Planet F-Droid

May 21, 2019

Tox

ToxCon 2019

ToxCon 2019 Poster

This October the Tox developer community will be holding its third annual conference at Metalab in the heart of Vienna, Austria. The event will be 3 full days, from Friday, October 11th to Sunday, October 13th.

We will talk about Tox, and other security related and interesting topics. If you would like to attend, meet the Tox devs, do some live hacking, or just socialize — get a free ticket and reserve a T-shirt. You can find the exact address on your ticket.

Want to give a talk about your project? Please apply here!

If you have any questions about booking, travel arrangements, talks, or anything related to the event, join #toxcon IRC channel on Freenode and contact robinli, strfry or zoff99.

by nurupo at May 21, 2019 00:13

May 20, 2019

Purism

Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability

Last week Intel announced a new group of speculative execution vulnerabilities in its processors related to the well-known Spectre and Meltdown vulnerabilities from over a year ago. These new attacks have been labeled as the MDS (Microarchitectural Data Sampling) vulnerabilities by Intel, but in the age of branded vulnerabilities they also have been given more exciting names like Zombieload. An attacker who is able to successfully exploit these vulnerabilities has the potential to extract sensitive information including encryption keys from the target machine.

Because this is a vulnerability in the Intel CPU hardware itself, like with Spectre and Meltdown, the patch for these vulnerabilities comes in two forms:

  • Linux kernel patch for PureOS users
  • CPU microcode updates for Librem laptop owners

PureOS Users

PureOS users are advised to update their system packages using their normal software update process, which will pull down the latest 4.19.37-3 kernel package.

Librem Laptop Owners

Purism includes CPU microcode updates as part of our coreboot firmware, so laptops shipping out starting this week will already be patched for these vulnerabilities. For existing laptop users, you will need to update your coreboot firmware to the latest version. Just follow our documentation on using our coreboot update script. Microcode updates have been added to the default coreboot SeaBIOS firmware starting with version 4.9-Purism-1 and in our beta PureBoot firmware starting with version heads-beta-6. In addition to using our update script, you can access the changelog for our pre-built binary firmware images directly at our firmware releases project page.

The post Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability appeared first on Purism.

by Kyle Rankin at May 20, 2019 22:31

Purism and the Linux Kernel

Purism contributes to several free software projects such as GNOME, wlroots and Debian.

We’re especially proud of our kernel contributions – where 13 patches have made it into 5.1. Since this is our first installment, it also includes the changes that went into 5.0 and 4.20. Bellow is a list of our most recent contributions.

Let’s start with support for the Librem5 dev kit’s charge controller:

SDMA fix for i.MX8mq [needed for SAI (audio)]:

Support for the Librem5 dev kit’s touch screen:

Finally, here are some miscellaneous i.MX8-related fixes and device tree additions:

We also contributed Tested-by and Reviewed-by to five patches.

There’s more to come for the 5.2 kernel, as there are 14 patches staged in linux-next already, and we have gotten some friendly reviews for other parts. Stay tuned for more details getting us closer to make the Librem5 dev kit bootable with a mainline kernel, and many thanks to all the reviewers!

The post Purism and the Linux Kernel appeared first on Purism.

by Guido Günther at May 20, 2019 18:27

Fairphone

May 18, 2019

NewPipe

State of the Pipe 2019

Christian “theScrabi” Schabesberger, primary maintainer of NewPipe and the related projects, didn’t get to giving a talk during a conference this year, so he asked Team NewPipe for help.

In the video, Christian covers the latest developments of the project, talks about plans for the future and makes a personal statement.

We recorded and cut a video of the talk, and just published it on media.assassinate-you.net.

Direct link to the video: click here

Please let us know what you think in the comments!

May 18, 2019 10:00

May 17, 2019

Purism

Introducing The New Librem Chat

How do you do again?

Let us tell you about the new Librem Chat: the no worries, free end-to-end encrypted chat, VoIP and video-calling service.

Social good, freedom personal privacy and security are things you take seriously (and probably think everyone else should, too). And maybe you already know that the Librem Chat is part of Librem One, a suite of privacy-protecting, no-tracking apps and services which aim to make the world a better place.

Librem Chat is:

Decentralized – join chatrooms at librem.one, matrix.org, or any other Matrix domain
Private – create end-to-end encrypted chatrooms that only participants can see
Text, voice and video – communicate any way you want to
Mix and match – use either the official app or a compatible app; use our app on a compatible service
Convenient – connect from any device with a compatible app
No ads – we don’t sell ad space, we don’t track you
Free – we don’t think there’s much need to explain this one

What else can we say? It is a total, privacy-respecting replacement for all those intrusive chat services. One you can either use to have a friendly, one-on-one conversation with your best friend, or to call large groups of people. It is a real-time communication app, making real-time communication work seamlessly between different service providers. And since Librem Chat is based on the universal Matrix chat protocol, you can be sure you’ll be able to chat with all your relevant people, either inside or outside the librem.one domain, because we do not lock-in to one technology company. Just remember that trust is per device – so only install Librem Chat on devices you own and trust, and be sure to remove any devices that you no longer use.

Talk with friends and family, share photos – anything you’d like. We hope you enjoy, and stay tuned for more news on the Librem One services!

 


Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Chat is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Introducing The New Librem Chat appeared first on Purism.

by David Seaward at May 17, 2019 05:00

May 16, 2019

Purism

Purism’s Librem One Suite of Privacy Protecting, No-track Apps and Services Surges Past Initial Crowdfunding Goal After Two Weeks

Early traction of Librem One demonstrates demand for ethical alternatives to Big Tech as data privacy snafus continue to plague users on a weekly basis

SAN FRANCISCO, Calif., May 16, 2019 — Purism, the social purpose corporation which designs and produces popular secure hardware, software, and services, has seen its Librem One suite of privacy protecting apps and services surpass its initial crowdfunding goal of 5,000 backers in just two weeks.

