I used or the different terms of the person who asked the question before them.

This is part of the reason why I decided to limit comments on the WordPress blog to only the subject in the original post and require that all other comments and questions happen in the forum. Trying to find comments unrelated to the subject of a post isn’t usually very easy. It is for a similar reason that I insist that users keep each bug report/feature request to a single topic.

End User Resistance

I have been quite surprised to encounter a number of people who resist using the forums or the issue trackers to ask questions, file bug reports, or make feature requests. Usually their reasoning boils down to it being too inconvenient to create an account on Sometimes they state they would do so if I used a cloud based system where they already have an account, like GitLab or GitHub, but that they can’t be bothered to create an account on another site.

One of my fundamental guiding principles in developing security and privacy focused open source software is that all the server software I use to support the project must also be open source and I must be able to host it on my own hardware. This is part of my efforts to minimize my attack surface, not only in the software I produce, but also in the supply chain of software used to host the code and communicate with users. I understand that it does take a few minutes to register a new account, but I consider the benefits of self-hosted server software to far outweigh that slight inconvenience.

Other Communication Channels

I do participate in some other communication channels, most notably at this point on Mastodon using an account on the Fosstodon instance and in the F-Droid forums. But, if you follow me at all on those platforms, you will notice that anytime the conversation moves beyond the very basics, I will redirect it to or, so that everything of substance takes place in these two, easily searchable, locations.

by Soren Stoutner at November 03, 2022 18:14

/e/ foundation

Leaving Apple & Google: /e/OS 1.5 is out!, Discover what update brings to you!

Leaving Apple & Google: /e/OS 1.5 is out! Meet us at Open Source Experience; Discover what update brings to you!

  • Update your phone to /e/OS 1.5!
  • Meet us at Open Source Experience in Paris
  • Discover what update brings to you

Update your phone to /e/OS 1.5!

Discover our latest /e/OS 1.5 release.

Enjoy the improvements given to App Lounge, Advanced privacy, Camera and BlissLauncher. As well, multiple updates and bug fixes come with this new version.  This /e/OS v1.5 includes the Android security patches.

You can easily update your phone in ‘System updates’ in your phone settings menu. As always, make sure you have the latest update running on your phone!

Meet us at Open Source Experience, the meeting place for the Open Source software industry!

We will be at Open Source Experience, the European meeting of the Open Source Community, next week where our founder Gaël Duval will speak about Open Source as a strategic autonomy’s best friend for critical software infrastructures. 

The conference will take place on the 8th of November at 3:20 pm CET in Paris.

Register for the event:


Discover what update brings to you!

If you are using services from our partner Murena, such as Murena Cloud and, you’ll be pleased to learn that they are rolling out a single ID solution to connect with their services.

Having this new SSO (Single Sign-on) option means that you will have a single place to change your password ( which is then reflected in e-mail, the Murena Cloud and the shop ( And with this single login page, you are able to access your shop orders (provided you granted access to This option will help to simplify your cloud plan purchases in order to avoid errors and facilitate the process.

In other words, you can now use your ID as the unique ID to connect to, or other services like Gitlab…

And last but not least, comes now with an even more secure password hashing system, argon2. This means is using the latest recommendations on password storage for web applications. To benefit from this option, all you need to do is update your password in the security settings of

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community


by e_admin at November 03, 2022 14:07

November 02, 2022


Librem Key Goodies (Part 1)

The Librem Key comes preloaded with the PureBoot bundle to protect your firmware. While it’s good at protecting your boot firmware, that’s only some of what it can do. You can also encrypt your computer’s file system, auto lock on removal, and encrypt local documents just to get started. Encrypted Filesystem By default, PureOS has […]

The post Librem Key Goodies (Part 1) appeared first on Purism.

by David Hamner at November 02, 2022 16:00

November 01, 2022


Year-End Savings Start Now with $200 off on Librem 14 Laptop

  It is already the year end, and a new year will be knocking at our doors very soon! We’ve seen an incredible response to Librem 14 laptops this year, so we decided to offer a great new promotion, just in time for the holiday season ahead. Use the coupon L14SALE22 when you check out to […]

The post Year-End Savings Start Now with $200 off on Librem 14 Laptop appeared first on Purism.

by Purism at November 01, 2022 17:07

October 31, 2022

Privacy Browser

The X-Requested-With Header

Information in this post regarding workarounds and long-term solutions has been superseded in Privacy Browser 3.12 by access to WebView’s DevTools. I leave the original post for historical reasons and because it might be of interest to some readers.

As mentioned is several places on this website and in the app, there are some negative implications of using Android’s WebView to render web pages in Privacy Browser. The purpose of this post is to describe one of these downsides, explain the mitigations that are currently being taken, and describe the permanent solution that will be implemented in the future.

The Background

When any app uses Android’s WebView to load a web page, WebView attaches an extra header, named X-Requested-With, with the value set to the application ID. X-Requested-With is not a standardized header, but it is commonly used as a flag to mark AJAX (Asynchronous JavaScript and XML) requests. In that sense, WebView’s use of the field for a different purpose can cause issues for some web pages.

The Problem

One of the web tracking technologies that Privacy Browser is designed to mitigate is browser fingerprinting. Any piece of information the browser sends a web server that makes it stick out from the crowd increases the ability of the web server to uniquely fingerprint the browser. Including the app ID in the header, especially as long as Privacy Browser has a small market share, increases the chance that the total information sent to the server is unique.

For the Standard version of Privacy Browser the app ID is “com.stoutner.privacybrowser.standard”. The following is a log from that shows what information Privacy Browser <= 1.8 transmits to a web server (note that the User Agent has been changed from the default to “PrivacyBrowser/1.0”).

GET / HTTP/1.1||Connection:keep-alive|Cache-Control:max-age=0|Upgrade-Insecure-Requests:1|User-Agent:PrivacyBrowser/1.0|Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8|Accept-Encoding:gzip, deflate|Accept-Language:en-US|X-Requested-With:com.stoutner.privacybrowser.standard
The Workaround

Google doesn’t want to make it easy to get rid of the X-Requested-With header. However, there is a mechanism for replacing header information. This doesn’t allow a program to stop sending the X-Requested-With header, but it does allow a program to replace the app ID with a null value. Beginning with Privacy Browser 1.9, the following information will be sent in the headers:

GET / HTTP/1.1||Connection:keep-alive|Upgrade-Insecure-Requests:1|User-Agent:PrivacyBrowser/1.0|x-requested-with:|Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8|Accept-Encoding:gzip, deflate|Accept-Language:en-US
The Problems with the Workaround

The first problem with this workaround is that sending X-Requested-With: is not the same as not sending it at all. There are only going to be a few browsers that send X-Requested-With: as a header, so for fingerprinting purposes this workaround is only slightly better than including the app ID.

The second problem is that the technique for overwriting WebView’s headers only works on the initial request to a website. Any dependent requests for resources (like images, CSS files, JavaScript files, etc.) use the default headers. So even in Privacy Browser >= 1.9, the log of a request for a resource will be as follows:

GET /wp-content/themes/twentysixteen/style.css?ver=4.5.3 HTTP/1.1||Connection:keep-alive|Cache-Control:max-age=0|User-Agent:PrivacyBrowser/1.0|Accept:text/css,*/*;q=0.1|Referer:https%3a//|Accept-Encoding:gzip, deflate|Accept-Language:en-US|X-Requested-With:com.stoutner.privacybrowser.standard|If-None-Match:"10d4b-535f10e3fb580-gzip"|If-Modified-Since:Thu, 23 Jun 2016 12%3a18%3a46 GMT

This is a problem for every browser that uses Android’s WebView. For example, Lightning 4.3.3 behaves the same way as Privacy Browser >= 1.9: initial web requests include “X-Requested-With:” and resource requests include “X-Requested-With:acr.browser.lightning”.

Option to Use the Default Behavior

Even though the spec allows headers with null values, some websites don’t like it, usually causing them to fail to load. Privacy Browser 3.11 has the option to revert to the default behavior of sending the app ID, either app-wide or as a domain setting. Because this value is set when a URL is first loaded, and is not changed when a site is refreshed or loaded from the navigation history, changes to the X-Requested-With header may not take effect until after the app is restarted. Privacy Browser will restart automatically when changing the behavior app-wide in the settings. When changed in domain settings, the user will need to either restart the app or load the domain in question in a tab that doesn’t currently have it loaded.

The Long-Term Solution

There is a provision in WebView to bypass the default web loading functions by manually acquiring the information using HttpURLConnection and feeding it into WebView. This would allow the complete removal of the X-Requested-With header. However, making sure that all possible types of HTTP communication are handled correctly would be complex and any initial implementation would likely result in buggy behavior.

As a better solution, in the 4.x series Privacy Browser will switch from using Android’s default WebView to a custom rolling fork named Privacy WebView. This will allow for the complete removal of the X-Requested-With header.

by Soren Stoutner at October 31, 2022 19:46

October 27, 2022


We're looking for a translations coordinator!

Published by Keunes

Almost ten months ago we announced that we would be translating our website. The app itself was translated from the get-go (starting with Russian and German), using Transifex also pretty much from the beginning.

Today, we want to up our game. We would like to make our website available in (almost) as many languages as the app. To better engage our community of translators. To localise our communication materials. And to (explore the option to) change the translation platform used for the app, so we can improve translations efficiency and quality.

