Planet F-Droid

Tutanota is the best free anonymous email provider you can get as it lets you create an email address without a phone number! Plus, there's no IP logging, no tracking, and all data is end-to-end encrypted. Tutanota is built by a team of privacy-enthusiastic engineers committed to protecting your right to privacy. We aim to develop the most secure mailbox by focusing on automatic encryption and privacy-by-design.

Last week a tweet went viral asking whether Google's AI Bard was trained on Gmail data. The question was underlined by the fact that Bard itself said it was trained on "Google Search, Gmail and other data".

Day Three of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Two, see my daily report.

The long-running work on MASQUE - proxying all network-layer datatypes over QUIC (HTTP/3) - is nearing completion, with the specification for Proxying IP in HTTP in IESG review. With these components in place, the original MASQUE concept - a non-probable relay for client traffic providing privacy guarantees - has been revived, now defined within the new framework and leveraging HTTP Unprompted Authentication.

Privacy-preserving measurement is much on the minds of IETF attendees as the Privacy Preserving Measurement Working Group continues to make progress. Two new concepts were debuted in the Privacy Enhancements and Assessments Research Group PEARG meeting: Secure Partitioning Protocols and Interoperable Private Attribution. Partitioning is new work looking at how multi-party statistical aggregation can be efficiently accomplished with improved privacy guarantees and is applicable to the on-going work on the Distributed Aggregation Protocol DAP. Private attribution measures events that occur in different contexts to the same person (shown an ad, then bought the product, for example). As a sort of counterpoint, PEARG attendees also heard about the design decisions made in the development of a privacy-preserving contact tracing application rolled out during the recent COVID-19 pandemic. Perhaps the defining characteristic of the design of this app was purpose limitation - building out features that specifically can not be used for any other purpose (such is the wide-spread fear of these applications being used as the infrastructure of a much more broader system of social control).

Day Four of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Three, see my daily report.

The IETF is getting serious about interoperability among messaging services (this might have had something to do with it). The charter for the Messaging Layer Security Working Group (MLS) specifically excluded interoperability, though the group organized a draft that addressed the basic concepts that would allow MLS-compatible systems to federate. In early 2023, a new Working Group - More Instant Messaging Interoperability (MIMI) - was chartered to expand on the MLS federation work. Given IETF’s relatively long and somewhat checkered history with messaging, the Working Group’s charter included this reminder to itself:

Numerous prior attempts have been made to address messaging interoperability, including the IETF's extensive prior work on XMPP, SIP/SIMPLE, and their related messaging formats. The MIMI working group will draw lessons from these prior attempts, seek to avoid re-hashing old debates, and will focus on the minimal standards suite necessary to facilitate interoperability given the feature set of modern messaging applications.

Thus, its remit had some strict limits:

The More Instant Messaging Interoperability (MIMI) working group will specify the minimal set of mechanisms required to make modern Internet messaging services interoperable. 

…minimum being the operative word. So, what’s in scope?

• messaging interoperability
• user discovery
• messaging content format
• (an appropriate) MLS profile
• message delivery service and transport mechanisms
• establishment of end-to-end cryptographic identity
• identifier naming conventions

Specifically out of scope are:

• metadata processing to manage spam and abuse
• interoperable mechanisms for group administration or moderation across systems
• extensions to the MLS protocol (if needed, requirements will be referred to the MLS working group or other relevant working groups in the security area)
• definition of completely new identity formats or protocols
• extensions to SIP, SDP, MSRP, or WebRTC
• development of anti-spam or anti-abuse algorithms
• oracle or look-up services that reveal the list of messaging services associated with a given user identity without the user’s permission

This being the first formal meeting after group charter, discussions are still at the stage where defining what in scope means is still open, as are the most basic tenets of the technical mechanisms to implement the required features. Grab your popcorn!

Our latest coreboot/SeaBIOS and PureBoot releases bring new firmware configurations for the Librem Mini v1 and v2!  Many users use the Librem Mini as a headless server and have asked for firmware that would boot up automatically when powered, like an appliance. Once enabled, the setting persists as long as the RTC battery is plugged […]

The post New Automatic Power-On firmware for Librem Mini appeared first on Purism.

Day Two of the 116th IETF meeting in Yokohama Japan. For the rundown on Day One, see my daily report.

The OHAI Working Group has submitted the core draft of Oblivious HTTP Application Intermediation to the RFC Editor for editorial finalization and publication. OHAI is designed to support transational uses of the HTTP protocol that seek IP address privacy (by means of a relay pair, one associated with the client and one associated with the target resource). The target resource is, thus, said to be oblivious to the requester’s IP address. While the initially-imagined use case for OHAI was access to the DNS service (with some in the IETF feeling DNS-over-HTTP did not go far enough to protect user privacy), the dominant use case imagined today is telemetry - monitoring vendor-, application- or operating system-defined usage parameters on centralized systems.

It’s fair to ask how OHAI-capable services are to be discovered. The OHAI Working Group is proposing to use DNS Service Binding Records (SVCB, defined here and well-described here). TLS 1.3 Encrypted Client Hello is among the other IETF standards leveraging SVCB. SVCB records, similar to the (also new) HTTPS records, allow a host of define multiple ways to make connection with parameterization using just the DNS lookup (as opposed to the multiple round-trip mechanism of HTTP’s Alt-Svc header). The draft - Discovery of Oblivious Services via Service Binding Records has been under Working Group discussion since IETF113 and is close to submission for last call (technical completion).

Speaking of TLS 1.3 and Service Binding Records, Encrypted Client Hello ECH was, in fact, the reason SVCB records were defined. DNS lookup is the only point at which certain cryptographic information can be made available before all the connection encryption starts to happen. Unfortunately, the SVCB draft is stuck in the RFC Editor work queue behind ECH, even though there is language in ECH that references SVCB. The Working Group is therefore required to remove all the SVCB language from the ECH draft so that it may proceed. This procedural detail - and accompanying delay - has important consequences: the major open source software package that requires modification before ECH can expect wide adoption (OpenSSL) is waiting for ECH to become a full-fledged RFC before the submitted pull requests will be granted. Meanwhile there is plenty of experimentation with ECH happening on the live Internet with Mozilla/Firefox and Cloudflare running experiments.

It turns out there’s an alternative (or perhaps parallel) proposal for TLS 1.3 - CompactTLS - an effort begun in 2019 and now in it’s eighth revision. cTLS proposes to save bandwidth by trimming obsolete material, tighter encoding, a template-based specialization technique, and alternative cryptographic techniques. cTLS is not directly interoperable with TLS 1.3 or DTLS 1.3 since the over-the-wire framing is different. cTLS is undergoing formal analysis and implementation work proceeds, though no results are currently available.

The HTTPbis Working Group formally adopted the HTTP Unprompted Authentication specification in the month before IETF116. As a reminder, Unprompted Authentication allows a server to offer authenticated services without advertising that it does so (meaning the authenticated resources can not be actively probed). A number of semantic elements are under discussion, mostly to understand how this new feature is unique among existing HTTP features (and can, or can not, be aligned with adjacent capabilities). An action item for IETF117 is a formal analysis of the cryptography used, with several alternatives being proposed.

Programming for Android is an interesting experience. One of the most annoying things I didn’t anticipate is how Android will just kill your app whenever it wants and often for no good reason (it’s a little like doing battle with a chaos monkey). This has to do with what is called the Android Activity Lifecycle.

Believe it or not, this chart represents a simplified model of what really goes down.

When an app is not in the foreground (displayed on the screen) Android can, at any time, kill it. Android does this for at least two reasons, the first being that other apps might need the RAM and there isn’t enough to go around. The second has to do saving battery power. To make things even more complicated, this is one aspect of Android that is often modified by different OEMs, so that how often and for what reasons an app might be killed can vary by device.

When an app has been killed (the orange item on the left of the chart above), a small amount of data is preserved in what is known as the SavedInstanceState. When the user switches back to the app, the SavedInstanceState is passed to onCreate(), at which point it is up to the developer of an app to attempt to recreate the state of the app in such a way that the user doesn’t notice that it has been killed and restarted.

There is a surprising amount of code in Privacy Browser (and in any other good Android app) to try to successfully handle this background killing of apps. Most of the time, this works out fairly well and users aren’t aware of the magic that is going on behind the scenes to make everything run smoothly. However, in their infinite wisdom, not only did Google decide it would be a good idea to just randomly go around killing apps, but they also decided to set an amazingly small limit of 1MB for the entire SavedInstanceState. It turns out that if you have enough tabs open at once, you can exceed this 1MB limit. In which case, Android will just drop the SavedInstanceState and restart the app with no saved tab information.

Most browsers handle this by writing the information about the current tabs directly to a database on the flash storage. However, as I have written before, that is not a solution that is acceptable for Privacy Browser because I am opposed to anything that automatically stores a browsing history just by engaging in normal browsing behaviors. There is too high a probability that data written to the flash storage can be compromised for me to be comfortable with automatically populating it with a user’s browsing history.

I can understand why users can be unhappy if a bunch of their open tabs suddenly disappear. This isn’t a problem I run into in my typical workflow, because I tend to frequently run Clear and Exit. I rarely have more than ten tabs open at once, which isn’t typically enough to trigger this problem. Part of the reason why I do that is because any zero-day exploit in WebView is most likely to allow one tab to steal information from another tab, so keeping the number of running tabs small lowers my personal attack surface. I don’t have any problems with users who choose to run a lot of tabs at once, and I am happy to do everything reasonable to make it work well for them, but I won’t lower the security of Privacy Browser to do so. In that case of Google’s 1MB SavedInstanceState limit, that means that users who choose to have lots of tabs open at once will periodically discover than Android will close them for them.

It should be noted that Privacy Browser PC doesn’t suffer from this problem because desktop systems don’t tend to go around killing programs, so users can keep as many tabs open as they like. On Android, if there is a set of tabs you always like to have open there are a couple of ways to quickly open a lot of bookmarks.

Beginning with Privacy Browser 3.5, the app now saves and restores the instance state if killed in the background by the OS.

For those who might not be aware of the abomination that is memory management on Android, I would point you to the picture below, which was taken from the official Android Lifecycle documentation.

They make sure to let you know that this is a simplified representation.

Notice that nice App process killed item on the left. Turns out that Android likes to do this all the time.