Librem One is growing in popularity as users grow distrustful of how large tech companies are using their personal information.

In the past week, tech giants have been under fire over repeated bad faith efforts to protect users, paying lip service to data privacy while their actions demonstrate otherwise:
• Days after Google‘s CEO wrote an OpEd in the New York Times on the importance of protecting user data, the company announced new data-dependent advertising products.
• Facebook declared that “the future is private“ at its developer conference last week, even while the company is facing billions of dollars in fines for data privacy violations.

The Librem One suite of apps and services are designed to provide users with convenient alternatives to Big Tech products so they can use everyday tools without being tracked or having their data harvested for advertisers.

“Librem One is just what I was looking for: a simple-to-use, all-in-one bundle that gave me everything I needed to finally leave Big Tech. I purchased the family pack and even got my wife and kids to leave Facebook and WhatsApp and make the switch to Librem One. We are all as happy as can be with the experience.” – James Jackson

Librem One includes end-to-end encrypted chat, end-to-end encrypted mail, and end-to-end encrypted VPN, as well as an open public social network. More services, such as end-to-end encrypted cloud storage, payments, and phone service, will be built in the future and added to the bundle. All current and future services in Librem One have no ads, do not track users, do not look at, sell, or share anything people create or send, and are available on popular platforms like Android and iOS.

“Librem One reaching backer goals within such a short period of time underscores the public demand for secure, ethical online services,” said Todd Weaver, founder and CEO of Purism. “No advertisements. No tracking. No selling of user data. This is the way online services should be, and we have baked that into the very core of Librem One.”

Additional Information

Librem One FAQ
Librem One Policies
Librem One Moderation and Code of Conduct

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism +1 415-689-4029 pr@puri.sm See also the Purism press room for additional tools and announcements.

The post Purism’s Librem One Suite of Privacy Protecting, No-track Apps and Services Surges Past Initial Crowdfunding Goal After Two Weeks appeared first on Purism.

by Todd Weaver at May 16, 2019 14:30

May 14, 2019

Privacy Browser

Privacy Policy Updated to Version 1.7.

Back in December 2018, with the release of Privacy Browser 2.15, I removed Google’s Ad Consent Library from the free flavor of Privacy Browser. At the time, the text of the ad consent dialog was updated to reflect that these ads were set to be non-personalized, but that the user was no longer identified as being under age.

Version 1.7 of the privacy policy has been updated with similar language.

Prior language:

Privacy Browser Free displays a banner ad across the bottom of the screen using Google’s AdMob network, which has its own privacy policy. These ads are set to be non-personalized and the user is flagged as being under the age of consent, which removes all tracking and remarketing. AdMob reports anonymized summaries of the following information to developers.

Current language:

Privacy Browser Free displays a banner ad across the bottom of the screen using Google’s AdMob network, which has its own privacy policy. These ads are set to be non-personalized. AdMob reports anonymized summaries of the following information to developers.

by Soren Stoutner at May 14, 2019 23:28

May 13, 2019

Purism

Librem 5 App Design Tutorial – Part II

Hello and welcome to the second of my series of blog posts on how to design your own, brand new app for the Librem 5.

In my last post we went over the philosophy and process, goals and relevant art of building a read-it-later app; today we’ll be covering the basics of navigation, layout, and adaptive design, for both mobile and desktop.

Sketches and Mockups

Now that we have a pretty clear idea of the structure of our app, we can finally dive into designing the UI. Personally, I like starting off with sketches on paper and only then move to Inkscape for more detailed mockups, but you may use any tool you’re familiar with. There’s no need to be good at drawing, or good at a particular application, for this; you should just find a way to visualize your ideas – any way that works for you is good.

If you are using Inkscape for mockups, you might want to check out the GNOME mockup template for some common layouts and patterns to use in your designs. If you are looking for GNOME-style symbolic icons for your mockups, you can find them here, here, and here.

Navigation

When it comes to the layout of an interface, it’s a good thing to have in mind what navigation structure would make the most sense for the type of content you have. The most common navigation patterns for GNOME apps are the Stack, the View Switcher and the Sidebar List.

Stack exampleExample of Stack navigation in GNOME Photos

The Stack pattern is meant for when the views are completely separate, the UI is not shared and there is a back button that enables you to go back to the overview. This is, for example, how Photos allows you to navigate between a stream of photos and the detailed view of an individual photo. This means there is a bit more friction to switch between views than with other patterns – but it’s also more focused. It’s a great pattern when you don’t have to switch between views a lot.

Switcher exampleView switcher in GNOME Clocks

The View Switcher is better for cases in which a small number of views are either equally important or need to be easily accessible. It’s used in GNOME apps such as Clocks, Music and Software as the primary form of navigation. On the desktop this switcher is always in the header bar, but a new adaptive version of it, which moves to the bottom of the screen for mobile, is being developed. It’s not quite ready yet, but it will soon hit a version of Libhandy near you.

Sidebar List in FractalSidebar List in Fractal

The Sidebar List is used when not only you have a lot of views, but you also often need to switch between them. It’s used in Fractal’s room list for example, because it gives a quick overview of all rooms and allows for quick context switching. On mobile, where there’s obviously not enough space for a content pane and a sidebar, you can use a Libhandy widget called Leaflet which transforms a Sidebar List on desktop into a Stack on mobile.

Adaptive settingsExperimental branch of GNOME Settings using HdyLeaflet to switch between Sidebar List and Stack navigation

Sidebar List and Stack navigation

For our own read-it-later app, we will need navigation to switch between the different lists (Unread, Archive, Favorites) and between lists and article views.

The former is a small set of views that we want easily accessible, so a view switcher is a good fit. Since we can’t use the shiny new adaptive view switcher widget yet, we can use a plain old view switcher in the header bar (though we can, and should, design the UI with the beautiful new switcher in mind).

For the latter we could either use a stack or a sidebar list (along with the Leaflet widget so it works on mobile). Since we want this app to allow for a focused reading experience, and switching back and forth quickly between articles is not going to happen very often, a Stack is probably the best solution.