We’re not in a rush and don’t have a timeline for all this. But still — it’s an ambitious programme that requires some effort. So, to make this happen, we’re looking for a volunteer that would like to take up the role of Translations Coordinator.

Who we’re hoping to find

For this role we look for someone who is

  • comfortable in reading & writing in English, and maybe one or two other languages
  • loves the quirks of the languages that our world is rich (such as plural forms)
  • happy to devote, on average, 1 hour every week to AntennaPod
  • interested in learning about (or knows already about) Transifex, Weblate and other tools we use

What this role means in practice

Are you on board? You can probably expect to be doing the following:

  • send announcements to all AntennaPod translators to prepare for new (major) releases
  • answer the occasional question from translators about specific texts (in Transifex or Weblate)
  • add new languages in our tools and on-board new translators
  • represent the translators in our community, like on the forum or our community calls
  • click buttons and write language codes to get new website translations on the live website

AntennaPod is a project driven by volunteers. We do what interests us, and when we feel like it. But we try to respect the agreements we make with each-other, and let each-other know if we can’t keep to them.

Whoever will pick up this task, will of course not be alone in this effort. You’ll get support from and keep in touch with other core contributors (like @Keunes and @ByteHamster) via direct chat. Oh, and you don’t need any specific technical knowledge — as long as you’re happy to learn you’ll be fine.

What’s in it for me?

We’re all doing this for our own pleasure and entertainment. So we hope you’ll have a good time working on this together with us. And unless you’re an expert already, you’ll also learn a lot about different translation tools & processes, and build experience with community management.

With the support of our community members, we make a great podcasting experience accessible to thousands of people across the world. Will you join us? Contact @Keunes on our forum or via [username] to learn more or indicate your interest.

October 27, 2022 23:40


Kerberos authentication on the Librem 5

The Librem 5 features a built-in smartcard reader. While most people use it for GPG I wanted to see if it can be used as an authenticator for services like email (SMTP, IMAP), access to web pages (HTTPS), calendars, etc. without either having to retype a password often or having to store it on the […]

The post Kerberos authentication on the Librem 5 appeared first on Purism.

by Guido Günther at October 27, 2022 00:37


Dad sends naked picture of his child via Gmail to a doctor & his Google account gets blocked for good.

Once upon a time there was a father who used Google for everything: email, calendar, photos, logins. But then he shared naked pictures of his son with their children's doctor via Gmail. This got his entire Google account blocked. It was flagged for distributing child pornography or CSAM (short for child sexual abuse material). Even though the investigation was quickly closed, Google's block remained in place. This father lost access to years of email conversations, calendar entries, photos, and more. This example shows how harmful scanning for CSA material is. Instead we need security and privacy online!

October 27, 2022 00:00

October 26, 2022

Paul Schaub

Implementing Packet Sequence Validation using Pushdown Automata

This is part 2 of a small series on verifying the validity of packet sequences using tools from theoretical computer science. Read part 1 here.

In the previous blog post I discussed how a formal grammar can be transformed into a pushdown automaton in order to check if a sequence of packets or tokens is part of the language described by the grammar. In this post I will discuss how I implemented said automaton in Java in order to validate OpenPGP messages in PGPainless.

In the meantime, I made some slight changes to the automaton and removed some superfluous states. My current design of the automaton looks as follows:

If you compare this diagram to the previous iteration, you can see that I got rid of the states “Signed Message”, “One-Pass-Signed Message” and “Corresponding Signature”. Those were states which had ε-transitions to another state, so they were not really useful.

For example, the state “One-Pass-Signed Message” would only be entered when the input “OPS” was read and ‘m’ could be popped from the stack. After that, there would only be a single applicable rule which would read no input, pop nothing from the stack and instead push back ‘m’. Therefore, these two rule could be combined into a single rule which reads input “OPS”, pops ‘m’ from the stack and immediately pushes it back onto it. This rule would leave the automaton in state “OpenPGP Message”. Both automata are equivalent.

One more minor detail: Since I am using Bouncy Castle, I have to deal with some of its quirks. One of those being that BC bundles together encrypted session keys (PKESKs/SKESKs) with the actual encrypted data packets (SEIPD/SED). Therefore when implementing, we can further simplify the diagram by removing the SKESK|PKESK parts:

Now, in order to implement this automaton in Java, I decided to define enums for the input and stack alphabets, as well as the states:

public enum InputAlphabet {
    Signature,            // Sig
    OnePassSignature,     // OPS
    EncryptedData,        // SEIPD|SED
    EndOfSequence         // End of message/nested data
public enum StackAlphabet {
    msg,                 // m
    ops,                 // o
    terminus             // #
public enum State {

Note, that there is no “Start” state, since we will simply initialize the automaton in state OpenPgpMessage, with ‘m#’ already put on the stack.

We also need an exception class that we can throw when OpenPGP packet is read when its not allowed. Therefore I created a MalformedOpenPgpMessageException class.

Now the first design of our automaton itself is pretty straight forward:

public class PDA {
    private State state;
    private final Stack<StackAlphabet> stack = new Stack<>();
    public PDA() {
        state = State.OpenPgpMessage;    // initial state
        stack.push(terminus);            // push '#'
        stack.push(msg);                 // push 'm'

    public void next(InputAlphabet input)
            throws MalformedOpenPgpMessageException {
        // TODO: handle the next input packet

    StackAlphabet popStack() {
        if (stack.isEmpty()) {
            return null;
        return stack.pop();

    void pushStack(StackAlphabet item) {

    boolean isEmptyStack() {
        return stack.isEmpty();

    public boolean isValid() {
        return state == State.Valid && isEmptyStack();

As you can see, we initialize the automaton with a pre-populated stack and an initial state. The automatons isValid() method only returns true, if the automaton ended up in state “Valid” and the stack is empty.

Whats missing is an implementation of the transition rules. I found it most straight forward to implement those inside the State enum itself by defining a transition() method:

public enum State {

    OpenPgpMessage {
        public State transition(InputAlphabet input, PDA automaton)
                throws MalformedOpenPgpMessageException {
            StackAlphabet stackItem = automaton.popStack();
            if (stackItem != OpenPgpMessage) {
                throw new MalformedOpenPgpMessageException();
            swith(input) {
                case LiteralData:
                    // Literal Packet,m/ε
                    return LiteralMessage;
                case Signature:
                    // Sig,m/m
                    return OpenPgpMessage;
                case OnePassSignature:
                    // OPS,m/mo
                    return OpenPgpMessage;
                case CompressedData:
                    // Compressed Data,m/ε
                    return CompressedMessage;
                case EncryptedData:
                    // SEIPD|SED,m/ε
                    return EncryptedMessage;
                case EndOfSequence:
                    // No transition
                    throw new MalformedOpenPgpMessageException();

    LiteralMessage {
        public State transition(InputAlphabet input, PDA automaton)
                throws MalformedOpenPgpMessageException {
            StackAlphabet stackItem = automaton.popStack();
            switch(input) {
                case Signature:
                    if (stackItem == ops) {
                        // Sig,o/ε
                        return LiteralMessage;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                case EndOfSequence:
                    if (stackItem == terminus && automaton.isEmptyStack()) {
                        // ε,#/ε
                        return valid;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                    throw new MalformedOpenPgpMessageException();

    CompressedMessage {
        public State transition(InputAlphabet input, PDA automaton)
                throws MalformedOpenPgpMessageException {
            StackAlphabet stackItem = automaton.popStack();
            switch(input) {
                case Signature:
                    if (stackItem == ops) {
                        // Sig,o/ε
                        return CompressedMessage;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                case EndOfSequence:
                    if (stackItem == terminus && automaton.isEmptyStack()) {
                        // ε,#/ε
                        return valid;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                    throw new MalformedOpenPgpMessageException();

    EncryptedMessage {
        public State transition(InputAlphabet input, PDA automaton)
                throws MalformedOpenPgpMessageException {
            StackAlphabet stackItem = automaton.popStack();
            switch(input) {
                case Signature:
                    if (stackItem == ops) {
                        // Sig,o/ε
                        return EncryptedMessage;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                case EndOfSequence:
                    if (stackItem == terminus && automaton.isEmptyStack()) {
                        // ε,#/ε
                        return valid;
                    } else {
                        throw new MalformedOpenPgpMessageException();
                    throw new MalformedOpenPgpMessageException();

    Valid {
        public State transition(InputAlphabet input, PDA automaton)
                throws MalformedOpenPgpMessageException {
            // Cannot transition out of Valid state
            throw new MalformedOpenPgpMessageException();

    abstract State transition(InputAlphabet input, PDA automaton)
            throws MalformedOpenPgpMessageException;

It might make sense to define the transitions in an external class to allow for different grammars and to remove the dependency on the PDA class, but I do not care about this for now, so I’m fine with it.

Now every State has a transition() method, which takes an input symbol and the automaton itself (for access to the stack) and either returns the new state, or throws an exception in case of an illegal token.

Next, we need to modify our PDA class, so that the new state is saved:

public class PDA {

    public void next(InputAlphabet input)
            throws MalformedOpenPgpMessageException {
        state = state.transition(input, this);

Now we are able to verify simple packet sequences by feeding them one-by-one to the automaton:

PDA pda = new PDA();;;

pda = new PDA();;;;;

PDA pda = new PDA();;;

You might say “Hold up! The last example is a clear violation of the syntax! A compressed data packet alone does not make a valid OpenPGP message!”.