Those of us who grew up using desktops have a general expectation that programs keep running until we close them. To work around this on Android, apps have the option to save their instance state and recreate it when onCreate() is run again. This creates the impression that the app has been running continuously without such actually having been the case.

Needless to say, there are a lot of possible pieces of information that would need to be saved to recreate the exact state of an app after it has been restarted. Previous to 3.5, Privacy Browser did not attempt to do this at all, but with the new Day/Night theme, it became a high priority to do so, because the app restarts whenever the theme changes.

There are three data storage methods that can be used to store this data: ViewModels, saved instance states, and persistent storage. These are described in the saving UI states documentation. The important detail for our purposes is that ViewModels only exist in RAM, saved instance states exist in RAM, but can be written to the flash storage if the OS needs to recover RAM for other purposes (the previous line has been removed from the linked documentation, which hopefully means that with current versions of Android it is no longer the case), and persistent storage always exists on the flash storage. The bookmarks and domain settings databases are examples of persistent storage used by Privacy Browser.

One of the primary design philosophies of Privacy Browser is to minimize the amount of data that is stored on the device. Specifically, just browsing to a website should not create a record of where you have been. There are far to many examples of tricky ways this information can be exfiltrated from a device to compromise a user’s privacy. As such, I really wanted to handle all data storage using ViewModels. Unfortunately, because of limitations in the type of data that ViewModels can store, Privacy Browser also has to use a saved instance state to correctly reinitialize after being restarted by the OS. (With the apparent changing of the system to no longer write the saved instance state to storage, this is no longer a problem.)

The following pieces of sensitive information are stored in the saved instance state:

• The list of all the currently open tabs, including each URL.
• The WebView history for each tab, including the URL of each item in the history.

Depending on what happens, this information can be written to a system area of the flash storage. I consider this to be suboptimal, but there is no way to prevent it from happening if Privacy Browser is to function well on Android. (Again, this is happily no longer a problem.)

The good news is that running Clear and Exit from the navigation menu or by tapping the X to close the last tab deletes the saved instance state. Those who have significant privacy needs can enable Incognito Mode, which wipes the WebView history every time a new website is loaded.

Everyone deserves privacy! That's why Tutanota is now launching a refer-a-friend program. As a Tutanota user, you can now refer Tutanota to your friends and family, even to your doctor or lawyer, and you both benefit.

This post begins a daily blog, live from the 116th meeting of the Internet Engineering Task Force in Yokohama, Japan, March 25-31, 2023. We’re focusing on standards activities of importance to the Internet Freedom community.

Since IETF114 (report), the Privacy Preserving Measurement Working Group has been deliberating over two distinct proposals offering very different technical methodologies for undertaking measurement activities while respecting user privacy. STAR offers an approach called k-anonymity - reporting a measurement value only if k or more parties are also reporting the same value. This approach theoretically prevents rare values being used to single-out individuals. Distributed Aggregation Protocol, DAP, uses an approach that distributes individual measures across a set of aggregators, none of which gets to see all the granular measurement data - the fully-aggregated total only seen by the third-party who requested it (who, in turn, gets to see none of the granular measurements). At IETF116 we’re learning about the operational experience with these technologies, with multiple implementations of both running in different testbeds. Performance analysis has also been undertaken.

Though it’s very early days, it’s becoming clear that both approaches have had to make operational modifications (based on privacy vulnerabilities or performance or security) that seem to decrease their uniqueness and call into question the need to have two approaches. Both approaches, for example, are considering adding differential privacy features. Operationally, STAR performs best when k is within the range 10-100 and it is being argued that such a range is insufficient for Internet-scale use cases. Operationally, DAP can benefit from a more distributed computation model (using helpers) but this is offset by performance loss due to the volume of network traffic generated. DAP is already at a performance deficit compared to STAR, partially because it handles the negative impact of malicious clients (those that purposely submit erroneous values). Will we see a unified approach in the future? I sense there’s a long way to go here.

The concept of web filtering - raised initially at IETF115 - was again discussed in a side meeting hosted by the Internet Watch Foundation who are focused on combating child abuse, trafficking and exploitation, a problem they say is exacerbated by the distribution of specific types of content on the Internet. IWF is raising this problem within the IETF in hope of a technical solution to finding and removing the types of content that encourage, they say, these behaviors. This problem area strikes at the heart of the design of the Internet which, at its core, is content-neutral. Perhaps more importantly, there is significant concern that tools developed to suit this particular use case could be easily adapted to induce censorship of less well-defined content and for less-altruistic purposes.

Privacy Browser Android 3.13.4 was released on 27 March 2023. The timing of this release was dictated by a fix to a problem introduced in 3.13.3. That release fixed a serious bug that sometimes caused the active tab to not be the current tab when the app was restarted, which meant that doing things like enabling JavaScript on the current tab would actually enable it on a different tab. In fixing that problem a new one was introduced, which caused the app to crash if it was restarted through an intent that didn’t create a new tab (like tapping the icon in the launcher) and then the user attempted to do something like change the URL of the current tab without switching tabs first. This was caused because, instead of setting the wrong tab to be active, no tab was sometimes set to be active in these circumstances.

Two other changes had already been queued up and were included in this release. The first was the addition of a monochrome icon that users can opt to use beginning in Android 13.

Cute kids! Also, some people like icons that are all the same color.

The minimum API was bumped to 24 (Android 7) because Google has cut off WebView updates for older versions of Android. This means that devices running Android 6 (the previous minimum API) will not be able to update to 3.13.4.

Now that Privacy Browser PC 0.1 has been release I intend to spend a little more time working on Privacy Browser Android. I expect this to be the last release of the 3.13 series, with the next version being 3.14.

It’s only been a few weeks since we last talked about Librem-EC, but here we are again!  This time instead of power management, we’re looking at the headset jack, which had two longstanding issues.  Although headphones worked, the jack detect did not, so you had to select the output manually.  Microphone input has never worked. […]

The post Meet my Friend, Jack appeared first on Purism.

If you search the web for why software updates are important, you will get loads of results that say there are "3 or 5 reasons why software updates are important". While this may be correct, there is only one major reason why you must keep your software up to date: Security. This has been dramatically proven by the LastPass breach.

Privacy Browser PC 0.1 was released on 11 March 2023. It is the culmination of a lot of work, but just the beginning what is needed to get Privacy Browser PC to the stage where it can create some serious browser competition on PCs.

Users are encouraged to read the Handbook (press F1 inside the program). At this stage a few core features are implemented, like domain settings. However, there are still many features that aren’t implemented and a number of other features that have significant bugs.

• The page zoom is momentarily reset every time a new URL is loaded.
• If domain settings change the user agent, loading of the new URL is interrupted and the previous site is reloaded.
• Browser error messages are not displayed unless JavaScript is enabled.
• Bookmarks are not yet implemented.
• Blocklists are not yet implemented.

Users are encouraged to submit bug reports against any existing features that are not working correctly. At this point it generally isn’t helpful to create feature requests for all the missing features, but users can expect that all the implemented and planned features in Privacy Browser Android will also be implemented in Privacy Browser PC. I will add feature requests for them as each one gets closer and I have a better idea of how to implement them.

The changelog and downloads page has links to the source code and a .deb package. The .deb is available in the Debian experimental repository. Debian is currently in freeze in preparation for the release of Bookworm (Debian 13), which is why the Privacy Browser package targets experimental. Once Bookworm is released, Privacy Browser will be uploaded to unstable and then follow the normal migration process.

Currently there are only Debian Linux packages. As most Linux distributions descend from Debian, this should be installable for most Linux users. When the project reaches beta status I intend to also have a Windows binary (which might be based on Windows Subsystem for Linux if I can make it work well).

How do you bootstrap trust when you have to order a trusted computer from an untrusted one? One way is with our anti-interdiction services and in this article I will talk through how that works. There are many different reasons why customers add our anti-interdiction services to their phone or laptop orders. When you sign […]

The post Bootstrapping Trust with Anti-Interdiction appeared first on Purism.

PureOS Offers End-to-End Supply Chain Software and Firmware Security According to the Forbes Article, “Cybersecurity Trends & Statistics for 2023”, there are eight macro risks to watch out for in 2023 according to the Bipartisan Policy Research Center which include the following: Evolving Geopolitical Environment- Supply chain threats due to the Russian Ukraine war. Accelerating […]

The post Forbes Cybersecurity Trends For 2023 Meet Purism Supply Chain Security Standards appeared first on Purism.

New US legislation aims to protect federal systems and data from the threat of quantum-enabled data breaches and cyber attacks. Becoming "quantum resistant" is now a strategic goal for the US government. The same is going to be true for the private sector soon.

THE INTERNET, 20 March 2023 — The global F-Droid community is pleased to announce that it has officially accepted the merge request to adopt an official governance plan, and an inaugural board of directors consisting of community-nominated members.

The community has been legally established through The Commons Conservancy, a Netherlands-based foundation (“Stichting”) that exists as a home for technology efforts in the public interest. While The Commons Conservancy is our official and new legal home, F-Droid has established its own independent volunteer board of directors, who are entrusted by the F-Droid community to develop strategy, identify areas of improvement, help to resolve conflicts, and oversee technical projects and decisions by the community to reduce risk and increase trust of F-Droid users around the world. With so many recent changes to existing app store policies and government regulations, it’s an interesting time for FOSS app stores like F-Droid. (Our new board member John Sullivan recently spoke about this during FOSDEM 2023.)

For the past several months, prospective board members drafted and refined internal organizational statutes and regulations which will become part of The Commons Conservancy’s organizing documents, and which will also live and grow in the existing F-Droid administrative repositories where community members can provide feedback over time to improve governance. The official statutes were voted and approved by the board on 19 January, and the first official meeting of the board took place on 16 February.

Inaugural board members were selected through F-Droid community discussion and will serve in staggered 2-year terms: Morgan Lemmer Webber (Chair), John Sullivan (Vice Chair), Michael Downey (Treasurer), Matthias Kirschner, Andrew Lewman (Clerk), and Max Mehl. The Board also includes a special role of Technical Lead which will ensure representation of the F-Droid developer community, initially filled by Hans-Christoph Steiner.

Board members and community observers attend the virtual singing of the board statutes.

Although announcements of new governance bodies for free & open source software projects often include plans for the new organization to raise money, the F-Droid community plans to retain its existing donations model with individual donors contributing directly to community members via Liberapay and Open Collective. The newly-established Board of Directors has created a treasurer role, who will work with the existing stewards of those funds to help ensure funds are spent on the most impactful and important community priorities.