This means our main screens will look something like:

SketchQuick pencil sketch of the layout for the list and article screens

Article List Screens

Now that we have a basic navigation structure, we can design each individual screen in more detail. These three article list screens are basically the same lists, but with different content.

The main purpose of these screens is to provide a nice, legible list of saved articles that entices people to catch up with their reading (list). In order to do this we’re going to go for a comfortable layout – which should include the article’s title, a preview, and some information about each article.

To help users catch up with their saved articles we should also try to make the content as interesting as possible. A plain, reverse-chronological list of saved items can be quite boring, and I’ve noticed I myself often scroll down the list randomly, looking for older articles. A potential way to build this feature into the core experience would be to show the reading list in a randomized order, while also showing the most recently saved articles at the top, as a separate category (see the mockups below).

ArticlelListsMockups of Unread, Archive and Favorites screens

In terms of actions, we need to expose Search and Selection modes (for operations on multiple elements) as well as the application’s primary menu. The primary menu contains global app-level categories such as Help, Preferences, and About.

In the selection mode we need to have the ability to move articles to Favorites and Archive and delete them from our reading list. Since this is not an essential functionality though, we won’t be doing designs for it yet (but if you want to learn more, have a look at the selection mode page in the GNOME HIG – and the same goes for search, in the relevant HIG page).

Article Screen

An article screen’s job is pretty straightforward: it’s meant to provide a great reading experience for the saved articles. Since many websites kind of suck in this regard, a reader mode (like the ones Epiphany and Firefox have) should be the default view whenever possible. There is however no guarantee that a given article will end up perfectly rendered, and we do need a way to show the website in its native styling, if and whenever necessary.

We also need to move articles into Favorites and Archive, and be able to delete and share them. The most important actions are usually shown directly in the header bar; the remaining ones (or simply the result of not having enough space) will call for a secondary menu.

Article screenMockup of the Article screen

Desktop

We should by now have a more or less clear idea of what our app looks like on mobile; but what will it look like on desktop? Similar to responsive web design, if we design our app for a mobile environment first, it’s usually pretty easy to make it work well on larger screens as well.

As our app has no sidebars or other complicated layout elements, the main change is that the content column width will have to grow with the window until it reaches a maximum width which is comfortable for reading. This can be implemented by wrapping the content area in a HdyColumn. The view switcher will also move up to the header bar, and there will be a close button on the right side.

Desktop mockupsDesktop mockups

We now have the basic structure and most important screens for the application – but that’ far from being everything we need. We need to design login and account settings, empty states, first run experience, errors, search and a number of other things that are beyond the scope of the series… It’s worth noting that mockups tend not to be final, that interfaces almost always change during implementation – as you learn more about use cases, underlying technology and other constraints. Ideally, you’ll also do some informal user-testing with real people, in order to get feedback about what you designed.

If you enjoyed the second part of this tutorial, stay tuned: I’ll be back soon with the third (and final) part. In the meantime, feel free to play with the mockups I made for this tutorial.

The post Librem 5 App Design Tutorial – Part II appeared first on Purism.

by Tobias Bernard at May 13, 2019 15:50

May 10, 2019

OsmAnd

OsmAnd 2.70 (iOS)

OsmAnd 2.70 (iOS)

May 10, 2019

OsmAnd 2.70 is now available!

(Image not available offline)

OpenStreetMap (OSM) Editing

We continue to follow our New Year’s resolutions, where we have promised to catch the iOS version of OsmAnd up with the one on Android, and we are getting there. OSM Editing allows you to make contributions to OpenStreetMap, a global community aimed at creating a comprehensive map of the world and providing up-to-date open-source data to every user.

The feature lets you create new objects, so-called points of interest or POI on the map and OSM notes.

So how to do it? Tap on the map where the new POI has to be placed -> 'Actions' and press 'Create POI' or 'Open OSM Note' add its name and other details like working hours, website, etc. You'll also have to register at OpenStreetMap and then provide your OSM credentials to introduce changes.

There are all your "Edits" and "Notes" at general menu -> 'My Places' -> 'OSM Edits'. From this menu, you can delete or upload all your edits and notes.

My places menu

Combined "Favorites", "Trips" and "OSM Edits" screens into a new 'My Places' screen.

What's new in the latest version of 2.70?

• Added options to control the size of map elements: use “Text Size” option to control the size of the text and icons on the map and “Map Magnifier” to control the overall size of map elements.

• Opening a search result on the map will now zoom in on the selected point.

• Fixed icon sizes on map.

• Optimized multiple menus for iPhone X screen.

• Added Hungarian and Hungarian (formal) TTS, added alphabetical sorting to the TTS language list.

And remember that only together we can achieve the best results!

New features are coming SOON!

Get it on App Store

May 10, 2019 18:00

May 09, 2019

/e/ foundation

Leaving Apple & Google: ready? Register now for your first smartphone with /e/!

Leaving Apple & Google:
Ready? Register now for your first smartphone with /e/!

Register now for your first smartphone with /e/!

We are partnering with professional smartphone refurbishers to provide you the first smartphones with /e/, at a great price!

We will start with two devices:
– Samsung Galaxy S7 – Grade A
(Estimated price: below 280€)
– Samsung Galaxy S9 – Grade A
(Estimated price: below 500€)

Register NOW and be among the first to get your phone with /e/!
Deliveries to start early June

Don’t wait, quantities will be limited!

User’s data privacy shouldn’t mean a rough user Experience!

We have again improved our /e/ “BlissLauncher”! You can now swipe down in any view to access to search, and we have a nice animation when opening and closing icon groups.

Be part of something bigger: act now!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…

Act now:

Sincerely,
Gaël @gael_duval / @gael@mastodon.social

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at May 09, 2019 08:47

May 08, 2019

FreeYourGadget

Gadgetbridge 0.33.0: Amazfit Cor 2 and a security fix

Gadgetbridge 0.33.0 has been realeased and will appear on F-Droid soon!