And you are right. A compressed data packet is only a valid OpenPGP message, if its decompressed contents also represent a valid OpenPGP message. Therefore, when using our PDA class, we need to take care of packets with nested streams separately. In my implementation, I created an OpenPgpMessageInputStream, which among consuming the packet stream, handling the actual decryption, decompression etc. also takes care for handling nested PDAs. I will not go into too much details, but the following code should give a good idea of the architecture:

public class OpenPgpMessageInputStream {
    private final PDA pda = new PDA();
    private BCPGInputStream pgpIn = ...; // stream of OpenPGP packets
    private OpenPgpMessageInputStream nestedStream;

    public OpenPgpMessageInputStream(BCPGInputStream pgpIn) {
        this.pgpIn = pgpIn;
        switch(pgpIn.nextPacketTag()) {
            case LIT:
            case COMP:
                nestedStream = new OpenPgpMessageInputStream(decompress());
            case OPS:
            case SIG:
            case SEIPD:
            case SED:
                nestedStream = new OpenPgpMessageInputStream(decrypt());
                // Unknown / irrelevant packet
                throw new MalformedOpenPgpMessageException();

    boolean isValid() {
        return pda.isValid() &&
               (nestedStream == null || nestedStream.isValid());

    close() {
        if (!isValid()) {
            throw new MalformedOpenPgpMessageException();

The key thing to take away here is, that when we encounter a nesting packet (EncryptedData, CompressedData), we create a nested OpenPgpMessageInputStream on the decrypted / decompressed contents of this packet. Once we are ready to close the stream (because we reached the end), we not only check if our own PDA is in a valid state, but also whether the nestedStream (if there is one) is valid too.

This code is of course only a rough sketch and the actual implementation is far more complex to cover many possible edge cases. Yet, it still should give a good idea of how to use pushdown automata to verify packet sequences 🙂 Feel free to check out my real-world implementation here and here.

Happy Hacking!

by vanitasvitae at October 26, 2022 16:14

Tux Phones

Vanilla OS offers an innovative, modernized "post-Debian" experience

Vanilla OS offers an innovative, modernized "post-Debian" experience

Ubuntu has been traditionally considered the most popular and user-friendly distro, and its core principles inspired a stream of derivate distributions in the past years. Although many users are happy with the general architecture, Ubuntu owner Canonical has sometimes been criticized for some technical choices, such as pushing most parts of the runtime into snap runtimes, moving even essential apps to the container format, or shipping "patched" version of software and desktops, or more including (harmless) ads in their desktop or even inside the terminal.

With some known flaws, but excellent community and adoption, some projects are trying to provide a compromise to make Ubuntu suitable also for the most die-hard Linux fans, while falling back in the pure Debian paradigm. And, truth be told, most of these projects work, but tend to be quite boring from a technical perspective - for instance, shipping different repositories of "purified" software, or removing every proprietary bit as in Purism&aposs (Debian based) PureOS.

The reason why Vanilla OS in particular deserves a mentioned is that it looks like a considerably better developed idea than most, and represents in some ways a modernized experience compared to Debian and Ubuntu.

Vanilla OS was born some weeks ago as a side project by developer Mirko Brombin, who is mostly known in the community for being the lead developer of Bottles, the app which made installing Windows applications through WINE easier, by providing custom-tailored "runners", complex dependency and library management, and - of course - a damn sexy UI.

The general approach of Vanilla OS seems to integrate some innovative Linux concepts in the otherwise very conservative Debian base while still opting for mainstream, mature technologies. In other words, Vanilla OS aims for a sweet spot between the usability of Ubuntu and the different concepts of Ubuntu derivatives such as elementaryOS, Pop OS and others. In fact, Vanilla OS tries to provide "vanilla" (as in upstream) experience of developer software such as GNOME, thus also becoming a mature "test bench" for software, and giving the end users the choice to adapt to their needs. We could say that Vanilla OS is not too unlike projects like Pop OS, but achieves that while remaining technically, er, more vanilla.

Diving into the project, we can find several core concepts:

Freedom of (packaging) choice – plus a new package manager

Vanilla OS includes a custom graphical (Gtk4) installer, which provides a "build-a-bear" setup to tailor many settings to the users&apos needs, without ever touching the terminal. For instance, the Snap runtime is now no more mandatory, but an option offered in a convenient switch to the end user. Similarly, users may choose to set up Flatpak, or AppImage packaging, at their choice during the installation process.

Vanilla OS offers an innovative, modernized "post-Debian" experienceVanilla OS package manager setup (source)

In general, most of the set-up process feels like Ubuntu, but gives users some more choices without scaring newcomers away in the process.

Last but not least, Vanilla OS comes with a new package manager, apx, that provides lightweight containerization and format-agnostic installation of software from different sources. In particular, apx is based on the work of DistroBox.

On-demand immutability

The core idea of traditional immutability is to isolate all critical areas of the filesystem from user modifications,

Usually, immutability comes together with the possibility to snapshot, and "commit" new changes to the system partition while allowing for easy rollbacks if something goes wrong, not too unlike the "restore points" in Windows-based systems.

Vanilla OS offers an innovative, modernized "post-Debian" experienceImmutability can be enabled at setup time

However, Vanilla OS goes for a simpler, "on-demand" immutability, which on the one hand does not require filesystem modifications, but on the other provides no support for snapshots or restore points. The docs justify this choice, versus using OSTree or similar projects, as one that is simpler to use and compatible with all setups.

In general, the idea should be that a read-only system partition also allows for temporary modifications to the system partition, which can be restored to their original state when needed. This allows for "virtual" modifications to critical parts of the system upon need, but does not affect the final filesystem state. However, traditional, permanent modifications of the system are also possible, if needed, by toggling the immutability of certain areas of the filesystem.

Vanilla OS is an on-demand immutable distribution, the system is read only to prevent unwanted changes and corruption from third party applications or a faulty update. Some paths are still writable, such as the home directory, this allows the user to keep their files and ensure the normal functioning of applications.

You can find more about on-demand immutability, achieved via almost, in the Vanilla OS docs.

Purity – "upstream first"

A common debate that appears is between distro maintainers, who tend to customize desktops and app themes for branding reasons, and more "puritan" software projects like GNOME, which emphasize how such customizations affect the styling quality and overall stability of the system, and discourage distributions from delivering variants of their apps that have been modified or reskinned through patchwork.

The truth may be in the middle, but Vanilla OS tries to deliver software as the initial developers intended it, also for the sake of better stability. In doing so, it represents one of the very rare downstream distros that try to deliver fewer bugs than its parent, and at least ideally an exception to the idea that software becomes always less stable in derivative distros, which I wrote something about in the past.

Similarly, the Vanilla OS website presents the project as one also aimed at gamers, and being upstream-first in this case should reduce the risks of glitchy games or broken graphics.

GUI-centric user experience

Because most actions and post-install configurations can be achieved through a set of GUI apps. An example is the driver manager, which can be seen in the video below

Mobile friendliness?

In doing all these things, Vanilla OS tries to be "sort of" lightweight, and would likely present, in its default configuration, a similar footprint to projects like Mobian. At the same time, immutability gets closer to the system partition isolation that Android and iOS devices offer, and may reduce the risk of an unreliable or corrupted Linux system, provided that an easy restore mechanism exists for the end users.

In other words, the core concepts of Vanilla OS could be as useful for mobile Linux devices as they are for desktops, aiming for stability while being as inoffensive and upstream-first as possible. But Vanilla OS is still at an early development stage, no plans for ARM (mobile) devices have been done yet, and only time will tell how far it can go.

You can find more information about Vanilla OS on its official website, or in their Discord channel.

Vanilla OS
Vanilla OS is an On-Demand immutable Linux based distribution which aims to provide a vanilla GNOME experience.
Vanilla OS offers an innovative, modernized "post-Debian" experience

Via Mirko&aposs Twitter

by Raffaele T. at October 26, 2022 08:48

October 21, 2022


Gadgetbridge 0.71.x: Initial support for Amazfit GTR 3 and SuperCars (Shell Racing Cars)

After some delays and fine-tuning of the release, next version of Gadgetbridge is now out with whole lot of changes. Interestingly, it is not 0.71 but already 0.71.3 as of the writing of this blog post.

Initial support for Amazfit GTR 3 and SuperCars (Shell Racing Cars)

Initial support for Amazfit GTR 3 was added, which is very similar to GTS 3, and Mi Band 7 see the wiki page here for more information.

@vanous has added support for an entirely new class of devices - a Bluetooth remote controlled car models! If you own a Shell Racing Car, please give it a try ;)

Bye-bye Android 4.4 (KitKat)

Like we announced in our last blog post, Android 5.0 is now the minimum requirement for Gadgetbridge. This allowed us to clean up some code and ugly workarounds. Even the F-Droid client no longer supports Android 4.4, and we were not aware of users who are still on KitKat. Time to move on!

Bye-bye NDK!

@ashimokawa has ported the ECDH C library to pure java, a very straight-forward and simple port, basically fighting with the absence of pointers and unsigned integers was the only real work to do.

No NDK means faster build times and less build dependencies - also for our CI. Last but not least it also makes reproducible builds easier - we are probably already (almost?) there.