“The significant investments of creativity and energy by our community volunteers has made F-Droid the leading FOSS mobile app catalogue,” said Morgan Lemmer Webber, the newly-elected Chair of the Board of Directors. “We are very excited to be able to help guide the project through its next phases of growth and maturity by providing advice and resources to everyone who has been involved in making F-Droid a success, and those who are eager to join us with their individual talents and skills.”

The new Board would like to thank everyone from the community who participated in this process over the past few months, with extra thanks to those who helped in drafting our new foundational documents, including Rivka Karasik, Andrew Lewman, Michael Pöhn, Jochen Sprickerhof, and Licaon_Kter.

To download F-Droid and start using it today, head to https://f-droid.org/. For more information about the new F-Droid Board of Directors, review the newly-adopted Statutes or Roles & Regulations documents in the F-Droid administrative code repository. And if you’d like to contribute to our ongoing work, we look forward to you joining the community! We also look forward to hearing from you in our online forum, chat channels, and on the Fediverse.

For more information about The Commons Conservancy, visit: https://commonsconservancy.org/

Matthias Kirschner, President at Free Software Foundation Europe, recently launched Ada & Zangemann: A Tale of Software, Skateboards, and Raspberry Ice Cream. This children’s book is delightfully illustrated by Sandra Brandstätter. The book is published under CC-BY-SA and can be purchased online at FSFE or here. Kyle Rankin, President caught up with Matthias Kirschner to […]

The post Conversation with Kyle Rankin, President, Purism and Matthias Kirschner, President at Free Software Foundation Europe. appeared first on Purism.

Matrix integration within the Chats app is progressing and this post is detailing the development progress since the last one. This update is not so much about new features but more about bug fixes and great improvements that make Chats slowly becoming an everyday “1 to 1” and “small groups” messaging app for both SMS/MMS […]

The post Toward Matrix support in Chats – Part 2 appeared first on Purism.

The Librem 5 and Librem 5 USA is our pocket-sized computer running nearly the exact software as our Librem 14 Laptop. Some desktop applications don’t yet adapt to the Librem 5 screen, but with a Lapdock Kit you can run a full suite of desktop applications like on the Librem 14. Let’s look at some […]

The post Desktop Apps on the Lapdock appeared first on Purism.

Secure communication apps are lining up to oppose measures in the U.K.’s Online Safety Bill (OSB) that would make the web less safe for everyone.

I received the following email this morning:

To the Founder of Privacy Browser,

Greetings to Arizona! I’m Charlie, the founder of Appflip – A Broker for mobile apps that helps communications app owners sell their app for a maximum exit value. My team flagged Privacy Browser because of your 4,2 star rating and your 312 reviews on the US Play Store – very impressive.

We’ve helped multiple owners exit their app for a value they are happy with.

We’ve had founders close a deal for their app within 1 month of our initial call with them.

Are you free for a quick call this week to discuss this further?

Thanks in advance for your reply.

—

Charlie Ryan – Founder of Appflip

There have been a few good open source projects that have done this, a recent example being Audacity. Every open source project eventually has to transition away from the founder. My plan is that, as Privacy Browser grows bigger, I will hire a core team of open source developers to work on it full time. As I work with that group I will come to know them, their wisdom, and their commitment to the open source movement and what Privacy Browser is attempting to accomplish. When it comes time for me to retire, I will hand the reins to a person or group of people from this development pool that have proven themselves to have the users’ best privacy interests at heart.

If for some reason I am not able to identify a person or group of people who I feel would be good stewards of Privacy Browser, I will move the source code repositories to a platform like GitLab. Those interested in continuing the work can fork it and individual users can pick whichever fork they consider to best continue the original project.

Of course, at any point, anyone willing to comply with the requirements of the GPLv3+ license can fork the code and make a competitor. If anyone is able to do so and better meet users’ needs they deserve to gain a following. However, as long as Stoutner remains true to its stated values, I would expect that other developers will feel inclined to submit their code directly to the parent project.

Law enforcement use closed-source "secure" communication tools to catch criminals, but this compromises the privacy of law-abiding users. Exclu, An0m, EncroChat - these all prove why only open source software can be trusted.

Privacy Browser Android 3.13.3 was released on 13 March 2023. It contains a fix for the current tab not always being the active tab after restart. When Privacy Browser is stopped in the background because the OS needs the RAM, it stores the current state of each WebView in an app bundle called the SavedInstanceState. When it is restarted it restores the state of each WebView. All of this happens asynchronously, meaning that each tab is reloaded simultaneously. Sometimes this would cause the logic that restores the active tab to fail, with one tab being displayed to the user but a different tab being set as the current tab. Hopefully this fix handles all the corner cases.

Microsoft will stop letting you create custom domain email addresses in Outlook.com - but we've got you covered. Check out what Tutanota can do for you!

Hi Everybody!

OsmAnd has the ability to display terrain offline in a variety of ways: contour lines, hillshades, slopes, altitude graphs..

In the last releases for Android, we added Pro features with Elevation data. The Elevation widget shows a graph with the elevation and slope of your navigation route and your current location on this graph with the current altitude and slope. The graph is plotted on two axes. The X-axis is the distance of your route. The Y-axis is the altitude above sea level, the value of which depends on the relief, and the slope is displayed as a percentage.

The relief of the terrain has a great influence on the trip. Of course, it's very important to know what uphills and downhills await us on the way. In OsmAnd you can see the Altitude graph when building a route. The graphs can be worked with both GPX tracks and routes.

Contour lines and Terrain​

Contour lines and relief are our first integrated features for the app to customize and display relief information. These features are available for both Android and iOS versions of the OsmAnd app. Read about it in the Contour lines Plugin article.

Elevation graphs​

During the navigation route building you are provided with Altitude and Slope data in the form of a graph, and with the "Analyze on map" function you can find out additional, more detailed information about the route.

A detailed description of the graph you can find in the Altitude section of the Track Context Menu article.

OsmAnd Pro terrain features​

Our team has added features for users of the Android and iOS versions of the app with an OsmAnd Pro subscription :

• Elevation widget (Android),
• Online Elevation profile (Android),
• Heightmap 3D (Android and iOS),
• "Elevation: map center" widget (Android).

Elevation widget​

The Elevation widget shows a graph with the elevation and slope of your navigation route and your current location on this graph with current altitude and slope. This is a paid feature for OsmAnd Pro subscribers.

Online Elevation profile​

Online Elevation profile is our paid OsmAnd Pro subscription feature. It allows you to calculate elevation profile for each points on your GPX track. The feature only works in online mode.

3D Heightmap​

How to start testing 3D relief right now:

1. Download and install OsmAnd 4.3+ for Android or iOS.
2. Enable Plugin: OsmAnd Development → Settings → _Heightmap.
3. Download Heightmap maps for your region in the Download map menu.
4. Enjoy it.

"Elevation: map center" widget​

The data of elevation is from Heightmap. How to switch on the widget:

1. Download and install OsmAnd 4.3+ for Android.
2. Enable Plugin: OsmAnd Development → Settings → _Heightmap.
3. Download Heightmap maps for your region in the Download map menu.
4. Switch on the widget: Menu → Configure screen → Left / Right panel → Altitude.

---

Follow OsmAnd at Facebook, Twitter, and Reddit!

Join us at our groups of Telegram (OsmAnd News channel), (EN), (IT), (FR), (DE), (RU), (UA), (ES), (PL), (AR), (TR).

This is the third in a series of posts updating our progress in shipping through the backlog of mass-produced Librem 5 orders. If you have not yet read Part 1 and Part 2, I recommend you do so, as in those parts I discuss our current strategy of splitting the remaining Librem 5 orders into […]

The post Where is My Librem 5? Part 3 appeared first on Purism.

Chat control - one of the worst EU plans that is also being described as a surveillance monster - must be stopped! The draft law is facing huge opposition across Europe. Now, Mullvad has launched a great campaign to fight against chat control and for citizen's rights to privacy in our free and open democracies.

VPNs have become popular and are often touted as a tool to improve privacy. While this is sometimes true, it is important to tread carefully when choosing an VPN. A good place to start is looking at which VPN providers meet the requirements for running a trustworthy VPN service. A trustworthy VPNs must be free software, that is non-negotiable. First, inspection is required in order trust software. Having the source is the only way to see all the things the software is doing. F-Droid reviews the apps that we ship on this website, which lets us spot potential issues and anti-features. And we are happy to hear that reputable VPN providers make the effort to get their apps on f-droid.org to build trust with their users. From there, Reproducible Builds provides a strong link between the source code and the actual app binaries that run on the device.

The best VPNs are the ones that use free software both for the client app, and for running the services. Indeed all OpenVPN, Shadowsocks, and WireGuard VPNs are based on free software since those standards are defined by free software projects. F-Droid looks into this as part of the reviews, and marks apps with relevant Anti-Features, like the Non-Free Network Services mark if the server side is not free software. And there are a number of free software projects that make it a lot easier to setup and run a VPN or proxy services. Here are some that are on f-droid.org:

• Bitmask is a generic client for the LEAP VPN setup which powers Calyx VPN, Riseup VPN, and more.
• eduVPN is a VPN client for Let’s Connect VPN setup which powers eduVPN.
• OpenVPN for Android is a generic OpenVPN client for any VPN provider that offers it.
• Outline is an offering designed to let anyone run their own VPN based on Shadowsocks.
• WireGuard is a generic WireGuard client for any provider that offers it.

So far, none of the VPN providers have taken the plunge into fully supporting reproducible builds. There is some progress: some of the releases of WireGuard, Tailscale, and Mysterium VPN have been reproduced on our verification server. But these apps are not setup for the full reproducible publishing setup, which confirms that the f-droid.org version matches the upstream developer’s version exactly, then publishes with the upstream signature. The F-Droid community is helping more and more apps achieve reproducible builds, which VPN app will be the first?

There are also a number of apps that are dedicated to a given provider. Although there are generic clients available, there are good reasons for a free software provider to ship a custom app. First, it can make configuration dead simple. Calyx VPN and Riseup VPN have no accounts at all, so just install the app, and turn on the VPN. Second, it allows the provider to include multiple methods of connecting and automatically switch between them, depending on what works best. We decide which apps to include based on what is best for the users. A VPN client that offers no additional functionality and just serves as a rebrand of an existing client does not serve users well. In order for an app from a specific provider to be included, it must provide real value to our users. Here is a list of some related examples:

• IVPN
• Lavabit Encrypted Proxy
• Mullvad VPN
• Mysterium VPN
• ProtonVPN
• Purism Librem Tunnel

We also get lots of direct messages asking us to include various proprietary VPN apps, or promote various VPN services for a fee. That is of course a non-starter. The first step is free software.