The highlight of this release is that we finally have per-device settings, which are currently used for storing per-device security keys on all Mi Band, Bip and Cor models. This in turn fixes a long-standing security issue, where all devices used the same security key. If you want to be sure that no one else who knows that you are a Gadgetbridge user connects to your device, change your security key by re-paring your device with Gadgetbridge (forget the device in Androids settings and press the + button in Gadgetbridge again to re-pair, data will be preserved). Per-device settings will be used for many settings in the future. This release only laid the groundwork.

We also have new initial experimental Amazfit Cor 2 and BFH-16 support, the latter contributed by Johannes Schmitt!

The rest of changes are mainly bugfixes and minor improvements.

This release took a really long time, since core members are still busy with other projects, work and family. We cannot promise that things get better. So if your PR did not merged, your Issue ignored, don't take it personally.

We also want to remind you that we will move completely to Codeberg this summer. The wiki can already only be updated there, while all wiki changes will be mirrored to github. Please create a Codeberg account, if you want to modify the wiki or if you want your issues/PRs and comments to be properly assigned to you again on Codeberg.

The reason for the move in one sentence: A free project deserves a free home!

For user-facing changes since the last blog post, check the following list.

Version 0.33.0

  • BFH-16: Initial support
  • Mi Band 2/3/Bip/Cor: Generate random per-device security keys when pairing, allow manual override to still support multiple android devices connecting to the same device
  • Mi Band 3: Add Indonesian, Thai, Arabic, Vietnamese, Portuguese, Dutch, Turkish and Ukrainian to language settings
  • Mi Band 3: Support flashing latest Japanese-Korean font
  • Amazfit Cor 2: Initial experimental support (untested)
  • Pebble: Add pebblekit extension for reopening last app
  • Casio: Bugfixes and improvements
  • Lookup contacts also in work profile
  • Fix searching in application name when blacklisting
  • Remove misleading title from database management activity when no legacy database is available

Version 0.32.4

  • Make voip call support optional (disabled by default)
  • Amazfit Bip: GPX export corrections
  • ZeTime: Fix setting alarms
  • ZeTime: Fix wrong activity timestamps
  • ZeTime: Set HR alarm limits when changed, not only on connect
  • ZeTime: Sync preferences from the watch to Gadgetbridge settings

Version 0.32.3

  • Fix a crash in charts due to a broken German translation
  • Fix a crash when transliterating emoji
  • Amazfit Bip/Cor: Support disconnect notification (must be configured in Bip settings for Cor also for now)

Version 0.32.2

  • Fix setting alarms under some circumstances
  • Support calls notifications for some VoIP apps
  • Mi Band 3: Enable fetching sports activities (currently only useful for flushing activities)
  • Casio: Improve stability
  • Casio: Add explicit support for GB-6900B, GB-X6900B and GB-5600B

by Andreas Shimokawa at May 08, 2019 22:00

Handy News Reader

Download.

Download the latest version of Handy News Reader from Google Play

…or grab it from GitHub.

by Thomas Leigh (noreply@blogger.com) at May 08, 2019 16:34

Purism

May Progress Update – Librem 5

Hi again, here’s your Librem 5 hardware update report for the first half of the month of May:

Conferences

At JDLL, Adrien gave a talk on “GNOME on phones” and helped out at the GNOME booth, where he answered lots of questions about Purism’s products and animated a first contribution to GNOME workshop along with community member Alexandre Franke.

Design

The current design effort is around the Geary email client, where adaptive designs have begun; some of the symbolic icons in Geary have been improved.

Software Work

Images

There are always improvements and fixes making their way into the image creation; for example, the librem5-base package needed a fix in order to unbreak rendering. To make testing easier, debs built by gitlab-ci are now saved as artifacts. Flashing a devkit is a little easier now that the tool used to flash a new image, uuu, has been updated to make it buildable for PureOS. Also, with a recent change to the scripts used in flashing the devkit, we avoid re-downloading the image if one already exists.

Mesa

Since graphics are quite important for a phone, we continue to invest in the mesa graphics library. A lod level dump issue and a symlink issue were fixed. A second version of the GALLIUM_DDEBUG fix was submitted and merged upstream (thanks to Lucas Stach for the review!).

Compositor + Shell

We continued experimenting with our own forked compositor by implementing wlr-output-manager: however, until it is ready for prime time, there is a parallel effort to keep on improving rootston. The main phosh improvement was that the adwaita-dark theme was applied to the shell by default.

Calls

We all know how important it is for a phone to place phone calls, so there is a continuing effort investigating audio over the modem. There are issues with DMA transfers on the SAI interface; digging into the issues included testing various kernel changes. Stay tuned for more to come on this effort.

Libhandy

We’re getting closer to bumping the API version of LibHandy to 1! Some new widgets are in the works: HdySqueezer is a cool new widget that is needed for HdyViewSwitcher, which is needed by many apps and HdyPreferencesWindow, which in turn is needed by Web and other apps.

Messaging

The SMS plugin is being reworked, and an issue happening when more than one instance of Chatty was opened that has been resolved.

Linux 5.X Kernel

Hooray, the devkit’s LCD panel driver has been accepted upstream; thanks to Thierry Reding for applying these, and thanks to the reviewers Fabio Estevam and Sam Ravnborg, too! We are working on getting the librem5-devkit devicetree upstream. There is also an ongoing investigation into why USB stopped working with the 5.1 kernel, and last but not least, an SDMA fix was accepted upstream.

Hardware Work

We continue to work on the Librem 5 board schematic, and are getting ever closer to getting the hardware into production!

Community Outreach

The troubleshooting guides on the developer documentation have been split out to be a little more readable.

 

A big “Thanks!” to all the external teams that have helped review and merge changes into upstream projects; your time and contribution are much appreciated.

That’s all for now, folks – stay tuned for more exciting updates to come!