Device support improvements

@joserebelo continued with his quest to implement first class support for Zepp OS based devices (MiBand 7, Amazfit GTR 3, GTS 3...) with their activities, sleep and workouts fetching, firmware updates and more.

The Bangle.js team has been improving the Bangle.js device support and capabilities and added the ability to start services via intents, or to wake and unlock the Android device.

Huami devices (MiBands and Amazfits) can now choose whether device preferences as set in Gadgetbridge should be sent to the device on start of each connection which until now has been the case. This new setting can allow to have a watch or a band be configured in the original vendor's app and then connect it to Gadgetbridge, without overwriting settings in the device during the connection. Many other improvements have been added - like improved "Find device", which is now not dependent on the "Do not disturb" setting.

Fossil HR, InfiniTime, Flipper Zero, Mi Band 6... have also gained several improvements, see change log below. Many thanks to @arjan5, @Ganblejs, @dakhnod, @gfwilliams and others for all the contributions!

General app improvements

We have fixed several crashes. One, when opening Gadgetbridge from the notifications and another crash on some older Android versions.

More automation is now possible thanks to new Intents which allow to set device settings or can send information about a device being connected/disconnected. See a dedicated Wiki page for the Intent API.

These have been just the highlights, see more details below.

Many thanks to everyone for their contributions and support!

For all user-facing changes of this release, check the following list:



  • Fossil/Skagen Hybrids: Update known watch app versions
  • Skagen Hybrids: Allow firmware installation
  • Fossil Hybrid HR: Request menu config upon app connection
  • Amazfit GTS3: Fix crash when fetching workouts
  • Zepp OS: Fix fetching workouts shorter than 1 minute
  • Zepp OS: Decode workout elevation and altitude
  • Huami: Do not crash when failing to parse activity summary
  • Re-connect after update, especially useful for users of nightly releases
  • Make number of not scrollable sleep sessions lines configurable


  • Zepp OS: Display HR zones and Training Effect in Activity Details
  • Remove shortcut feature due to non-free dependencies (#2918)


  • Try to exclude non-free stuff from shortcuts library (#2918)
  • SuperCars: fix periodicDataSender, add tricks
  • Zepp OS: Fix crash when user attempts to disable Settings display item
  • Fix crash when opening Gadgetbridge from the notification


  • Remove KitKat support, Gadgetbridge now requires Android 5.0
  • Initial support for Amazfit GTR 3
  • Initial support for SuperCars (Shell Racing Cars)
  • Huami: Add preference to overwrite band settings on connection
  • Huami: Fix crash when selecting automatic Always On Display
  • Huami: Set OpenTracks track category and icon
  • Huami: Implement proper find device
  • Huami: Change default find band vibration pattern
  • Flipper Zero: added duration to Intent API
  • Flipper Zero: fixed crash due to unregistered boradcast receiver
  • Flipper Zero: fetch firmware version from flipper
  • Fossil Hybrid HR: Correctly initialize watchface after reset or crash
  • Fossil Hybrid HR: Set OpenTracks track category and icon to workout type selected on watch
  • Fossil Hybrid HR: Allow flick_away as custom event and add move_hands event
  • InfiniTime: Add weather support
  • Amazfit Neo: Fix world clock
  • Amazfit Neo: Fix long caller name display
  • Amazfit Neo: Remove activity tracks (unsupported)
  • Amazfit GTS 3: Fix battery drain due to unanswered weather requests
  • Mi Band 7: Fix Weather
  • Mi Band 6: Add support for workout activity types
  • Mi Band 6: Enable adding workout activity types to the "more" section
  • Amazfit GTR: Enable button actions
  • Zepp OS: Implement activity, sleep and workout fetching
  • Zepp OS: Improve firmware upgrades
  • Bangle.js: Add PATCH HTTP request type, and fix for VolleyError UnsupportedOperationException when supplying custom headers.
  • Bangle.js: Add ability to start services on the Android device via intents.
  • Bangle.js: Flags and multiple categories can now be specified for intents initiated on the watch.
  • Bangle.js: Add ability to wake and unlock the Android device via a special intent.
  • Allow 3rd party apps to set device settings
  • Re-implement C code in Java and remove Android NDK dependency entirely
  • Fix crashes on older Android versions when using some devices
  • Add support for REM sleep
  • App shortcuts support (long press on the launcher icon for directly connecting a device)

by Andreas Shimokawa at October 21, 2022 22:00

October 18, 2022


Priority Orders for Librem 14 Laptops (with Standard Specs) Available Now!

Just in time for the holiday rush season ahead, we are offering our Librem 14 customers an amazing option to get their laptops within 48 hours (2 business days) after placing their order. Customers who order the Librem 14, can now get their laptops delivered within 2 business days (instead of the usual 10 business […]

The post Priority Orders for Librem 14 Laptops (with Standard Specs) Available Now! appeared first on Purism.

by Purism at October 18, 2022 21:39

Pine 64

InfiniTime 1.11

We released InfiniTime 1.11 a few days ago. The timing of the release did not align with the monthly community update, so we decided to write a small blog post to highlight a few new features and provide new about the PineTime community! InfiniTime 1.11 is the result of three and a half months of work from many contributors. 59 pull request have been merged with changes ranging from new watch...


by JF at October 18, 2022 17:44


Our design update brings nice improvements, particularly on mobile devices!

We have released a new version of Tutanota, which brings great improvements to all Tutanota clients, but in particular on mobile devices. With this update, we are sticking to our design specifications of having a clear and simple design with a lot of space for the important things: Your encrypted emails.

October 18, 2022 00:00

October 17, 2022


Librem 5 Vs. Librem 5 USA

Both the Librem 5 and Librem 5 USA run the PureOS Operating System based on GNU/Linux and share the same hardware specs. So what exactly is different between them? The key differences between the Librem 5 and the Librem 5 USA are the manufacturing location, lead time, and price. The actual electronics design, physical look, […]

The post Librem 5 Vs. Librem 5 USA appeared first on Purism.

by David Hamner at October 17, 2022 20:40

October 15, 2022

Pine 64

October update: An Ox, no bull

I hope that the good news and all the announcements of this month will make up for the much delayed publication date – which is something I sincerely apologize for. This month we’re announcing the Ox64 – a sub $10 Linux capable single board computer, we are bringing you news that both the Star64 and QuartzPro64 now boot Linux (and run it well too already!) and share all the latest PinePhone Pro...


by Lukasz Erecinski at October 15, 2022 19:18

October 12, 2022

/e/ foundation

Leaving Apple & Google: Murena One is now available!; share your feedback on /e/OS 1.4

Leaving Apple & Google: Murena One is now available! Share your feedback on /e/OS 1.4

  • Murena One is now available!
  • Share your feedback on /e/OS 1.4

Murena One is now available!

Murena One, the first Murena branded smartphone with /e/OS, is available for purchase!

This 4G LTE smartphone perfectly completes our Murena phones range together with Teracube, Fairphone and Gigaset. Murena One is the perfect balance between privacy and a all-round smartphone that offers you the full habitual experience without trading off your data. With its 128 GB of storage, it comes with a dual SIM, a gorgeous 6.5 inches display, a 25 megapixel front camera for great selfies, and 3 rear cameras for awesome shots with respectively 48, 8 and 5 megapixels sensors. This phone has a 2 Year Warranty.

The Murena One is only available in our online store: and ships in the USA, Canada, Europe, UK and Switzerland.

We are truly excited to see the Murena One in your hands and to learn about your experience using it!

Share your feedback in our community forum.

Share your feedback on /e/OS 1.4!

Have you already updated your phone to the latest version of /e/OS?

Share your feedback and comment about v1.4 of /e/OS in the forum.

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community


by e_admin at October 12, 2022 12:41


Premium makes Tutanota even better. Hidden features in your Tutanota mailbox.

Tutanota is a secure freemium email service that protects your data with built-in encryption. We make sure that you can store your emails and contacts securely encrypted in Tutanota. While you can easily access your encrypted emails on every device, nobody else can spy on your data. This high level of security is only possible because of people valuing their right to privacy by going Premium. In return, you benefit from a lot of extra features as a Premium, Teams or Pro user.

October 12, 2022 00:00

October 11, 2022

Tux Phones

An unexpected revival of Firefox OS

An unexpected revival of Firefox OS

The dream of an HTML-based operating system is nothing new, and in fact, something we have seen since the early 2000s. With the Internet exploding in popularity and complexity, it has always been tempting to think of browsers as convenient graphical renderers, and CSS as the ultimate markup language for designing complex UI elements.

However, reality has often clashed with this view. Many projects proposing an HTML5 or JavaScript desktop UI have historically shown bottlenecks even on high-spec machines, and although a subset of CSS is finally being used in the majority of "traditional" toolkits such as Qt, Cocoa, and GTK, the adoption of JavaScript logic to control desktop frontends is still lagging behind. Aside from Google&aposs Chrome OS, Electron, and many other projects, the whole GNOME Shell frontend runs on top of a JavaScript interpreter... and sometimes it shows.

Mozilla’s $25 Smartphone Is a Brilliant Gamechanger
If you don’t have any customers, create them.
An unexpected revival of Firefox OS
The $25 Mozilla smartphone was an ambitious plan

One of the most important open source attempts in this direction was Firefox OS, the alternative to Android created and promoted by Mozilla in the early 2010s. Firefox OS, also known as Boot2Gecko from the "Gecko" rendering engine of Firefox, was a surprisingly clean and smooth experience, and its official deprecation in 2016 was probably more of an adoption issue than a technical problem. In fact, the idea of booting to a browser and interfacing apps with the kernel directly is rather intuitive, and would not be that much heavier than booting most other modern UIs in the first place.