After testing it for a while and finding no downsides besides a personally unnoticeable increase in RAM usage, I have decided to recommend that users enable the site-per-process WebView DevTools flag, which can increase security when malicious JavaScript compromises the rendering process. There are more details on the WebView DevTools page.

Privacy Browser Android uses Android’s WebView to render web pages. WebView provides fairly limited controls compared to the upstream Chromium source. However, there are small set of user-configurable controls that Google has baked into WebView. Users can tweak these controls using WebView DevTools. If you are using a pre-stable channel (Beta, Dev, or Canary) there is a launcher icon for WebView DevTools. Users on the stable release of WebView are not provided with such a launcher, but it is possible for another program, like Privacy Browser, to include an intent that does launch it. Beginning with the 3.12 release, Privacy Browser has a WebView DevTools launcher in the navigation drawer.

Open to me the secrets of the WebView!

By default, if you change any of the WebView flags, a persistent notification will be displayed in the status bar to warn you of how dangerous your life is. But that can be disabled if desired.

Begone!

It is important to note that any changes made to WebView DevTools affects the way WebView works in all the apps on your device. These are not Privacy Browser specific settings. As such, it will affect any other browser based on WebView, like Lightning and FOSS Browser, as well as any other app that uses WebView to display documentation and information or interact with the internet (there are a number of apps that use WebView to handle logins). Privacy Browser will need to be restarted for any changes made in WebView DevTools to take effect. In addition, changes to WebView DevTools will need to be made on each of your devices and will not be carried over with an import of Privacy Browser’s settings to a new device.

The purpose of this page is to document any options in WebView that are likely to be of interest to Privacy Browser’s users. The available options can change with each WebView release. If you become aware of any option that ought to be added to this page, feel free to leave a comment at the bottom or to post a suggestion to the forum.

X-Requested-With Header

The first flag that most users want to alter is WebViewXRequestedWithHeaderControl.

That doesn’t even sound grammatically correct.

The X-Requested-With header is discussed in some depth in a separate post. Needless to say, Google is highly incentivized to make it easy to track you around the web, and adding this to Android’s WebView makes it easier to do so. I have found that companies like Google, who have such conflicts of interest, often have a very hard time setting defaults that are in the best interest of their users.

Site Isolation

The site-per-process flag enables site isolation.

Everybody keep your hands to yourself!

Site isolation adds an extra layer of protection against malicious JavaScript from one tab being able to steal data from another tab. It requires extra RAM to run each site in a separate tab, but in my testing it isn’t much of a noticeable difference.

Following up on the higher-level report on the state of  the mainline Linux in August 2021 where we announced a “usable” devkit in fully mainline Linux, let’s focus on the phone and see how things look like right now. As you might know, the latest Linux kernel tree we ship to users contains lots of changes […]

The post Update for the Librem 5 Support in Mainline Linux appeared first on Purism.

Today we launched a new, self-hosted merch store. Previously we used a Teespring store (which never actually processed any orders). This is replaced by a locally-hosted WordPress instance running Woocommerce and connecting to a Printful catalog of products.

There is an extensive post that describes which plugins are used and how they are configured for maximum privacy. I won’t rehash all of that information here, but I will summarize it by saying that this implementation is the most privacy-focused e-commerce solution we could find while still not being as privacy conscious as I would like. Perhaps at some point in the future when Stoutner has multiple employees we will dedicate time to creating a better solution and sharing it with the world so that others can use it as well.

One of the deciding factors in picking Printful to handle fulfillment was that they have facilities in both the US and Europe, meaning that shipping is more reasonable as compared with international shipping rates across the ocean.

Stoutner only makes a couple of dollars from each sale, meaning that this is not the most efficient way to fund the development of the open-source software. Those making donations to the project have a much greater financial impact. However, one of the most important things I am trying to accomplish with Privacy Browser is to change the expectation of how the internet should work and how web pages should behave in relation to user privacy. The items in the merch store provide perfect opportunities to strike up conversations with other people about internet privacy, which goes a long way towards raising awareness about these issues and changing the culture of what is considered acceptable. As such, having a functioning merch store is central to the changes Stoutner is attempting to make in the world, even if it is unlikely to be a financially significant source of revenue.

A call upon the industry to engage more – not less! – in ASM cobalt mining.

Seven years after Amnesty International’s report “This is what we die for”, cobalt mining in the Democratic Republic of Congo (DRC) is again in the headlines, with a focus on the continuous dangers and challenges connected to artisanal cobalt mining, and with companies being pointed out for using cobalt from these mines while not doing enough to support improvement.

Cobalt is a mineral used in our Fairphone battery, and is a crucial material for the global transition to green energy, including in the electronics and automotive industries amongst others. At Fairphone, we are the first to say that the working conditions in artisanal cobalt mining in the DRC are still not acceptable, that miners are still exposed to dangers and don’t have protective equipment, and that there are still children working in hazardous and damaging environments at mine sites. In the last seven years, not sufficient progress was made in addressing these issues.

And it’s precisely because of these extreme issues that we co-founded the Fair Cobalt Alliance (FCA) in 2020. With the FCA, we choose to directly engage at the mines on the ground in DRC – because we believe we have a responsibility to invest in and contribute to improvements that are needed to positively change the conditions for these miners and their communities.

The FCA brings together industry, civil society and government and has been working to improve working conditions and health and safety at the Kamilombe mine site. The FCA also established a holistic program to address and remediate child labor in and around mine sites, and is enabling mining communities to diversify their economic opportunities. 

Beyond addressing these risks and harsh conditions that are still a reality in our sectors’ supply chain, the reason why we engage with artisanal miners in the DRC is also that this sector has a huge potential to help develop the region and reduce poverty. Artisanal miners in DRC produce about 13% of cobalt globally, providing income for up to 100,000 people (depending on seasonality and commodity prices), and the DRC (combining both artisanal and industrial production) accounts for about 70% of global cobalt production in total.

But profound and lasting change won’t happen overnight.

With the FCA, we have set out to support the reform of an entire sector. There are no simple or quick solutions to formalize and improve artisanal mining. Demonizing the miners will harm rather than help because banning or excluding the most vulnerable and marginalized in our industry from global supply chains will push them out of their livelihood.

Instead, artisanal mining is a way for the local population to benefit from the increasing demand of critical minerals such as cobalt, needed for the energy transition. Artisanal cobalt miners can earn a significant income (depending on seasonality and prices), in a context where poverty is widespread and few other gainful employment opportunities are available, especially for those with little formal education or job prospects, those who have lost their land due to climate change or other land uses (including industrial mining), or those who have migrated to the area fleeing from conflict.

At Fairphone, we are therefore convinced that artisanal mining can be transformed into responsible and safe small- and medium-scale enterprises over time, creating a multiplier effect in the local economy.

So, we need to ask ourselves, as an industry: If we distance ourselves from artisanal- and small-scale miners, do we help ourselves, or do we help them? For Fairphone it is clear: we want to engage and be part of the solution, rather than disengage to have a ‘clean west’ – which we believe is akin to greenwashing.

A fair transition to an inclusive and green economy means engaging with and investing in the artisanal- and small-scale mining sector in DRC, and it means sticking to it over the long term. From the start, Fairphone’s approach has been to foster progressive improvement, to take one step after the other, to listen to and bring along everyone. 

This is why things take time, and also why so much more still needs to be done: Artisanal miners need legal status and productive mine sites, expertise and infrastructure to build safer mines, protective equipment, and fair compensation for their labor. Children, youth and their families need a safe space and support to go back to school or to learn a trade that can help them provide for themselves or their families, without being exposed to the hazardous environment of a mine- and not just at one mine site, but across the sector. Communities should be able to save their earnings and invest them into health, education and economic activities, and not only bear the brunt of the negative impacts of mining.

All this can only be achieved in a multi-stakeholder effort, such as the FCA. Businesses along the cobalt value chain have a crucial role to play, and so does the government, by helping to create an enabling legal and political context. And of course civil society, to make the voices of miners and communities heard. We can only achieve a transformation of the sector if it is a joint effort with everyone making a long-term commitment. Only in this way can we make sure that the green energy transition does not lead to further exploitation of the vulnerable, and that local communities and the DRC as a country benefit.

We call upon our industry peers to engage and not look away. Collaborate, invest – and above all, listen to the producers, the miners, and their communities. If we truly want a fair transition, we have to do more and we have to do it faster.

—

You are still reading and want to know more details about Fairphone’s approach to cobalt sourcing?  Here are the answers to some frequently asked questions:

1. Where does Fairphone source its cobalt from?

Fairphone does not mine or source cobalt directly – rather, cobalt is used in the Fairphone’s battery. Until it gets into the battery from the mines, there are many actors, manufacturing stages and geographical locations in between: from the extraction point at the mine, cobalt typically goes to a processing plant, then a refiner, to precursor manufacturing, to cathode manufacturing, to battery cell and finally battery packaging, before the finished battery is assembled into our phone. At each of these stages, cobalt from different mines and sources is typically mixed together, making it very difficult and uneconomical to differentiate individual mines and sources. However, we know that the DRC accounts for a very large proportion of global cobalt production (74% of globally mined cobalt in 2021), and within that, artisanal sources alone amount to 13% of global production. Therefore it is safe to say that there is a high likelihood of cobalt from the DRC and from artisanal mines flowing into the electronics supply chain, including into Fairphone’s.

This is precisely why we established the Fair Cobalt Alliance – we want to engage and invest where the issues are biggest and where we can have a positive impact on the livelihoods of many thousands of people. We choose to engage and support rather than exclude and marginalize those who are already the poorest and weakest in our supply chain.

2. How can Fairphone prove that its cobalt is mined ethically?

A significant share of global cobalt production, about 13%, is produced by artisanal and small-scale miners, mainly in the DRC. This cobalt is refined, mixed and processed with other sources at various stages and through that ends up in global value chains – with a high likelihood also in Fairphone’s. 