The post May Progress Update – Librem 5 appeared first on Purism.

by Heather Ellsworth at May 08, 2019 13:38

May 07, 2019

Privacy Browser

Problems with WebView and Proxying Through Orbot

Several recent versions of WebView have had problems with proxying. This has manifested most recently with WebView 74.0.3729.136 on Android Marshmallow (version 6.0, API 23) or newer. When using this version of WebView, either provided by the Android System WebView app or by Chrome as described in the instructions for WebView, the app looks like it is proxying, but it isn’t. This problem does not affect Orbot in VPN mode, which routes all traffic from the device through Tor.

Everything looks good until you spot the IP address.

It works correctly in WebView version 73.0.3683.90. So, if your WebView is provided by Android System WebView, you can uninstall all updates, which takes it back to an earlier version, and then install 73.0.3686.90 from some place like APK Pure.

A fix has already been committed to the Chromium git repository as described in the bug report. I would imagine it would be released in version 75 or 76.

by Soren Stoutner at May 07, 2019 22:03

Purism

What’s In a (User)Name

One account for all things – the power of the Librem One username.

At Librem One you have One account to rule them all. One account to remember, One account to share with all; and no privacy to surrender.

One of the fundamental design goals for Librem One, outside of privacy, was linking all of our services under a single convenient login. This means that no matter how you want to connect with me, you have everything you need on this personal card:

Whether you want to follow me on Librem Social; email me on Librem Mail; or message me with text, voice or video on Librem Chat, you can do it all using todd@librem.one.

Discovering Others in the Community

Using your email address as the discovery tool across platforms makes it simple and convenient to find and communicate with people. As a remarkable side-benefit, it becomes very simple for people to determine the protocol-specific usernames—be those @todd@librem.one for social, @todd:librem.one for chat, or todd@librem.one for email.

As an example of how this works in practice, let’s say you have joined a room in Librem Chat—a room about a topic that interests you. You meet other interesting people and make some friends; it’s now easy to find and follow them on Librem Social, since the usernames are the same on both platforms.

A single login also makes things easy for Librem 5 users: when you first get your phone, if you have a Librem One account you will be able to enter a single login and have all of these services light up, ready to use.

Hasn’t This Already Been Done?

It has, but for (unfortunately) very different reasons. Many tech giants also offer a unified login that gets you access to a bundle of services—but convenience is only one of the motives, and often the most innocent one. You see, they also find a lot of value in being able to link your accounts across platforms, in order to be able to collect and correlate more data about you—as well as lock you into their complete proprietary product suite.

Our approach is different from your traditional unified login, because by using standards and open protocols—Mastodon, Matrix, Email, OpenVPN—that allow people to communicate outside private clubs (and be free from centralized authoritarian control), we can offer a service that has a built-in and thriving community of millions of people. We can also offer a service that allows people to move freely, to change providers, to have control over their digital lives.

By using free software like Tusky, Mastodon, Matrix, RIOT, K9, Dovecot, PureOS, etc., we participate in a strong ecosystem of millions of developers – who release authored code for others to use, as long as they follow the same licensing of share-alike. By bundling all these standards and protocols into a single account, we are making it safer and more convenient for people than the rights-stripping proprietary services from big tech.

Proprietary Services Make Logins Complicated

Even though big tech firms offer unified login, their commitment to lock-in, proprietary protocols means you instantly sacrifice convenience once you leave their club. Currently, you may be a member of countless private clubs, designed to exploit and control you, and not even know it. If I ask you what are all the ways I can contact you, you will probably answer with a list containing a username on Facetime, Facebook Messenger, Instagram, Skype, Whatsapp, WeChat, LinkedIn, Twitter, Pinterest… and a phone number and email, of course. All of these ways to communicate have their own logins and (mostly proprietary) protocols that don’t work with each other. The last one, the email, stands out as it was created as a standard, to allow interoperability across the world, regardless of what client or service you use; the same design choices of advancing standards made it into Librem One.

So instead of a laundry list of accounts, you can have one single, simple account that offers you all the same convenience of posting, chatting, messaging and sharing. You will be able to do all those things from different applications, but the only account you have to remember is your Librem One account.

Enjoy freedom, sign up now for Librem One!

The post What’s In a (User)Name appeared first on Purism.

by Todd Weaver at May 07, 2019 14:02

Jolla

Sailfish OS Hossa is now available

It has been a long time since my previous blog post, but I thought it was time to give a bit more tech savvy update for a change. I want to open up a bit more in details how things go and the reasoning behind those actions. So, without further a due, let’s proceed.

We are pleased to announce the new 3.0.3 update, which is named after Hossa National Park. Hossa National Park is located in North-East Finland in the region of Kainuu. The park is home to Värikallio, an area that has some of the most important rock paintings in Finland. The paintings tell the story of the Stone Age men that used to be located in the area, and used the water routes next to the stone wall.

The update

Hossa release is primarily a technical software release that brings many under the hood upgrades, such as the long-awaited updates for C-library (glibc), compiler toolchain (gcc), browser engine, as well as the integrated Near Field Communication (NFC) framework. Also included are a number of security vulnerability fixes, stability improvements, and better compatibility in different areas.

Maintaining an operating system is a huge effort and there are lots of things that are not visible to the naked eye. To keep the maintenance burden under control, so that we will not deviate from the upstream and do not need to start maintaining our own version of the components, at times one needs to take a step back and look at the whole picture. With the 3.0.3 upgrade, we took such a step and concentrated a bit more on the not-so-visible items. At the same time we worked on bigger items for the upcoming updates, such as file system encryption, which some of you noted being referenced in the 3.0.3 update already 🙂

This time we decided to make some improvements that our community has been asking for a while, including glibc , gcc and browser engine. These couple of components have not got much attention in a while and needed it quite a bit.