Even Firefox OS&aposs user interface was very nicely designed, with visible inspiration from HP WebOS and Palm OS. Clean lines, a lively flat design, and an easy-to-use app development toolkit made it a compelling alternative to Android and iOS. Except nobody adopted it seriously, and it died in 2016.

An unexpected revival of Firefox OSThe first Firefox OS phone (2013) was cute-looking, linuxy, and inexpensive

However, in the last months Firefox OS has experienced a similar revival to other projects, such as HP webOS (which became LuneOS) and Nokia&aposs Maemo (now Leste). The first major commercial adoption of B2G/Firefox OS was seen around 2018 with KaiOS, a  widely popular commercial fork of Firefox OS that promised to be a modern OS for inexpensive feature phones. Although KaiOS turned out to be disappointingly closed and oriented to tracking users and shipping advertising, it was quickly forked in GerdaOS, a custom ROM that promised to bring back some of the openness of Firefox OS to KaiOS devices such as newer Nokias, and kill the intrusive user trackers in the process.

GerdaOS: a custom ROM to liberate the heart of Kai
GerdaOS project page

Most importantly, however, the Capyloon project is not just a heavily modded (still somewhat closed) KaiOS as was Gerda, but a functional, fully open-source Firefox OS build for modern Linux phones, such as the PinePhone Pro, Purism Librem 5, and Pixel 3A.

In spite of its clear goal, Capyloon&aposs project page has some admittedly confusing marketing: defining it an "experimental user agent" for better Internet privacy and a GUI at the same time, the website does not clarify that the main purpose is a full user-facing OS. Furthermore, the Capyloon page proposes WebAssembly and IPFS integration as the main priorities of the project, but it is not made immediately clear how this integration works in practice.

LINMob testing Capyloon on the PinePhone Pro

Capyloon&aposs frontend, Nutria, is shipped with an SDK for development of new apps, and will likely run older Firefox OS apps with little or no adaption. Furthermore, it is possible to test Nutria also on most new Android devices by live-booting a Google GSI (Generic System Image) and test the Firefox OS UI on top of the Android kernel. For those without a supported phone, a Capyloon virtual machine can also be built in one command using a Rust-based build script, or downloaded as a Debian package.

Capyloon - Reclaim Your Web!
An Experimental Web Based User Agent
An unexpected revival of Firefox OS

Via @linmobblog / Twitter

by Raffaele T. at October 11, 2022 08:41


A new way to catch up on the latest episodes

Published by Keunes

Whether you’re subscribed to a lot of podcasts or just a handful, you want to know what’s the next thing to play. Version 2.7 of AntennaPod introduces a better way to do just that: the Inbox!

Introducing the Inbox

The Inbox displays all new episodes. As soon as you interact with an episode anywhere in the app (start playback, download, etc.), it automatically gets removed from the Inbox. At that point, after all, you’ve seen it exists and made a decision on what to do with it.

With swipe actions in the inbox, which you are invited to set up on first use, you can:

  • Add episodes to the Queue
  • Remove episodes from the Inbox (similar to removing the ‘new’ label in previous versions)
  • Download episodes

True podcast addicts might use the Inbox as a ‘triage’ screen, manually curating episodes and swiping the best ones straight into the queue. Those who follow just 2 or 3 podcasts might check this overview of new episodes when they’re up for listening to something, and start playing an episode that looks interesting.

If you’re an existing user, you’ll notice that your inbox will be full. That’s because all episodes that had the ‘new’ label are now in your inbox. Whether you ignore the list, slowly work your way through it, or ‘remove all from inbox’ is up to you.

Not all that special

Now you wonder - what’s so special about an inbox? Don’t we already know this concept from email since the nineties?

Truth be told: yes. But none of the other major podcast apps seem to have this1. This functionality has been developed after a request from one of our active contributors (the author of this post, as it happens), rather than by copying the other apps.

And we have to admit: even for AntennaPod, it’s not that revolutionary. Our long-time users probably already know the ‘New’ tab of the Episodes screen. The downside of the old Episodes screen was that the presence of tabs prevented the introduction of swipe actions. With swipe actions, managing new episodes is a whole lot easier.

What’s next

So far we’ve had positive feedback from our beta testers. (You can join the beta testing if you want.) But there are already ideas for further improvements. For example:

  • Allow to swipe episodes from the inbox directly into an ‘ignored’ status. So that auto-download will never spend bandwidth & memory on these episodes. And podcast junkies can build stats showing which podcasts they might want to unsubscribe from.
  • Introduce a ‘Skip inbox’ setting at podcast-level. Because the podcast is so great that it doesn’t need triaging. Or because it has only very few gems, and your friends will tell you about them.
  • Indicate which episodes were released recently. So that you can see what’s been added to your inbox since you last opened AntennaPod.
  • Add a dating app-like swipe experience. Because the list view doesn’t provide much information, while a full-screen swipe mode allows to show (part of) the description text.

It’s important to know that these are just ideas of the post’s author. No guarantees that any of these will be implemented. But more importantly: what further tweaks or features around the Inbox would you like to see? And how will you use the Inbox? Don’t hesitate to chip in on our forum to share your thoughts!

PS: there’s more to explore

The inbox is just one of the improvements that was released. Here are some other changes in 2.7:

  • Use swipe actions and quickly toggle Favourites on the Episodes screen (@ByteHamster)
  • View a list of (unplayed) episodes in Android Auto (@tonytamsf)
  • Scroll to the top of lists by long-pressing the toolbar (@ByteHamster)
  • Bug fixes around authentication for podcasts & Nextcloud sync (@ByteHamster)
  • Directly open localised documentation if available (for now: da, fr, it, nl) (@ByteHamster)

Check our forum for a full list of changes.

1 We checked Podcast Addict, Castbox and Podbean and they didn’t have an Inbox/New episodes screen with swipe actions. We wanted to try Google Podcasts but to install it you must install the Google app, so we didn’t bother.

Photo by Anne-Onyme.

October 11, 2022 08:30

October 10, 2022


CSAM Scanning: EU Commission's lies uncovered.

Today the EU Commission will present unprecedented legislation that would require online service providers to automatically and indiscriminately monitor digital correspondence and data for potential child sexual exploitation material. This would make all of your communication via chat and email subject to mass surveillance. But the truth is: There are better ways to save the children than putting every EU citizen under constant surveillance, and we have data that proves this.

October 10, 2022 00:00

October 08, 2022

Privacy Browser

Privacy Browser Design Guidelines

From time to time I receive feedback from individuals regarding the layout of privacy browser on small screens. Usually this feedback relates to eliminating an element that they feel is not important enough to warrant the space utilization or diminishing the size of the fonts so that more information can fit on the screen. I am always thankful for these suggestions (I at least remind myself that I should always feel thankful for these suggestions), and sometimes they have led to beneficial changes in the layout. Other times there are reasons for the current design that the person making the suggestion has not considered. I thought it would be helpful to write a post explaining some of these design decisions so that they would be better understood by the community.

When designing Privacy Browser, there are a number of general principles I follow.

  1. Present as much control and feedback to the user as possible.
  2. Use the minimum possible amount of screen real estate.
  3. Minimize the number of taps that are required for common actions.
  4. Reuse existing Android elements as much as possible.

Let me explain of what I mean by each of these points.

Present as much control and feedback to the user as possible

There is both an art and a science to presenting lots of information to the user in a small amount of space in a way that is intuitive and useful. Many programs want to hide important information from users in a misguided attempt to make things “simpler”. Others organize information in a way that is jumbled or difficult to understand. The best programs present all the desired information in an intuitive format that isn’t distracting.

An example of how this design philosophy plays out in Privacy Browser can be seen in the bookmarks interfaces. Privacy Browser’s bookmarks are stored in a SQLite database. Most users don’t want to think about any of the complexities of the underlying structure of the data storage. They just want an easy and intuitive way to interact with their bookmarks. However, there are other scenarios, like troubleshooting database import/export problems, where a power user might need to access or modify the underlying data structure. This led me to create two interfaces, one for general bookmark usage, and one to view and edit the bookmark database values.

Use the minimum possible amount of screen real estate

Nobody likes wasted space, especially on a small phone. Now, this might sound obvious, but to use real estate effectively, each item in the interface must be big enough to see or read, and nothing the user interacts with can be smaller than their finger. Privacy Browser’s two drawer layouts provide a good case study. The navigation menu that opens on the left is generated by a standard Android NavigationView, which provides developers little control over the layout. As you can see in the screenshots below, the interface has been designed to space each entry far enough apart that the user doesn’t accidentally tap the wrong item. Like many default Android interfaces, it uses a relatively small font with a large amount of white space between the lines. On the other hand, the bookmarks drawer that opens on the right is a custom interface that I built. Each entry is also spaced sufficiently so that accidental taps are avoided, but my personal preference is to use larger fonts and less white space. This often has the effect of making users feel that the space is being wasted (because the font is so large), leading them to believe that if the font were smaller more bookmarks could be displayed on the screen. However, the constraining limit on the bookmarks is less about the size of the font and more about the minimum size of the human finger. Consider the three examples below, which are screenshots taken on a Pixel 2 XL running Privacy Browser 3.0.1. With a small system font size, the number of entries in the navigation menu is 13 and the number of displayed bookmarks is 16. When the default system font size is used, the number of entries in the navigation menu remains 13 and the number of displayed bookmarks is slightly more than 14. When the largest system font size is used, the number of entries in the navigation menu is still 13 and the number of displayed bookmarks is 12.