This is why from the very beginning, Fairphone has been investigating how to improve the cobalt supply chain and production. Instead of turning away from DRC and artisanal miners because there are high human rights and environmental risks, we want to stay engaged on the ground and be part of a solution. ASM is a very important livelihood in DRC, and we want to help improve it and make it safer. This is why we co-founded the Fair Cobalt Alliance.

The Fair Cobalt Alliance’s work is based on an in-depth assessment of the conditions at ASM sites in DRC – this assessment was done in 2020 and published by our partner The Impact Facility here: Digging for Change. Today, the FCA works directly with an ASM cooperative on an ASM mine site in DRC. Two of the key pillars of the program is to professionalize and improve the mine site and working conditions, and to ensure that child labor is prevented and remediated in a holistic way.

Fairphone and the FCA recognize that current conditions are not acceptable and at the same time are convinced that ASM can be done in a responsible way. That is why we focus on a step-by-step continuous improvement approach and why Fairphone, together with the FCA, developed an ASM Cobalt Framework which provides Environmental, Social & Governance benchmarks to measure the progress and improvements at the mine site over time.

All of this takes time, investment and most of all, collaboration with partners on the ground. We are the first to recognize that the conditions on the ASM mine sites are not yet good. But over the course of the last two years, some first improvements have materialized. This includes the training of health and safety captains at the mine site, a system for the provision of personal protective equipment for the women cobalt washers, and establishing a health and safety committee to monitor incidents. For more detailed information on activities and progress, you can access the FCA’s quarterly and annual report here.

There is still a lot to do and many challenges and difficulties to face. And Fairphone is in it for the long term – because only with long term engagement can we get to a point where ASM cobalt production is safe and responsible.

3. How does Fairphone check its supply chain of cobalt?

On an annual basis, Fairphone requests its suppliers to provide information on all the cobalt refineries in our and their supply chain. This is done by using the Extended Minerals Reporting Template (EMRT) of the Responsible Minerals Initiative (RMI), which forms part of the Responsible Business Alliance (RBA). We then analyze the data from our suppliers and check the reported refiners against the RMI’s list of certified cobalt refiners. These are refiners that are undergoing or have undergone the RMI’s Responsible Minerals Assurance Process (RMAP) – meaning they have been audited against the RMI’s Cobalt Refiner Due Diligence Standard, which certifies that the refiner has put in place the necessary measures to check, prevent and mitigate gross human rights abuses related to the sources and mines it buys from. Where we find refiners that have not yet undergone an audit, we aim to conduct outreach to convince the refiner to undergo such an audit. Where we find a refiner that has failed an audit, we aim to first engage and request improvement and only disengage from it as a last resort if no improvements are made over time. As a small company, we cannot do all of this outreach alone, and also rely on support from industry associations such as the RMI and industry peers.

We publish the list of our cobalt refiners, their location and their certification status in our Supply Chain Engagement Report, which is published annually. Here the link to the report for 2021; the report for 2022 will be published in April 2023.

4. Why doesn’t Fairphone just use cobalt from other countries than the DRC?

Our goal is to stay engaged and use our buying power to drive for a positive change where improvements are most needed, instead of walking away from difficult contexts and ignoring the challenges there. Artisanal cobalt mining in the DRC is a crucial livelihood for thousands of people who have little other alternatives, due to poverty and the lack of gainful employment. We recognize that this is linked to a lot of challenges and impacts, but this is precisely why we want to engage and invest in this context. We choose to engage and support rather than exclude and marginalize those who are already the poorest and weakest in our supply chain. It is in contexts like the DRC where Fairphone can have the most positive impact.

5. What does Fairphone concretely do on the ground in DRC to improve things? What has been achieved so far and what are Fairphone’s goals for its cobalt sourcing?

Fairphone engages and invests on the ground in DRC through the Fair Cobalt Alliance (FCA), which it co-founded in 2020. The FCA works directly with artisanal mining cooperatives and surrounding communities around the city of Kolwezi in DRC, where most cobalt is mined. Fairphone’s goals are aligned with the FCA’s, namely: 

• to professionalize the ASM sector by investing in and supporting responsible and safe mining practices, creating dignified working conditions, and enabling fair compensation of workers
• to work towards child-labor-free communities, where the root causes of child labor are tackled in a holistic manner
• And to enable sustainable livelihoods and economic diversification of mining communities.

This year, we aim to work especially on the integration of artisanally mined cobalt into responsible supply chains, linking ASM producers with responsible markets. Ultimately we want to see an ASM sector consisting of responsible and safe small and medium-sized mining enterprises, contributing to the development of local communities and DRC as a whole.

Details about the FCA’s overall goals, its workstreams and activities, and the progress to date can be found on its website.

6. Can recycled cobalt be an alternative option?

In general, using recycled materials is a first step towards a circular economy, and is therefore something Fairphone aims towards. While cobalt is recyclable in principle, and industry is using recycled cobalt already, there are a few barriers that we still encounter:

• First, until now, one of the main sources of recycled cobalt came from consumer batteries (such as in mobile phones). But due to the limited quantity and concentration of cobalt in consumer batteries, the corresponding development of recycling infrastructure to recover cobalt from such batteries has been limited. In other words, the available amount of recycled cobalt that can be re-integrated into new batteries is still small. It is not economically attractive at present, because the collection rate and the amount of cobalt are low.
• Second, the demand for electric vehicles (EV) is now growing fast, leading to enough incentive for recycling cobalt from these EV batteries. However, along with the huge demand growth driven by the green energy transition and EVs, car batteries may last 6-10 years, and only then are they expected to become a large source of recycled cobalt. And even so, there are still challenges in purification and economic feasibility for recycling cobalt from EV batteries to be used in consumer batteries (such as in Fairphone products). We are currently exploring this with our suppliers. Ultimately, researchers predict that recycled cobalt will only account for 15% of the estimated global demand in 2030. It shows that with rapidly increased demand and relatively long battery life, cobalt mining will remain relevant and in need of our attention.

• Thirdly, collecting more waste consumer batteries is surely an option. But batteries are classified as a hazardous good and therefore their transport, storage and handling are subject to strict safeguards and standards. This is why our take-back program of e-waste from informal waste dumps in Africa with our partners Closing The Loop does not yet cover batteries.

Overall, we are exploring the use of recycled cobalt in our batteries when and where we can, but we also see the need to accompany this with two other measures: 1) Engage in improving mining, because we will remain dependent on mined sources for some time, and 2) contribute to improving recycling rates of batteries.

The post Sticking with Cobalt Blue appeared first on Fairphone.

In 2017, Jason A. Donenfeld (known for WireGuard®) reported an issue in Tox’s handshake [1]. This issue is called “Key Compromise Impersonation” (KCI). I will try to explain the issue as simple as possible:

In Tox you don’t register an account (e.g. with username and password), but instead your identity is solely based on (asymmetric) cryptographic information, a so-called asymmetric key pair. Such a key pair consists of a public part (public key) and a private part (private key). The public part, as the naming suggests, is public and contained in your ToxID which you share with your contacts to be able to communicate with them via Tox. The private part, again as the name suggests, needs to stay private! If someone gets in possession of your private key, they stole your Tox identity. This could, for example, be the case if someone got physical access to your computer or successfully installed malware on your system, e.g. a so-called trojan horse, to be able to extract data from it. If this happens, you will most likely have multiple problems and your Tox identity may be just one of them. The password you enter when you create your Tox profile, e.g. when you first start qTox client, is used to encrypt your profile and also your private key on your disk. If you start qTox, you need to enter your password to decrypt your private key, to be able to communicate via Tox. Your private key is then stored unencrypted in memory (i.e. RAM) while qTox is running. This means an attacker either needs to get access to your password (steal or crack it) or to read your Tox private key from memory while your Tox chat client is running.

If someone successfully stole your Tox identity (i.e. this private key), they are you – at least in the context of Tox. So they can successfully impersonate you in Tox. Now in this case the KCI vulnerability leads to “interesting” behavior. It is clear that someone who stole your identity is able to impersonate you. But because of the KCI vulnerability, they may also be able to impersonate others to you. This means, to exploit this vulnerability in practice, someone not only needs to successfully steal your private key, but additionally:

• Know the ToxIDs of your Tox friends to be able to impersonate them to you.
• Control the network connection between you and your friend. This could be the case e.g. if they are in the same (public) WiFi as you, or via the Internet – which is way harder and is most likely only possible for state actors (e.g. the NSA).
• Implement their own version of toxcore because it’s not possible to exploit this issue with the current implementation. There is no public exploit available which can just be used.

In summary, KCI is exploitable, but with a huge effort.

Anyway, this is a real vulnerability and it should be fixed. The current Tox handshake implementation is not state-of-the-art in cryptography and it also breaks the “do not roll your own crypto” principle. As a solution, there is a framework called Noise Protocol Framework (Noise, [2]) which can be used to create a new handshake for Tox. More precisely, the application of Noise will only change a part of Tox handshake — the so-called Authenticated Key Exchange (AKE). Noise-based protocols are already in use in e.g. WhatsApp, which uses it for encrypted client-to-server communication, and WireGuard®, which uses it for establishing Virtual Private Network (VPN) connections. Noise protocols can be used to implement End-to-End Encryption (E2EE) with (perfect) forward secrecy (which is also the case with the current Tox implementation), but further adds KCI-resilience to Tox.

Tobi (goldroom on GitHub) wrote his master’s thesis (“Adopting the Noise Key Exchange in Tox“) on the KCI issue in Tox, designed a new Handshake for Tox based on NoiseIK and implemented a proof-of-concept (PoC) for this new NoiseIK-based handshake by using Noise-C [3]. This PoC has a few drawbacks, which is why it should not be used in practice (see Appendix). If you want to know more about his master’s thesis, see the update in the initial KCI GitHub issue [4].

He applied for funding at NLnet foundation and their NGI Assure fund to continue his work on Tox and to be able to implement a production-ready Noise-based handshake for toxcore. Fortunately, this application was successful [5]. NGI Assure is made possible with financial support from the European Commission’s Next Generation Internet programme (https://ngi.eu/).

The objective of this project is to implement a new KCI-resistant handshake based on NoiseIK in c-toxcore, which is backwards compatible to the current KCI-vulnerable handshake to enable interoperability and smooth transition. The main part of this project is to implement NoiseIK directly in c-toxcore to remove Noise-C as a dependency (as the only other dependency for c-toxcore is NaCl/libsodium) which was used in the PoC and therefore improve maintainability of c-toxcore (see Appendix).