Updating glibc

Our glibc has been for some time now in the eglibc version 2.19, which was already merged a while ago back to the upstream glibc. When a component is this far behind the upstream, it is quite common that going directly to the latest and greatest version is not possible, and one needs to first look on the dependencies to be able to know this information. In addition to reducing the maintenance burden, the new glibc also brings us security improvements, as well as support for new features, such as a new version of Unicode. After checking some of the dependencies on the glibc side, we noted that the first feasible step would be to move to glibc version 2.25 version with security patches on top of it. Reasoning for this was that glibc 2.26 required at least gcc 4.9, which was not there at the time we started the glibc update. Also, glibc 2.28 requires make version 4.0 or newer, which we did not have yet either. Thus, the 2.25 was selected as the first step to ensure that we did not make too many changes at the same time in one release.

It should be noted though that since the branching of the 3.0.3 release we have worked more on glibc and as some of you might have already noted, we have version 2.28 in our repositories, which is coming in the next release. You can follow the progress at glibc repository. To get to such new version we had to touch on tens of different packages including e.g., m4, bison, automake, gzip, groff, iproute, libdrm, mkdevnodes, procps, qemu-usermode, qemu-usermode-static, squashfs-tools, systemd, and many others. This should give you a better picture as to why this change is not only about updating this particular component, but also about ensuring that all other components building on top of it builds properly.

Updating gcc

The second big update that we worked on was gcc, which is also lagging a bit behind in the latest releases. Because of this, and the fact that we have not been updating gcc in a while, we decided to split the update to smaller parts similar to the glibc. In gcc’s case we decided to take the first step by updating it to the latest version of the 4.x branch, i.e. 4.9.4. This gave us a bit more solid base for the platform and also more visibility of how the gcc upgrades go. Going from 4.8 to 4.9 also brought us improved C++14 support. Similarly to the glibc update, this gcc update touched a lot of components, such as, sb2-tools, buteo-mtp-qt5, maliit, lipstick-jolla-home-qt5, gdb and so on.  After this we are planning on the next step of the gcc upgrade, which hopefully will still land for the latter part of the ongoing year.

Browser engine

The last big item that improves usability is the browser engine upgrade, i.e., Gecko, which is used to render web content to the user’s display. This time the update was up to the Extended Support Release version 45 (ESR45), which we know isn’t the latest version but was the next step in the upgrade path that was relatively easy to take. By updating Gecko, the browser functionality within websites has been improved, and it is able to show the web pages more accurately. However, there are some features that we didn’t finish in time like double tap to zoom. The browser’s default user agent string was updated at the same time. If you are interested in contributing and fixing user-agent based errors you can find more information here. Like with the glibc and gcc, this browser engine update is just the first step, and the target is to take the next step in the browser engine soon.

 

“The update target usually is the latest version, but at times one needs to take intermediate steps so that the delta for one upgrade does not get out of hand and that one can integrate and release things earlier.”

 

In addition to the items above there were a few other items, e.g. updating of icu to version 63.1, which has been also pending for a while as it has had dependencies to the lower level even on package management level i.e. rpm. In this case, the dependency chain was libicu > sqlite > nss > rpm, which meant that in the worst case while doing the icu upgrade the rpm, which had dependencies to it, could stop working (similar to the problems with sqlite and nss also in the past). After looking into this particular issue, we noted that we can drop the libicu from the rpm chain, by changing rpm to use openssl instead of nss by default. In addition to libicu this also made it possible to more easily handle updates to sqlite and nss as both of those also dropped out from the rpm’s dependency chains. Similar change was done to p11-kit to use openssl instead of nss .

As explained earlier, when touching some lower level components like glibc and gcc, many other packages might fail to build because of changes in libraries, headers, paths, etc. These of course needs fixing before the release can be pushed out. The simplest thing quite often would be to patch the component with the needed fix. However, as we have limited resources and we do not want to pile up the maintenance burden, we rather try to update a component to newer version instead of just fixing the issue with a simple patch. Surely there are always considerations needed as updating a component always brings in bigger change and risk. This is why applying the patch is preferable when we are further in the releasing process. As pointed out earlier, the update target usually is the latest version, but at times one needs to take intermediate steps so that the delta for one upgrade does not get out of hand, and that one can integrate and release things earlier.

While some of the team worked on the bigger items like these glibc and gcc updates, there were also many others who touched on different parts of Sailfish OS. Thus, we also managed to include quite a notable set of component upgrades including, but not limited to: updating of iptables to version 1.8.2, pcre to version 8.42, pulseaudio to version 12.2, shared-mime-info to version 1.12, util-linux to version 2.33.1, valgrind to version 3.14, and zlib to version 1.2.11. The aim is to have a few package updates always in each release, to keep up with the upstream.

On top of all of the above, we also worked on reducing the image size by moving extra documentations to separate packages and unifying the packaging conventions. Also, work was done to exclude some tools/libraries to separate packages, which are not needed without developer mode to reduce the size of the updates. Also, tools depending on ncurses were moved to sub packages if possible, which allowed dropping ncurses from the image. Some of such tools to mention are sqlite and connmanctl, which no longer are part of the default image. However, all the tools will still remain in the repositories so that all of you who want to tinker with the cmdline have the tools still available. We also dropped e.g. kbd from the image by default to save some more space, and build e.g. our browser engine with system icu enabling also significantly shorter build time. These and other fixes saved around 15M in the Sailfish OS core.

Surely some fixes on the user interface level also got in touching different parts like email, keyboard, messages etc. You can read more about those from the release notes and detailed change log.

Oh, and one more thing…

We did not forget Sailfish X and the XA2 device, to which we brought some very welcome fixes, such as fixing the sensor behaviour when doing phone calls. We also improved the high power drain in the wlan usecase. Also, one new addition to our Sailfish OS core offering was Near Field Communication (NFC) support, which is in its first version with URL tags available with 3.0.3 hossa. For anyone wanting to give it a bit deeper look you can check the source codes of our NFC daemon and the plugin for the XA2.