The takeaway from this is that, even thought the font size is larger in the elements I designed in Privacy Browser, the number of bookmarks displayed is greater than if I had followed the standard Android design guidelines used in the navigation menu. It functions as a sort of optical illusion. Even when placing the screenshots side by side, the mind still wants to think that more information is displayed in the navigation menu. But not only does my interface convey more entries for all layouts except for the largest system font size, it does so using nice, big fonts (something I really enjoy even though I have good eyes and something that people with poor eyesight find absolutely essential). It also provides more flexibility to the user by actually adapting the amount of information on the screen to the system font size that is selected, as compared to the standard Android layout, which adjusts the white space so that, on this particular device, 13 entries are all that are ever displayed.

Minimize the number of taps that are required for common actions

I don’t know any developer who doesn’t agree with this in principle, but it can be very hard in practice because 1) different users use different actions, and 2) every time you make something easy to get to you use up precious screen real estate. It is somewhat funny to me that almost every time I make any change to the layout of the options menu I receive feedback from users somewhat along the lines of, “How come you moved my favorite command to a submenu? I use it all the time and now it takes two taps! Also, why don’t you get rid of all the other commands. I never use them and they are just in the way.” As a developer, I can’t just consider how I use the app, but I have to try to think of all the possible ways users might use it.

Figuring out the optimal design ends up being quite a balancing act, one that gets refined over time based on my own personal experiences using Privacy Browser and the feedback I receive from users. As a case study, let me explain the process of designing the tab interface that was released in version 3.0. From the very beginning of the process I wanted to have a tab interface that was displayed directly on the main Privacy Browser window. Most other phone browsers hide their tab interfaces somewhere behind a button or a swipe, so that it takes two actions to do anything with tabs. For some browsers this also involves switching to a secondary activity that covers the entire screen. I knew it wouldn’t be possible to have everything relating to tabs visible on the screen at all times, but I wanted to get at least the most commonly used actions there.

The resulting design uses a TabLayout that is part of the app bar (under the action bar). It is designed so that on almost any device it is possible to see at least two tabs at once. It also has an easily accessible button for adding a new tab, which is a common action and doesn’t take up much additional screen real estate. Because Android already makes the tabs about as tall as a standard finger touch, it made a lot of sense to display the website title in two lines, thus displaying more information.

Initially I thought about adding a close button on each tab, similar to what Firefox or Chrome have on their tablet interfaces. However, I didn’t do this for two reasons. 1) I was concerned that users would accidentally close tabs when they meant to do other things. For example, if more than two tabs are opened on a small device, the user has to drag the tab layout left and right to scroll between them. It would be easy for the drag gesture to accidentally be detected as a tap on the close tab icon. And the absolutely worst kind of interface, worse than having a desired command buried beneath seven layers of submenus, is an interface that mistakes your intentions and does something different than what you just told it to do. 2) I don’t think Android’s TabLayout will allow users to interact with individual elements inside the tab. So the only way to accomplish this would probably be to either modify TabLayout or design an entirely custom interface from scratch. This would be an awful lot of work for something I expect wouldn’t work that well in the end, although there is an open feature request for this and I will probably look into it deeper in the future.

My solution was to place the close tab command as the first entry in the navigation menu, meaning that adding a tab takes one tap but closing a tab takes two (not a very symmetrical experience). Based on user feedback, in version 3.0.1 I added the ability to close a tab that is at the beginning of its WebView history using the back button. This allows tabs that are opened by an intent from another app to be quickly closed with one tap by hitting the system back button on the navigation bar. Not only is this a fairly intuitive interaction for most Android users, but it also takes care of closing tabs in 90% of my personal workflow. It is not a perfect solution, and things will likely evolve in the future, but it represents the current balancing act between usability, screen real estate, and what makes the most sense for the majority of users.

It was as I writing this post that I realized I could place the close button on the left of the TabLayout, similar to how the open button is on the right. This has the advantage of being far enough away from everything else so as not to be a casualty of accidental taps. It is easy to implement because it doesn’t require differentiating taps on different sections of a tab. And, when there is only one tab, it runs Close and Exit, which is a feature I have always wanted to have on the app bar for one-tap access, but I was never previously able to justify the space.

The final design.

As is usually the case, once you discover a good solution, it seems obvious. But it can often take a lot of work to figure it out.

Reuse existing Android elements as much as possible

Android has a bunch of standard views, widgets, commands, tools, and other elements that can be used to build apps. It is also possible to custom build almost anything with enough work. One of my design philosophies is to use the standard building blocks as much as possible. There are several benefits in doing so. Among them are that Google spends a lot of time making sure these elements scale well between different screen sizes. They work across all the various versions of Android. They are automatically updated when newer versions of Android come out. They scale to different form factors (like tablets) and even to different environments (like Chromebooks). Custom code, on the other hand, requires much more extensive testing to make sure it is going to work across all the various devices out there in the real world. It can require extensive refactoring when new versions of Android come out. It might not adapt to new environments, like Chromebooks. And it won’t automatically update to follow newer theme guidelines, creating a less consistent user experience between Privacy Browser and other Android apps, which increases the learning curve and UX (User eXperience) dissonance.

All that being said, using the standard Android tools is also problematic. Android is buggy, Google isn’t very receptive to bug reports (they barely even read them), and really nasty glitches can continue for years without resolution or even acknowledgment. Also, these tools often don’t do exactly what you want them to do, leading to a lot of compromises and imperfect solutions. And they tend to waste a lot of screen real estate. Although many examples could be given, two will suffice, one where I have chosen to use the default tool even though it is imperfect and the other where I have built a custom solution.

Android has a standard icon for opening the navigation drawer, called the hamburger icon because of the three horizontal lines that look (only a very little bit) like a hamburger bun with a meat patty in the middle. There is a standard tool, ActionBarDrawerToggle, that lays this out in the top left of the action bar and makes it interface with the navigation drawer. The selection, animation, and layout of the icon are all handled by ActionBarDrawerToggle. However, the layout it uses consumes too much white space, as can be seen by the huge wasted area between the hamburger icon and the beginning of the URL text box in the screenshot below. I have considered replacing it with a custom layout, and I might well do so at some point in the future. But the advantage of using a standard tool has so far outweighed the negative of the lost space.

Look at all the white space just dangling out there.

The other example has to do with nested scrolling of the WebView, which allows the app bar to be scrolled off the screen. As described earlier, adding the tabbed interface requires a significant amount of screen real estate. This isn’t really viable unless there is a way to recapture that space while reading a website. Android has an entire set of tools for doing this, but for reasons that make no sense, they do not support doing so with WebViews. So, before I even started working on tabbed browsing, in the last major release of the 2.x series, I implemented an extension of Android’s WebView that worked with nested scrolling of the app bar. It wasn’t easy, but the functionality is so central to what Privacy Browser is trying to accomplish that it was necessary to do so.

by Soren Stoutner at October 08, 2022 18:47

October 07, 2022


Librem 5- Device Overview

Librem 5 phones are for those who care about their digital security and the use of free and open source software. Our team has designed the phone so that the parts are easily repairable and you can keep using the same phone for a longer time. Let’s go through the hardware of the phone. On the […]

The post Librem 5- Device Overview appeared first on Purism.

by David Hamner at October 07, 2022 17:21


OSM Editing in Croatia

Written by

Polish students from Krakow were taking part in the project of updating the maps of the Peljesac peninsula in Croatia due to the cooperation of the Pedagogical University in Krakow and OpenStreetMap Polska Association (OSMP).

OSM Polska

Peljesac peninsula in Croatia (photo: Anna Górska)

As part of the Peljesac Cartographic range, Dr. Paweł Struś and Dr. Krzysztof Wiedermann from the Geoinformation Research Laboratory of the University of Life Sciences in Krakow gave a lection about modern methods of obtaining data in the field and their digitization.

OSM Polska

Peljesac peninsula in Croatia (photo: Anna Górska)

On behalf of the OpenStreetMap editors community, the event was attended by Włodzimierz Bartczak, OSMP vice-president, and Przemysław Boszczar, OSMP member and one of the most active editors. As part of the course, they familiarized students with the OpenStreetMap data model, data editing tools and data entry principles.

OSM Polska

Włodzimierz Bartczak and Przemysław Boszczar with students (photo: Anna Górska)

As part of the project, students collected data in the field, data on tourist infrastructure, including hotels, restaurants, and vineyards located in the vicinity. They analyzed the existing orthophoto map and, on its basis, updated data on the development of buildings, routes, and buildings remotely. The main application for collecting data was OsmAnd. OpenStreetMap editing plugin allows to collect data offline with loading it after. Participants of the event gathered over 15,000 new objects, including POIs with its addresses, made around 27,000 changes to the database. All changes are marked with the hashtag #peljesac and you can check them yourself by searching in OpenStreetMap.