The tasks in this project are:

• Implementation of a Noise-based AKE for the use in Tox’s handshake in c-toxcore
  • This task is to implement and test an AKE for the Tox handshake based on a Noise protocol (most likely Noise_IK_25519_ChaChaPoly_SHA512, but it may change due to new insights in c-toxcore).
• Implementation of a symmetric transport phase encryption based on a Noise-based AKE/handshake
  • This task includes the implementation of a symmetric transport phase encryption based on the secret key(s) generated during the Noise-based AKE during the Tox handshake and evaluation of Noise’s rekey feature.
  • Subtasks:
    • Decision of which symmetric cipher to use for the Tox transport phase encryption (e.g. ChaCha20-Poly1305 or XSalsa20-Poly1305)
    • Evaluation of Noise’s rekey feature to allow for session rekeying to reduce the volume of data encrypted under a single cipher key (cf. section 11.3 of Noise specification, revision 34). This may not be applicable to be implemented in c-toxcore (e.g. changing keys may be expensive). Also, it may not be necessary for ChaCha20 / XSalsa20. Further, it’s dependent on how the transport phase encryption will be implemented.
• Support for the Noise-based AKE and the KCI-vulnerable AKE for backwards compatibility
  • This task includes the implementation of a mechanism to fall back to the KCI-vulnerable handshake if one of both peers uses a legacy c-toxcore version to provide backwards compatibility for the handshake transition phase (e.g. via cookie phase (request and response) of Tox’s handshake).
• Error handling and testing, Documentation, Blog posts

The plan is to implement this new handshake until July 2023. Since it’s not a trivial task, there are still some obstacles:

1. In Noise it is necessary to differentiate between the initiator and responder of a handshake. Due to the architecture of Tox it is possible that both peers initiate and respond to a handshake at the same time.
2. Tox is P2P and UDP-based. Therefore packets can be received out-of-order or be lost altogether. In the Noise specification this is only considered for transport messages (cf. [6]).

   • “Note that lossy and out-of-order message delivery introduces many other concerns (including out-of-order handshake messages and denial of service risks) which are outside the scope of this document.” (cf. [6])

Both points are not ideal for a handshake based on NoiseIK (i.e. it would be way easier to implement it in a client-server model using TCP), but it should be possible to work this out.

Tobi is available in #toktok (libera.chat) as tobi/@tobi_fh:matrix.org and ready for any input, questions, remarks, discussions or complaints.

---

Appendix

The PoC shouldn’t be used in practice/in production because it should be improved in the following aspects (for details see chapter five of Tobi’s thesis [4]):

• The PoC was implemented by using the Noise-C library [3]. Instead of using the library, NoiseIK or more specifically the Noise_IK_25519_ChaChaPoly_SHA512 protocol will be implemented directly in c-toxcore. This will remove Noise-C as a dependency for toxcore (i.e. the only other dependency is NaCl/libsodium) and therefore improve maintainability. Additionally this will reduce the number of possibly vulnerable source lines of code.
  • Notes on maintainability: Noise-C has a lot of code/functionality which is not necessary for c-toxcore. Also Noise-C is currently (?) not actively maintained. If NoiseIK is implemented directly in c-toxcore it is only necessary to maintain the c-toxcore codebase and it is not necessary to care about Noise-C.
• The PoC implementation uses the ChaCha20-Poly1305 AEAD cipher during the AKE/handshake and XSalsa20-Poly1305 during the transport phase. In this project it should be evaluated if it’s possible to also use ChaCha20 during the transport phase to only use one cipher instead of two different ones (XSalsa20 is not supported by the Noise framework). For details see chapter four of Tobi’s thesis.
• Further testing of NoiseIK handshake behavior and improved error handling.
• The PoC implementation is not backwards compatible with the current KCI-vulnerable Tox handshake. In this project a mechanism should be added to enable interoperability with clients based on an old c-toxcore version.

---

References:

• [1] Tox Handshake Vulnerable to KCI #426: https://github.com/TokTok/c-toxcore/issues/426
• [2] Noise Protocol Framework: https://noiseprotocol.org/
• [3] Noise-C Library: https://github.com/rweather/noise-c
  • https://rweather.github.io/noise-c/index.html
• [4] More information on Tobi/goldroom’s master’s thesis: https://github.com/TokTok/c-toxcore/issues/426#issuecomment-759511593
• [5] “Adopting the Noise Key Exchange in Tox” project description/information: https://nlnet.nl/project/Noise-Tox/
• [6] Noise specification, 11.4. Out-of-order transport messages: https://noiseprotocol.org/noise.html#out-of-order-transport-messages

---

“WireGuard” is a registered trademark of Jason A. Donenfeld.

On March 1, the German Parliament held a hearing in the Digital Committee on the EU Commission's draft law for client-side scanning to fight child sexual abuse online, also named 'chat control'. IT experts, civil libertarians, law enforcement officials and even child protectors agree: the EU's proposal does not protect children, but poses major risks to fundamental rights.

Privacy Browser 3.3 introduces the option to select a custom proxy in the format of scheme://host:port as described in the ProxyConfig.Builder documentation. There are two preconfigured options, one for Tor which uses socks://localhost:9050 and a second one for I2P which uses http://localhost:4444.

The basic choices.

Selecting the Tor or I2P options produce an error message if the official app for those services is not installed on the device. If you are using a third-party app to provide access to those networks, you should use the custom proxy option. You can also use a custom proxy if you are using Orbot and have disabled the Allow Background Starts option, which will cause the Waiting for Orbot dialog to always appear when using the Tor proxy option because Privacy Browser cannot query Orbot’s status.

Let me start by apologizing to everyone for skipping yet another monthly community update. This has largely been my fault as I was rather busy in January and following FOSDEM at the start of February I found myself occupied with things related to the EU store. I hope for things to go back to normal now; you can expect future community updates at the end of each month as per usual. Again...

Source

We just released version 1.16 of the official F-Droid client app for Android which includes many radical changes under the hood as well as many bug fixes for long standing issue. Read on for more details.

Growing repository size

As more and more apps make their way into F-Droid, the official repository index that includes all apps and their metadata also keeps growing. Currently, the size of the compressed index is 8 MB which is 33 MB uncompressed. When updating the repository index, each F-Droid client app has to download and process those 8MB again and again. This problematic trend became apparent a long time ago.

Updating only what has changed

Our repository index is in JSON format and we decided to make use of RFC 7396 JSON Merge Patch to create much smaller JSON files that only contain the changes since your F-Droid app last updated. Technically, this works by downloading a new entry.json file instead of the full index. This entry file points to the full index in case the app had never updated before and needs all app metadata anyway. But the entry also contains pointers to various smaller difference files. The app automatically picks the right diff and only downloads that much smaller file instead of the full index. This not only saves bandwidth, it also makes updating the index much faster as only the minimum amount of data needs to be downloaded, processed and stored. As of writing, the latest diff is 80 KB compressed which is 241 KB uncompressed which is only 1% of the full index. Version 1.16 of the official F-Droid client app for Android supports this new repository format.

Other improvements

The new version has a large number of radical changes under the hood. For example, the entire database had to be replaced to support the new difference based repository format. We also used the opportunity to improve various bit and pieces along the way:

• improved mirror support: all files (e.g. images) now get loaded from mirrors reducing the load on the main server
• better support for low RAM devices, because the index now gets streamed into the DB instead of loading all of it into memory
• hash verification: The SHA256 hash of all files is now part of the repository metadata and gets verified while downloading
• stronger digest algorithm for repository signing: We now use SHA256 instead of SHA1 for the index signature
• support for downloading repository files via IPFS
• many bug fixes that came out of modernizing ancient code

The new version went through a series of alpha releases with extended testing to make sure no severe issues make it into the stable release. It is now considered ready for general use.

Information for repository and client maintainers

Owners of third-party F-Droid repositories can enable the new format by upgrading to the latest version of fdroidserver which will automatically publish the new format in addition to the old ones which we keep around to support older client apps.

Developers of third-party F-Droid clients are encouraged to adopt the new format either with their own implementations or by making use of the new libraries we are publishing to make using this technology as easy as possible and to share as much code as possible between different F-Droid implementations.

This work was funded by the FFDW-DVD grant

Following the statement of Signal to 'walk out' of the UK should the Online Safety Bill pass, the encrypted email service Tutanota, says: "We will not 'walk out' of UK. We will also not comply with any requests to backdoor the encryption."

VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection. Then once users are connected, all of their traffic that goes over the VPN will see the internet from the point of view of the VPN’s server. That is how VPNs “unblock” the internet. In contrast, some are using VPNs to selectively block things, like making a system-wide adblocker.

To answer the question about whether they are a useful privacy tool, let’s start with the history of where VPNs came from. VPN stands for Virtual Private Network. They were developed by large companies with multiple offices and travelling employees. The goal was to link together all of these offices so that internal data could be freely shared between them without that data going over the internet as easily readable unencrypted plain text. Then travelling employees could also safely access the internal data via any internet connection. The key piece of this picture is that the users, employees in this case, already had to trust their VPN provider. The VPN provider was the company they worked for, and the data they were handling belonged to the company. So there was no attempt to hide user information from the VPN provider. Indeed quite the opposite: companies linked the VPN access to each employee’s “single sign-on” account. Built into the design of VPNs is full trust of the VPN provider, with the aim of keeping the data private from the internet. This setup was also by design, since many large companies wanted to ensure their employees work laptops were still going through the corporate firewall, where the company could block certain sites (e.g. malware, porn), then also monitor employees internet activity to ensure they are not exposing files that the company does not want to be public.

This does not paint a good picture for a tool to protect privacy. But there is hope! It is possible to use a VPN to improve your privacy if you pay attention to some key details. For VPN services to provide privacy, you have to put a lot of trust in the people who are operating the service. The VPN provider can see all of your traffic that goes over the VPN, and they have a strong link to your user account with them. The privacy advantage of a VPN is that the destination sites cannot see which IP address your device is coming from, they will see the VPN provider’s IP address. And your ISP will see you are using a VPN, but not which sites you visit. With HTTPS, TLS, and end-to-end encryption being widespread, any encrypted content will be protected from the VPN provider also. But the VPN provider can still see where you are connecting from, which sites and services you are using, what time of day, and even potentially correlate traffic to link activities of their users. In other words, the VPN operator sees lots of metadata about you, so much so that they could paint a quite detailed portrait of your personal life if they ever did let their data be analyzed.