Additional items to XA2 were related to improvements for the Android 8.1 App Support, including:

  • Mobile data works now with both SIM cards for Android apps on XA2 devices
  • Recently added files to the Sailfish side appear now on the Android side immediately
  • System UI notifications from the Android side are now hidden (Sailfish OS to handle)
  • Notification handling is now improved, new notifications will not receive grouped notifications
  • SSH file transfer no longer crashes Android App Support

Surely there are still places to improve and we are already preparing for the next set of fixes for the Android App Support, which will include at least improvements with notifications to not show that many duplicates, fix for display blank prevention so that your display stays on while you navigate or watch videos via Android apps, and initial support for clipboard between Sailfish OS and Android apps.

Br,

Sage

Ps. Let us know what you think of this more technical blog post and if we should start going into more details like this also in the future.

The post Sailfish OS Hossa is now available appeared first on Jolla Blog.

by Mariana Perez at May 07, 2019 12:36

May 05, 2019

Gregor Santner

Markor v1.8 - All new file browser, favourites and faster Markdown preview

Markor v1.8 update is out! Get the update now from Google Play, GitHub or F-Droid!
Continue reading to find out what’s new, improved and fixed in this update.


All new file browser

Showcase

  • The old file browser was removed and replaced by a new compact solution. It is based on the file browser known from import dialog.
  • The previous “Notebook” tab in the main screen is now called “Files”. Notebook is now just your document “home” folder.
  • You can now freely navigate the filesystem and all files are shown (previously: only folders and text documents).


Favourites

  • Add any file or folder to your favourites! Long press a file/folder and tap the star button to add to or remove from favourites.
  • Favourite files are highlighted by Markor’s red accent color.
  • Use the new quick navigation menu option to quickly navigate to your favourites, recently viewed files and more.
  • Favourites are listed as normal files/folders in the file browser. They appear virtual under the special folder /storage/favourite-files. When a folder gets selected, the file browser will navigate to the real folder. Files get opened.
  • You can also set Favourites as default folder to load on app start. Check out the blog post section about settings!


Improved SD Card support

Showcase

  • Markor now uses the Android Storage Access Framework to access SD cards.
  • To mount a SD card (so files can be edited by Markor), navigate to the SD card folder.
  • (first screenshot) Press the + button and a descrptive dialog appears.
  • (second screenshot) Follow the steps shown in the dialog to give Markor access to your SD card.
  • (third screenshot) Files on the SD card are not striked out anymore, which means Markor has write access to the file/folder.


New and updated Settings

Showcase


App start folder

You can find this new option at General -> App start folder. It allows you to select the special folder to load when Markor starts. The default is Notebook.
Do you want multiple Notebooks? Favourite multiple folders and set the start folder to Favourites ツ.


Additional fonts

Showcase

Add custom fonts to Markor!

Custom fonts do change the default text appearance in edit & view mode. They work just as system fonts do, but you need to install for them to appear.

Install font: Copy font to one of these locations:

  • (Markor-)Notebook/.app/fonts/
  • /storage/emulated/0/Fonts/

Select font: Settings option at Editor -> Document Editor Font

  • 1: System (default) fonts are always listed on top.
    • The default option is Roboto Regular (sans-serif-regular)
  • 2/3: Custom fonts are listed below system fonts. The font name is taken from the filename. To identify the correct font the absolute path is shown as well. Custom fonts are ordered as listed in Install font
  • 4: Bundled fonts


Bundled fonts

Markor bundles thes additional fonts (free & open license only):

FontAlternative toKnown from
Liberation MonoCourier NewMicrosoft Wordpad
Liberation SansArialGoogle Docs
Liberation SerifTimes New RomanPrevious default Microsoft Word font
Open SansCalibriDefault Microsoft Word font
Roboto SlabGoogle Keep
DejaVu SansLinux desktop, Firefox
DejaVu Sans MonoLinux terminals (=Monospaced)
UbuntuDefault font on Ubuntu desktops
LatoPopular font for websites
Source Sans ProPopular font for websites
Source Serif ProPopular font for websites
Source Code ProPopular font for editing code

Changelog


  • Show app intro at first start
  • All new file navigation
  • Add favourite files
  • Add quick navigiation options (to notebook, sdcard, AppData and more)
  • Add option to set Navigation-Bar color
  • Combine edit & view mode to one fragment, show view as overlay
  • Add horizontal scrolling for code blocks in view mode
  • More efficient undo/redo
  • Option to enable/disable swipe to change mode
  • WikiLinks: Disable default escaped characters, so subfolder path is not converted to hyphen
  • Added fonts: Source Pro, DejaVu Sans Mono, Ubuntu, Lato
  • Scan storage Fonts folder for custom fonts
  • Add word count to document info dialog

Notice: Development changelog is always available from GitHub. See the commit history for code changes.


Update stats

  • Two first-time-contributors and zero previous contributors improved the source code of the Markor project in this update. Learn how you can improve the project by code
  • In this update totally 72 commits were made, 130 changed files, 5.001 additions and 2.249 deletions.
  • There were totally 7 minor releases in prepartion of this update.
  • 36 new strings were added for translation. 67 contributors are now translating the Markor project. Help by translating Markor into your language.


Give feedback

  • AlternativeTo
  • Google Play
  • Mastodon / G-Droid / F-Droid: Toot a message starting with (copy paste):
    @gdroid@mastodon.technology #net_gsantner_markor #fdroid_app_comments #markor @gsantner@mastodon.social Markor feedback:
    

May 05, 2019 22:00

Handy News Reader

About…

This website is a kind of a "fanpage" dedicated to Handy News Reader - an Android app with the help of which You can be up-to-date with all Your interests - in a very convenient way: respecting Your Time as well as Your Inner Peace (it avoids switching attention and distractions which are so familiar today when You think of mobile devices).

I've created this website with the aim of letting You know that there is an app out there - which may come in handy and make a significant difference in Your life. If I'd be asked for its bottom line - I would tell that

staying in touch with all My Passions and Interests never has been so easy.