OSM Polska

Editing the map with OsmAnd (photo: Anna Górska)

These data were used to prepare a detailed tourist map of the peninsula (for the needs of the local community, entrepreneurs, and tourists), and later to prepare thematic maps for testing various methods of spatial analysis and conducting geodiversity research of the Peljesac peninsula, land use control, etc. The data was included in OpenStreetMap resources.

Follow OsmAnd at Facebook, Twitter, and Reddit!

Join us at our groups of Telegram (OsmAnd News channel), (EN), (IT), (FR), (DE), (RU), (UA), (ES), (PL), (AR), (TR).

October 07, 2022 00:00

September 30, 2022

This Week in F-Droid

Free software and inspection are key to software we can trust

Inspecting software is essential for understanding what that piece of software is actually doing. And free software means that all users have the guaranteed opportunity to fully inspect the source code they rely on. The cyber-security industry is built on inspecting software to find malware and build up defenses. Malware scanners use large collections of characteristic signatures of software to scan billions of devices, while finding new attacks requires code audits, technical analysis, and forensics. This is the most well known field of software inspection. There are also volunteers, academics, and civil society organizations looking for tracking, targeted attacks, addictive dark patterns, surveillance capitalism, and other unethical practices. The F-Droid community is also built on inspection, making sure we ship free software and mark Anti-Features.

Some developers will describe the features, but leave key details out. This can be just a simple oversight, or they might know that users will be unhappy, so they aim to keep those details out of the public eye. Even developers who are working hard to be transparent and honestly serve their users can be ensnared. We have huge industries telling developers to include all sorts of libraries and services in their apps because it will improve the functionality or development process.

  • “Finding opportunities to generate revenue shouldn’t be difficult!”
  • “Great data collection software enables you to maximize productivity!”
  • “App monetization is a way of helping you make money from your mobile app without charging for it.”

Those often include things that users do not want. What those industries are actually saying is: gather as much personal data as possible, track the users, hook them addictive dark patterns, and demand their attention to show them as many ads as possible. These are what we are working to expose, and building tools so we are more effective and more people can get involved.

Scanning with signatures

One of the most reliable methods for human inspection of software is to automatically apply signatures of interesting features to present to a human reviewer. The signatures can be chunks of binary machine code, URLs, function names, domain names, or bits of metadata like API Key IDs. Binary code signatures are the main method used by all sorts of malware scanners. Malware researchers work to find small patterns that are unique to that specific malware, but not found elsewhere. Here is an example of such a signature, it is the YARA profile for the Silentbanker trojan:

        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}

        $a or $b or $c

F-Droid also uses signatures to help app maintainers find Anti-Features and block non-free bits. The oldest version of this is the command line tool fdroid scanner. F-Droid’s founder, Ciaran Gultnieks, added a scanner to find some “usual suspects” over ten years ago:

    # Scan for common known non-free blobs:
    usual_suspects = ['flurryagent',

Exodus Privacy has built a large collection of profiles on tracking companies. ETIP is their platform for creating and managing profiles of trackers. Data is entered and maintained there, then as given profiles are proven accurate enough, they are added to the official Exodus dataset. These profiles include signatures for automatically detecting the trackers in the APK files that are installed onto your device when you install an app. F-Droid has used the Exodus profiles indirectly for a long time now.

id: d25d820d-4c97-420e-a7d7-72434c58a575
name: ABTasty
description: |
  You can use this library to access AB Tasty endpoints, which can
  generate a unique visitor ID, allocate a visitor to a test, and push
  visits and conversions events in order to help you analyze the
  outcomes of your campaigns.
is_in_exodus: true
code_signature: com\.abtasty
network_signature: abtasty\.com
group_id: com.abtasty
artifact_id: librarybyapi
gradle: com.abtasty:librarybyapi:1.1.0

@IzzySoft has been maintaining the F-Droid repo for “almost free” apps. It includes its own signatures for detecting Anti-Features that might not be allowed in, as well as another line of defense for detecting the more general Anti-Features like Tracking.

- NonFreeDep
- Tracking
- com\.heapanalytics
description: |-
  automatically captures every web, mobile, and cloud interaction:
  clicks, submits, transactions, emails, and more. Retroactively
  analyze your data without writing code.
license: Proprietary

Plexus is a project of the Techlore community project for mapping out which apps work on “de-Googled” devices, and which apps work with the microG free software replacement for Google Play Services. They gather the results of tests run by humans into a machine readable format. Although it relies on human testers, not on automated pattern matching like most of the other projects mentioned here, the resulting data has a similar structure, and can be consumed in the same way in generating reports, like with issuebot.

Application: The New York Times
Version: 0.0.0
DG_Rating: X
MG_Rating: 4
DG_Notes: X
MG_Notes: Can't login with Google

Mobil Sicher also reviews apps, with a focus on Germany. They have an impressive system to do dynamic analysis of apps to find exactly what services they use on the internet. And with that data, they can mark not only trackers, but whether an app sends personal data to third party services like ad companies, cloud services, etc.

Our partners also use signatures, let’s join forces!

As we talked with various organizations about their signature collections, and applied some of them to the collection of apps, it became clear that there is a lot of shared structure. But each system was set up in a way that each look foreign to the others: Python code, Django admin panels, email submission, etc. If other contributors want to come in and make a contribution, they must understand each project’s format. That can be time-consuming, and there is no standardized format to follow. Then @pnu of Exodus Privacy proposed to rewrite their editing system as files in a git repo. This was the spark that made it clear that a git repo of human-editable data files would apply to all these data sets.

Based on this idea, we have launched F-Droid SUSS (Suspicious or Unwanted Software Signatures). It is F-Droid’s collections of signatures to detect Anti-Features in Android apps. SUSS is the first live project, and the fdroid scanner tool will use it. SUSS is based on YAML files, one file per profile. YAML is basically structured data that is meant to be human edited (all valid JSON is valid YAML even). YAML is also widely understood since it is used in F-Droid’s own metadata .yml format, GitLab CI, GitHub Actions and FUNDING.yml, and many more. Additionally, it is well supported in all sorts of editors, including syntax highlighting.

This is a step towards better integration with other organizations that share goals with F-Droid. Standardizing can reduce friction for sharing and collaborating because there is common tooling, common data formats, and automatic interoperability. This base architecture should be flexible enough to leave maintainers of these data sets to create and maintain profiles as they see fit. The standardized tools should not force people into counterproductive patterns. This project reviewed data sets from Exodus/ETIP, IzzySoft, MobilSicher, F-Droid, and TechLore Plexus. Each had distinct and specific tooling and workflows. But the rough shape of the data matches a common pattern across projects.

There is a good precedent for this kind of standardization: YARA. It is a malware signature tool started by one company and now used by dozens. That aspect of YARA applies directly to the collections of public interest signatures discussed here. Once a standard catches on, it not only increases the universality of the data, which makes it easier to use. This then can attract more users and contributors. YARA was designed around desktop malware, and unfortunately works poorly for Android. Part of that is because they made YARA be a custom format that is implemented in the YARA tool. This setup does make YARA rules simple and readable, but has big downsides. YARA is implemented in Python, so using it in other languages means re-implementing it from scratch. Android APKs are always a ZIP, unlike desktop software binaries, which are generally uncompressed files. The YARA tool devs decided they don’t want to include code to run scans on ZIP, XML, etc. So that leaves YARA hobbled for use as an Android scanner.

What do shared signatures and profiles look like?

To show what this looks like in practice, we can take an example from fdroid scanner above. The flurryagent signature in current scanner is used to scan through the dependency declarations in Gradle files, which are the standard configuration for build Android apps, and files in a standard JAR library. The Gradle coordinate com.fasterxml.jackson.core:jackson-core:2.11.1 would not be flagged, but this pattern would also miss the Gradle line But if a JAR is included in the app, it would be scanned, and com/flurry/android/FlurryAgent in that JAR would produce a match. But it just outputs files with hits with no context about what or why. As part of SUSS, each entry now gets a full featured profile in its own YAML file, where each scan signature is distinctly declared. That metadata then can provide more context when there are matches.

name: Flurry
  - com.flurry.
  - flurry\.com
  - flurry\.com
  - com\.flurry\.admob\.MY_AD_UNIT_ID
  - com\.flurry\.android
license: NonFree
  - Ads
  - NonFree
  - Tracking

In SUSS, we can now represent the fdroid scanner signatures with the flexibility of Exodus Privacy signatures. This adds additional scans, including domain names and the names used to declare API keys. fdroid scanner had an additional allowlist, in case some signatures produced false positives. The allowlist has been removed in favor of pure regexs (regular expressions). The allowlist makes the F-Droid implementation quite a bit more complicated, and ties our signature profiles to the fdroidserver tools. The other data sets we looked at all used just simple entries, mostly using regexs, so it is important to explore if that can cover all the scanning cases needed. If it works out, then the path to standardization is clear. Yes, regexs are complicated and can be painful, but they are also widely used, implemented, documented, and understood.

One big upside of only regexs is that SUSS has a super fast, simple test suite. Here’s one way to work with it:

  • Find the Gradle coordinates that are relevant and add them to the matches and exceptions lists in tests/
  • Make the tests run once a second (with color!):
    watch --color -n1 pytest-3 --color=yes
  • Edit the regex, for example, in suss/com.mapbox.yml

Since this only uses regexs, this test suite doesn’t need any fdroidserver code. This all would also be trivial to use in Javascript, Ruby, Rust, Java, Kotlin, etc. since the profiles are YAML and the signatures are regex.