How to build a privacy-respecting VPN service

There are good signals that VPN services can send to show that they are tackling the real issues. For example, shipping free software clients, maintaining a warrant canary, posting a clear privacy policy describing the logging policy, and publishing the unredacted results of third party audits. If the VPN operator is doing the right thing, then VPNs can provide a relatively private way to access the internet. With a consistent track record of transparency, they can build up a trusted reputation for protecting privacy. Unfortunately, we cannot rest there since a VPN provider can change their setup quite easily, whether willingly or under duress. Maintaining consistent, regular, and transparent communications is therefore essential.

• Calyx Institute’s Privacy Policy and Financials and Annual Reports
• Mozilla’s Data Privacy Principles
• Mullvad’s Swedish legislation relevant to us as a VPN provider and Privacy Policy

On top of that, the VPNalyzer project is working to make monitoring VPN services a lot easier and possible to crowdsource. This gives a third party perspective from some respected organizations.

Know as little as possible about your users

Many VPN providers require an account and payment information. This is usually personally identifiable information, like name, credit card information, email address, phone number, billing address, etc. The most private services have no user accounts by design. Calyx, Lavabit, and Riseup VPNs do not require any account or payment at all, so they do not have that information to give out or leak. Providers that accept payment need a way to tie payment to service, that is usually done using accounts tied to email addresses or phone numbers. Personal details are not required to make accounts and payments work. Mullvad uses a randomly generated account number only, there is no link to other identifiers unless you provide them. Additionally, Mullvad is one of the few VPN vendors that accepts cash payments. Many technically minded implementers laugh at the idea of processing envelopes of cash, but it is an effective, real world solution to minimizing personal data that software methods struggle to match.

Keep as little information as possible

The VPN servers unavoidably see lots of information about what users are doing. The default with most servers is to keep logs of that data. The longer this data is kept, the greater the risk it will be used to identify users and their activities. It does not help that standard practice for running servers is to keep logs for a long time. Many service providers keep those logs for years.

VPN providers must be clear about what logs they are keeping, and how long they are stored. Even better, they will provide information about how they do store the data that they do keep. For example, if the servers do not use full disk encryption, then it would be straightforward to recover the deleted logs. That is much harder on systems using full disk encryption.

• A 2019 audit of IVPN showed that, at that time, the auditors confirmed that IVPN performed no “statistical logging of customer-traffic”, “logging of traffic, IP addresses or DNS requests” on the servers that the auditors were given access to.
• Mullvad says, “we never store any activity logs of any kind.” in their no logging data policy

Proven track record of resisting unjust legal intrusion

There are many legal ways for authorities to get private data, this is an essential part of a functioning justice system. But these powers are sadly abused in basically every country in the world, it is only a question of degrees. A VPN provider needs to represent its users legal interests, and push back on legal orders when there is the possibility they are unjust. Calyx Institute’s Nick Merrill provides the shining example in this regard. With the ACLU, he fought a legal case for over a decade to prevent unjust intrusion for his users. Ladar Levison shut down his email company Lavabit rather than allow the US Government to monitor Edward Snowden’s email account.

There are other ways to ensure that the legal processes are not abused. These include warrant canaries and disclosure when data had to be turned over via legal procedures.

• Mozilla’s Transparency policy
• ProtonVPN’s Transparency Report & Warrant Canary
• Riseup’s Canary Statement

Publish as much as possible as free open source software

F-Droid works to build services where free software, code inspection, reproducible builds provide a method to ensure that the software we deliver is trustworthy. VPN vendors recognize how important trust is, so the good ones work to get their apps into f-droid.org. The F-Droid community provides the best screening for ensuring Android apps are truly free software. On top of that, F-Droid flags apps for Anti-Features, which are things that users may not like, but might accept. Here are VPN clients that do maintain their free software clients in f-droid.org:

• Bitmask
• Calyx VPN
• eduVPN
• IVPN
• Lavabit Encrypted Proxy
• Mullvad VPN
• Outline
• ProtonVPN
• Purism Librem Tunnel
• Riseup VPN
• Tailscale

Use external auditors to confirm source code and operations

External auditors are important because they can bring fresh eyes on the source code, and good auditors are experts at finding issues in source code and server setups. And responsible organizations will publish the full, unredacted audit report once they have fixed the issues. Even if a VPN app is included in F-Droid, there are key aspects of the service that cannot be independently verified. For this, we must rely on the people who run the service to do the right thing. Audits can demonstrate that they were doing the right thing at the point of time of the audit. Here are some examples:

• IVPN’s 2019 audit of IVPN
• Mozilla VPN had their app source code audited in 2021 and fixed the issues that were found.
• Mullvad’s Pentest-Report Mullvad Apps, Clients & API 05.2020, Pentest-Report Mullvad VPN Clients 09.2018, and 2020 Infrastructure Audit
• Outline’s 2017 Pentratration Test Report and Pentest & Audit Report Jigsaw Outline 09.-12.2018
• Proton VPN open sourced their client apps and had them audited in 2019.

Publicly verifiable binaries via reproducible builds

Source code is the easiest place to conduct an audit of software, but it is the binary files that actually run on your device. Auditing binaries rarely happens since it is so much more time intensive. And yet, there are ways to change how software works without changing the source code. This can be done by injecting changes into the process that converts the source code into the executable binary. Reproducible Builds is the indisputable method for proving that a given binary was generated by given source code.

There are some generic VPN clients in Debian that are built reproducibly, but there are no Android or iOS VPN apps or branded desktop client apps that meet this standard yet. We recommend that VPN providers work with Debian, F-Droid, the Reproducible Builds group, or any other relevant project to achieve this key step.

Apple iOS

This post focuses on Android because iOS has a number of issues that make using VPNs for privacy less effective. For example, VPNs on iOS will leak IP addresses. Apple knows about this issue, yet still has not fixed it after a couple years. On top of that, it is not possible to have reproducible builds on iOS because the actual executable binaries are encrypted by Apple’s proprietary Digital Restrictions Management (DRM), so only Apple could ever reproducibly build something. If you are running Apple iOS, you are stuck trusting Apple to do the right thing, since they operate a relatively opaque, proprietary, strictly walled garden.

Run your own VPN

The VPN security model means you have to put a ton of trust in the operator. Questions of trust get much easier when you are talking about yourself or own organization. There are many projects that aim to make it as easy as possible to run your own VPN service. The good ones are all free software and have been audited, both the client source code and the server side setup.

• Amnezia is a free service to create a personal VPN on your server.
• LEAP VPN is a “white label” VPN setup used to build Bitmask, CalyxVPN, RiseupVPN and more.
• Outline “makes it easy to create a VPN server, giving anyone access to the free and open internet.”
• WEPN is a free software kit to become your own VPN provider, designed around a small hardware device.

There are also generic VPN client apps based on standard protocols:

• eduVPN
• OpenVPN for Android
• Shadowsocks
• strongSwan
• WireGuard

Comparing VPNs to Tor and MASQUE

If it is privacy that you seek, then there are other tools to review. Tor is a longstanding community project that aims to make privacy proxies without compromise. Tor works similarly to VPN in that it is tunneling traffic to shared servers, the big difference is that your traffic is tunneled through three relays (in comparison to single hop VPNs). Each individual Tor relay cannot see the enough to put together a picture of who is doing what. At most, a relay can see what is done, but not who. Or that someone is accessing Tor, but not their destination. Orbot provides a VPN mode, but this is still full Tor protection, since it is just using the device’s VPN user experience to provide access to the Tor network. Tor Browser then adds whole other layers of privacy protection that can only be implemented in the internet-enabled app. This includes things like reducing metadata leaks in the HTTPS connection or web APIs, or isolating websites from each other within the browser, so they cannot read data about other sites the user has visited.

A new approach that is somewhere in between a VPN and Tor are multi-hop MASQUE relays. MASQUE is a new protocol that is similar to VPN and proxy protocols. MASQUE is built on HTTP/3 aka QUIC, so it does not stick out as much as VPN or WireGuard traffic. It also allows for multi-hop configurations. MASQUE is only newly deployed, so there is not the two decades of experience working to minimize metadata leaks in the processes for relaying traffic.

Apple iCloud Private Relay is a two hop deployment on MASQUE, which means that the Apple side can see that the user is sending traffic, and the Cloudflare side can see the destination, but not the user. That does provide a real privacy improvement over a single hop system. Unfortunately, Apple iCloud Private Relay fails most of the other tests laid out in this post. Plus given the history of NSA programs like PRISM, and the willingness for US companies like Apple and Google to take part, this setup is not clear protection from NSA and Five Eyes surveillance and targeting. It would be relatively straightforward for those kinds of agencies to correlate the data from the Apple and Cloudflare side if they have access to the metadata from both sides.

If privacy is your primary concern, then it is worth investing time into tools like Tor. If you have limited time and are mostly concerned about mass surveillance, then a good VPN is worth considering for some added privacy protection.

As a reader of this blog you’re already well aware that you can use the Librem 5 while travelling. This is the (highly anticipated, I’m sure) follow up to the previous post about FOSDEM 2023. With sufficient time for all impressions to settle in, let me share my experiences of this trip. The travel itself was […]

The post FOSDEM 2023 Event Report appeared first on Purism.

Two years ago I started an experiment to see if I could replace my personal laptop with my Librem 5 with a lapdock (spoiler: I could). A year later I wrote a follow-up post that talks about my impressions of the Librem 5 and lapdock kit as a personal computer. Based on my two years’ […]

The post My Top 10 Lapdock Kit Tips appeared first on Purism.

As security experts we recommend that you protect your accounts with U2F two-factor authentication. You use a key to lock your front door or your car. Similarly you must use a key to lock your online accounts as these are just as valuable and need just as much protection. To secure your digital accounts with a U2F hardware key is the most secure option to protect your login credentials! In this post we explain why U2F is important and how it works.

Everyone is talking about ChatGPT, but no one is looking at its privacy implications. Within months of its release hundreds of millions of users have signed up - almost none of them have read ChatGPT's privacy policy. Is it worth signing away your right to privacy for using the AI?