Applying signatures

The issuebot that runs on fdroid/rfp and fdroiddata now uses signatures from Exodus Privacy ETIP, fdroid scanner, and Plexus. It is now easy to use ETIP signatures in issuebot modules, to enable experimentation in how things should be scanned. Here are some snippets of issuebot flagging things based on these signatures.

This is clearly a non-free dependency, it is required for all builds of this app.

This is a double whammy: non-free library that is used for tracking!

It is a match, but is the “test” flavor relevant?

There is a good match, but the library is included in the “play” flavor, and that flavor is obviously not meant for

The issuebot report has many sections, based on the scan that was done. When a section has some entries that are flagged, then that section will default to being open. So these sections will be readily apparent on first read, but can always be hidden after reviewing.

There are now active methods for finding domain names and URLs in binary APKs. The network signatures are used to check those for matches. There are also now alternate methods of scraping the data out to then run signature matching on. There is a new Gradle Dependencies module which gets the full list of dependencies from either gradle/verification-metadata.xml if present or generatable, or ./gradlew androidDependencies, if all else fails. It then applies the code signatures to flag Gradle coordinates. There are now multiple, overlapping methods for scraping the libraries used, both from source code and binary APKs. These can be merged if we can determine there is a single method that reliably finds all the dependencies.

Future Work

This project has resulted in marked improvements in the existing issuebot setup, and set up a structure for cross-project integration. We hope this data layout and a workflow that can serve as a template for other related work. Now it is launched and in action, we welcome feedback on what is working, and what is not. And contributions for improving any piece of this are always welcome. F-Droid SUSS is now a really easy way to get started, anyone who can edit basic YAML and submit a merge request can now help F-Droid improve our inspection process. Here are some low hanging fruit that are left over from this project:

  • One downside of using multiple collections of signatures is that it becomes harder to find where to edit and manage profiles. Some good UX design can help a lot there. For example, when there is a match, the UI can show a direct link to edit the profile, to make it easy for fdroiddata maintainers to fine-tune the profiles, even if they are maintained in Exodus Privacy or elsewhere.

  • We have prototyped converting the MobilSicher and IzzySoft data into the SUSS format. Once SUSS settles down as a format, we can easily convert those data sets into this format.

  • Some of the issuebot reports can still be quite long. @IzzySoft’s module’s reports are a good example of how to handle that: show the flagged things directly, then the rest goes into a linked report that is stored in the artifacts that is only loaded on demand.

(This work was funded by NLnet under an ongoing project known as Tracking the Trackers and The Search for Ethical Apps under the umbrella of Guardian Project)

by eighthave at September 30, 2022 00:00

September 28, 2022


Reclaiming Digital Privacy

The advancements of the digital age has gifted us with the ability to search and access world’s information sources within a few seconds. However, Big Tech companies still make it hard for users to control their own privacy when accessing digital products and services. The problem is deeper for our kids or elderly parents, who […]

The post Reclaiming Digital Privacy appeared first on Purism.

by Yavnika Khanna at September 28, 2022 17:32

Guardian Project

Scanning apps, off the record

Smart phones have brought us so many wonderful capabilities. They let people around the world access vast realms of information. They let app developers solve problems large and small in a way most relevent to their local context. They are personal computers for the world. They also have given surveillance capitalism an unprecedented reach into everyone’s lives. Repressive governments use them in ways that the East German Stasi secret police could only have dreamed of. And as promising as artificial intelligence is, it is also threatening humanity. People around the world are pushing back. This public interest work requires technical inspection of apps. There are organizations highlighting algorithmic transparency and calling out surveillance capitalism. Journalists are linking apps into key stories about the misdeeds of powerful companies. Activists are exposing the hidden machinations of their governments. All of these people require technical skills to see what a given app is going.

It turns out that a lot of the technical bits required to do these kinds of investigations can be automated. When combined with good user experience design, many of the barriers to entry can be removed. This allows more people to get involved, and for many of these problems to be crowdsourced even. This is the central focus of our project Tracking the Trackers. We have just completed the third round of work to bring the initial automation to a more accessible user experience.

We have discussed these workflows with a number of organizations doing this kind of work to learn about their processes, and how they might be improved. And we want to hear from more. There is a lot of potential to pool limited resources to build up a shared, free software resource that is greater than the sum of its parts. And there are many complementary projects:

  • EFF’s apktool - tool for downloading Android apps from various sources
  • F-Droid issuebot - automatically review apps via GitLab issues and merge requests
  • GitLab CI - server-less processing tied to issue trackers and merge requests
  • MobilSicher AppCheck - dynamic analysis for finding personal data leaks in apps
  • PiRouge - mobile forensic and network traffic analysis platform
  • Pithus - mobile threat intelligence platform for activists, journalists, NGOs, researchers

Putting it all together

We have developed a stack to integrate as many tools that are relevant into a single, productive user experience. Detailed inspection of apps is a process that must be tracked, so the focus is on issue trackers and merge requests. Each app is tracked as an issue. A person opens up a new issue, adding what they know about the app, including links to it in an app store, the Application ID, links to any source code, etc. Then issuebot kicks in and downloads the app and any source code it can find. Once successful, it will launch various analysis processed on what it downloaded. Those results are then compiled into a report which is posted to the issue tracker for the human reviewers. The bot leaves its mark using a GitLab label called fdroid-bot. If someone found more files to download and would like issuebot to run again, they just remove the fdroid-bot label and issuebot will try the whole process again.

It runs a number of different scans and processes to check:

  • Inspect apps from F-Droid, Google Play, APKPure, Huawei App Gallery, and GitHub Releases.
  • Get the source code
  • Build the app from source
  • Find the license of the source code
  • Extract info about libraries, classes, domain names, URLs, permissions, services, etc.
  • Apply signature collections
  • What kinds of Anti-Features an app has, e.g. tracking, ads, non-free dependencies, known vulnerabilities, etc.
  • Whether all the dependencies are also free software

Using this process, the F-Droid community reviews all apps for Anti-Features before accepting them into the collection. For some years now, F-Droid have reviewed new apps and updates via merge requests with issuebot. It automatically checks issues on the Requests for Packaging tracker, this is the starting point of the process of adding new apps to the collection. The collection is then maintained via merge requests on the fdroiddata project. There are hundreds of reviews there to browse through, an some scans that are more interesting.

We believe this same workflow fits well to many processes for inspecting apps. GitLab provides the core workflow that fits how many researchers and organizations are already doing this work:

  • Detailed inspection happens over time, over multiple work sessions.
  • Multiple people are involved in the process.
  • Work can happen asynchronously across time zones and organizations.
  • Public GitLab also opens up crowdsourcing opportunities

We have setup a instance of this setup for public interest organizations and investigators to use. This is called the “Off The Record” tracker. Access is available on request, send an email to to make the request. Additionally, the whole stack is free software. Organizations are free to run it as they need to, with any privacy requirements that might need. That also makes it cheap to host this software, so that it can be affordably provided as a service to people working in the public interest. It can be self-hosted with any GitLab “Community Edition” instance with CI/CD Runners, and also runs on the gratis hosting. It does touch some proprietary services, but only via public APIs so that the functionality is included in the stack.

One new development is the creation a standard pattern for managing profiles for collections of signatures to detect Anti-Features in Android apps. F-Droid SUSS (Suspicious or Unwanted Software Signatures) is the first live project, with F-Droid’s scanner tool using it. Before this round of work began, there were multiple silos where related activities were happening. F-Droid scans for non-free software, Mobil Sicher detects when apps transmit personal data, Exodus Privacy find for tracking software, and IzzySoft looks for Anti-Features of all kinds. We hope that standardizing data formats and workflows will make contribution and shared maintenance easier, as well as making it easy for organizations to maintain their own collections of signatures they want to detect. YARA serves as template for this effort. It began at one malware company, and is now used by a wide variety of organizations. YARA has become the standard tool for writing malware signatures for desktop platforms. Unfortunately, it is not well structured to work for scanning Android apps or source code, but it can serve as a inspiration and model.


A) Know the local laws on software inspection.

In many places, just the act of inspecting software can get you in trouble with local governments or companies. This could be anything from unclear laws regarding reverse engineering to overreach from law enforcement. Running the inspection in private means the app reviewers are much less exposed unwarranted or unjust interference. Anyone doing software inspection should familiarize themselves with local laws and regulation that affect it.

The biggest challenges that remain for making software inspection commonplace are around how organizations and governments apply this software. Any organization that wants to start working on auditing software in the public interest will need:

  • Legal guidelines for getting any required permissions before downloading apps to review.
  • A home organization for this repository that has a public mission aligned with these goals.
  • Legal representation to handle any issues that arise, and to push back against illegitimate requests.

B) What, no iOS?

We recognize that it is also important to inspect iOS apps. Compared to Android, the Apple mobile ecosystem is smaller and much more closed and restrictive. Therefore, it is much more more difficult to inspect. The application executable binary in the .ipa file is encrypted which prevents examination of the binary. The only way to get the actual .app files is to have a jailbroken iOS device, then manually install them on the device. Only then can they be extracted and inspected.

(This work was funded by NLnet as The Search for Ethical Apps under the umbrella of Guardian Project’s Tracking the Trackers effort.)

September 28, 2022 00:00