Librem-EC 1.12 for the Librem 14 has been released with a fix to the PL4 power limit to address sudden shutoffs that still remained in the 1.11 release.  Once again, the issue was in a subtle corner case, which we were able to identify with help from testers.  Update to 1.12 with our update instructions, […]

The post Update on Librem-EC 1.12 appeared first on Purism.

With the Lapdock kit, you can turn your Librem 5 or Librem 5 USA into a PureOS laptop. While your Librem 5 is fully able to run desktop apps on its own, once attached to the Lapdock, you can take advantage of the extra screen space, battery power, and extra ports. Lapdock Benefits The Lapdock […]

The post Introducing the Lapdock Kit appeared first on Purism.

Mobile Linux is gaining in popularity. What is a simple way to develop for it? This upcoming series of posts will help with that using Phosh and related technologies. We’ll start out really simple and move into more complicated topics step by step. For many bits you won’t even need to modify your phone (or […]

The post Developing for Mobile Linux with Phosh – Part 0: Running Nested appeared first on Purism.

We just added a new accessory product to our shop, a USB type-C universal travel charger offering up to 65 Watt output power. It can charge and operate our Librem 5 phones as well as the Librem 14 laptop, the Lapdock Kit and upcoming products using USB type-C Power Delivery (PD). We are especially excited about […]

The post USB-C Type Universal Travel Chargers Available from Purism appeared first on Purism.

The recent news about Germany challenging Palantir's big data dragnet is a timely reminder of the importance of protecting our online privacy.

One of the most unique, and most powerful features of the Librem 5 and Librem 5 USA is that they are running the same convergent PureOS as our Librem 14 and Librem Mini. This means that they are not running applications that have been ported to a mobile platform, instead the same desktop applications as […]

The post Announcing the Lapdock Kit appeared first on Purism.

One of the unique features about the Librem 5 is its modular cellular modem and WiFi/Bluetooth cards. This not only aids in repairing hardware, it also means when new, compatible cards become available (or previous cards unavailable), we have the flexibility to change modules. Up until December 2022 all Librem5 phones had been shipping with […]

The post Shipping new SparkLAN Wifi cards with Librem 5 appeared first on Purism.

In the late 19th Century, even before the invention of the SatNav, astronomers were uncertain about the exact size and shape of the earth. Maps existed of course, and the earth was understood to be ellipsoid, but the exact size and shape were unknown. Struven Ketju, or the Struve Geodetic Arc is a series of many hundreds of observation stations that stretches from the southern tip of Ukraine to the northern tip of Norway, through ten countries but with its longest stretch running through Finland. Named after its instigator Friedrich Georg Wilhelm von Struve, Struven Ketju allowed the first accurate measurement of a meridian arc, and from that the exact size and shape of the earth to be established. It’s also included on the World Heritage List, and therefore our chosen name for the Sailfish OS 4.5 Struven Ketju release.

 

At Jolla we’ve always aimed for at least three Sailfish OS releases per year. But the release process comes with its own overheads, and the Sailfish OS Vanha Rauma 4.4 release in March was a big update, including support for the Xperia 10 III in May. So since then we’ve been trying something slightly different: smaller, more incremental releases building on the Sailfish OS Vanha Rauma 4.4 base. The result is that although there’s been a big gap between then and now, we nevertheless pushed out a total of five updates last year: 4.3.0.15, 4.4.0.58, 4.4.0.64, 4.4.0.68 and 4.4.0.72. We will continue to tweak our approach to get the best releases out to you as quickly as possible. 

To celebrate the new release, we are offering Sailfish X at a reduced price of €39.90 from Jolla shop!

But let’s talk about what we’re all here for: Sailfish OS 4.5 Struven Ketju. 

Sailfish OS 4.5 Struven Ketju is, an impressive combination of updates and improvements. We’ve improved both the foundations and the experience, especially in the area of our unique Android AppSupport technology. We’ve addressed many of the paper cut issues that the community has raised over the years, such as connectivity improvements, improved Bluetooth scanning and audio controls support, refined keyboard layouts, improved account sign-in flow, better Android notification integration and increased browser compatibility, to name a few. 

The headline area of improvement for Android AppSupport is the major update to Android 11. This is an over-the-air update for all our officially supported devices, there’s no need to reflash your phone. With Android 11 expected to be supported by Alphabet until at least 2024, this update ensures there will be no gaps in security-patches or support. 

Android AppSupport is a key pillar in ensuring you have access to wider technologies and services on your phone, making it more compliant for everyday use. Android AppSupport gives you the best access, with the best integration, while also giving you full control over how deeply you want to integrate into the Android ecosystem. 

This control is one of the things that we think makes Sailfish OS so special: purists you can go fully native, using only the many excellent Sailfish apps that are available. If you want Android applications support without having to tie yourself into proprietary ecosystems, you can do that too by installing AppSupport and the apps you desire from your preferred App stores. A step beyond that, installing microG services on your AppSupport enabled phone will give you access to the broadest possible set of Android applications and services without having to sign up for a Google account. Finally, if you want full access to services such as those provided by Google , you can do even that by installing Google Mobile Services as discussed in the forum. 

On Sailfish OS, the decision is entirely yours, and it’s a key part of Jolla’s approach: your device, your choices, your control.

The update to Android 11 brings with it a huge set of improvements to the Android AppSupport integration. From the Android side, new privacy features mean better separation between Android apps, with scoped storage now applied also to external media, one-time permissions support, and tighter restrictions on background location access, to name a few. Our efforts have resulted in important enhancements to the security and stability of AppSupport.

Something which I’m personally proud of is that we now have much improved audio integration, which means that when the user plugs in a headset while a videocall is ongoing, for example, the Android side reacts correctly. User interface sound effects and vibrations are handled in Sailfish OS making audio behaviour unified between Android and native applications. For example previously UI sound effect files would be opened in the Android side, output stream created and audio written through the stream, eventually reaching PulseAudio. Instead of doing all these complicated steps in Android the feedback request is passed to host side and the effect is handled by the Non-Graphical Feedback Daemon (ngfd), so UI feedback clicks are now the same in Android and Sailfish OS and controlling their playback is done from single location in Sailfish OS settings.

We now support also per-application audio streams, meaning that we have separate audio streams for apps on the host side for the first time. Instead of grouping multiple application audio streams by type, we now separate the audio streams by the application, allowing for example per-application volume control in Sailfish OS side if wanted. This is a really cool thing considering Android’s audio architecture.

As you can see, we’ve made many subtle but deep changes to Android AppSupport leading to numerous small, but life-improving, changes. We’re certain you’ll appreciate them even more over time when while using your device.

Outside of Android AppSupport, our commitment to giving you the best access to your device also means we’ve been publishing new APIs for public use by developers. We’ve added access to ten new APIs for the 4.5 Struven Ketju release, including things that many developers have been asking for such as Sailfish Secrets for managing private data, QtLocation for mapping integration, BluezQt for Bluetooth control and Sailfish.Media for audio player integration.

 

I’m also really happy to see all the improvements on the Sailfish OS side. Damien Caliste has continued to make amazing contributions, which you’ll immediately see when you open the Calendar app. The user interface has been improved with tabs and a brand-new week layout to give you a better overview of upcoming events. There are also numerous background improvements for better syncing with online accounts. 

We’ve added the ability to use an alphanumeric lock code in conjunction with the existing encrypted storage to greatly increase security in the event your device is lost or stolen. 

There is now battery ageing protection, accessible via settings, that applies hysteresis to lengthen the usable life of your battery and ensure that time between charges can be maximised over the lifetime of your phone. We’ve also made numerous fixes to the connectivity systems for mobile, Wifi and to Android AppSupport. 

Overall, the 4.5 Struven Ketju release contains over 700 bugfixes and separately incorporates tens of upstream package updates, all of which make daily use a nicer and more fulfilling experience. Of course, we understand that just like any piece of software there will still be bugs that need fixing, but we’ll continue working with our customers and the community to make sure we’re always making progress in getting them fixed. 

 

The post Sailfish OS 4.5 Struven Ketju appeared first on Jolla Blog.

In 2022, the German company SHIFT donated three smartphones of their model SHIFT6mq as a loan for life to F-Droid team members. This was done without asking for anything in return. However, we do want to share our experiences with the devices.

The SHIFT6mq phone © SHIFT.

First of all, SHIFT has a focus on making sustainable earphones, tablets and smartphones, called SHIFTphone so they use fair trade materials and even substitute the use of a specific rare metal by using ceramic capacitors. All their products are modular and therefore easier to repair.

Link to YouTube video showing how modular the SHIFTphone is.

One of our team members really went to town with his SHIFT6mq. The devices come with their own flavour of Android which is called ShiftOS-G and is certified by Google. In his article “Android without Google: Shiftphones” he reviews the device and its operating system. However, he takes it one step further and de-Googles it by installing ShiftOS-Light (ShiftOS-L). Best is to read that article before continuing here. That article also helped the other team members to explore this smartphone more thoroughly. Further feedback praised it for its battery life and less data use when de-Googled.

At the moment, SHIFT6mq is the only model from SHIFT which is supported by LineageOS, as this support is done by one of the developers of SHIFT. We expect that their future models also will work with LineageOS and SHIFT8 is due to be released at the end of this year. For those who don’t know, LineageOS currently supports almost 200 different Android devices and works well together with F-Droid apps.

LineageOS for SHIFT6mq supports Calyx Institute’s SeedVault for making complete backups of your device. And this will also be offered in upcoming version 12 of ShiftOS-L. Without going too much off-topic, for more information read NLnet’s article on it. See also SHIFT’s well-maintained forum, mostly in German, but you can ask your question in English too.

F-Droid client with the SHIFT6mq smartphone frame as shown on F-Droid’s homepage.

The F-Droid homepage used to show a smartphone frame around the screenshot of the F-Droid client from a not so open manufacturer. We wanted to replace that for a while. At our request the SHIFT team provided us with the design of the SHIFT6mq smartphone frame and permission to use it. Perhaps you have already noticed that as it is currently seen on our homepage.

To fortify users’ online privacy, Purism has launched a new offer for the Librem 5 USA phone powered with a wireless, cellular plan, AweSIM. The Librem 5 USA is a privacy-first phone manufactured with Made In USA electronics and a secure supply chain, valued by those who care about their digital privacy. AweSIM is a wireless cellular prepaid plan […]

The post New Librem 5 USA Phone Customers Can Opt-in for 30-days of free AweSIM, Purism’s Privacy-First Prepaid Cellular Plan appeared first on Purism.