Other users say:

1. How do You use RSS in general?

"Mostly Technews - so Heise, Arstechnica, etc - during my commute to work".

2. What features You find most appealing to You personally - and why?

"The ability to reduce everything to just the text. I can remove all the Icons in the article view, I can stop loading all the pictures in the articles themselves, so I can squeeze as much text as possible on my screen. Since I mostly use it on E-Ink Devices (YotaPhone and some Android Tablets) this is one of the few apps that I can tune to work perfectly with those kinds of displays". (Spleeeno)

"Newspapers: heise, golem, spiegel, sz, etc."

"I've to repeat the comment of @Spleeeno 'The ability to reduce everything to just the text. I can remove all the Icons in the article view, I can stop loading all the pictures in the articles themselves.'". (paulle)

"Newspaper: Freie Presse, n-tv, Der Postillion and some other feeds".

"Easy to use, automatic refresh and many useful settings". (SIRSteiner)


Persons behind the scene:

Alexey - the developer of the app - usually programmes in C++ with Qt library and Java. Alongside Handy News Reader He created very interesting and promising Clock and event widget - a widget-based multi-functional organizer app.


Thomas Leigh - responsible for the design of this website, English and Polish version, and all the copywriting involved.



Ronny Steiner - as a beta-tester He provides a valuable feedback and contributes in the app's development, code- and idea-wise. He also did the translation of the website and the app into German language - thank You! :)

by Thomas Leigh (noreply@blogger.com) at May 05, 2019 14:08

This Week in F-Droid

Trust, Privacy, and Free Software

We all put a lot of trust into our devices, more and more of our lives are run out of our phones and laptops. The communications we send to each other contain the most sensitive bits that we convey with our devices. The experience we all have when using these devices feels private: if no one is looking at our screen, it seems that no one else could be watching. Sadly, the reality is quite the opposite. Our mobile devices are full of trackers and spyware, whether we notice them or not. There are ever increasing pressures for inserting backdoors. And most people still rely on proprietary software for their most sensitive things.

Over the last ten years, there have been huge strides in the development of usable techniques for strongly protecting privacy. End-to-end encryption used to require deep technical skills to use (think PGP email), now over a billion people are using it daily. Open platforms and free software give us control over what happens on our computing devices, as well as the ability to check what exactly software does with our private information. Reproducible builds seemed like waste of time some years ago, now it is an essential building block for trustworthy systems. The F-Droid community has put all those pieces together to create a complete distribution system where the source code is the only piece that needs to be trusted.

To make this a bit clearer, we can use the analogy of buying prepared food. The ingredients must be listed on the box. We trust that the ingredients list matches what is actually in the box. Open source software is very similar to this. The source code is a very elaborate recipe that produces the executable binary that the computer chips actually run. Now imagine there is a robot kitchen than perfectly executes recipes, producing the exact same result every time, and a simple chemistry set that tell if two bites are exactly the same. Anyone who reads the recipe will know what is in the food. The robot kitchen can be inspected to ensure it strictly follows the recipe. The resulting food can be tested over time to make sure that the robot kitchen is actually making the same exact food each time. Then the combination of the recipe and robot kitchen can be trusted to only use what is listed on the ingredient list. And anyone can use the chemistry kit to check that what is in their box matches what is in anyone else’s box.

This is what F-Droid can now do, only for software instead of food. It does it in a way that the chemistry kit is run every time to you install an app, and it is compared to what the F-Droid build machine saw when it created the binary app. So in fact, it is much easier to verify than the above example.

Digging into the details

Free Software, Vetted Protocols, Code Audits, Reproducible Builds, and the Right Hardware: these are the required ingredients for a truly trustworthy system.

The complete picture for trustworthy computing is now within reach. Free Software has long been a requirement for trusted software. There are trusted methods of end-to-end encryption, from Briar Protocol to Signal Protocol. Reproducible builds means that binaries can be definitively linked to the source code. Real off switches gives the user full control over when features are enabled. Free hardware designs let us inspect the recipes used to build our devices.

The F-Droid ecosystem now provides the pieces necessary for trusted, verifiable software:

  • Free Software
  • Reproducible builds
  • Open, audited cryptography

All of the above pieces have been applied and proven in multiple apps, some already include multiple techniques. In order for an app to provide trustworthy privacy, all must be applied.

  • 100% Free Software: Briar, Bitcoin Wallet, Die Tageszeitung (TAZ), Tutanota
  • Open, audited crypto entirely in the client software: Briar, Bitcoin Wallet, Tutanota
  • Reproducible builds: Briar, Bitcoin Wallet, F-Droid, F-Droid Privileged Extension, Nextcloud, Öffi, and more.
  • Code signing and distribution based on reproducing the developer’s build: Briar, Bitcoin Wallet

Tor Browser for Android will soon be released using the F-Droid reproducible process. That means the app is submitted to F-Droid by sending only the source code and the developer’s own signature from their APKs. That means that F-Droid will only publish APKs that are built from source on the f-droid.org infrastructure, yet match the signature produced for the APK that was built by the developer on their infrastructure.

Other projects like Signal agree that reproducible builds are important, but the Signal APKs are not reproducible. Only the Java part is reproducible. That means the C/C++ code is not reproducible, and that’s the place where it is easiest and most effective to insert exploits.

There are also other concerns that affect a much broader swath of Android apps: the tools and plugins used to build the apps, as well as third party libraries, which these days basically every app includes. gradle is the official build system, and many project use gradle plugins as part of their build process. gradle is free software, but many of the plugins are not.

F-Droid has been working with the Debian Android Tools and Java teams to get as many of the essential build tools packaged and building reproducibly as part of Debian. F-Droid Privileged Extension takes reproducible builds this extra step further: it is built by the Debian Android Tools packages with no outside dependencies.

The last big piece are the third party libraries that gradle makes it so easy to include. The JCenter and Maven Central library repositories require that a matching source JAR is uploaded for each release, but nothing verifies that the source JAR matches the binary JAR in any way. Then Android AARs libraries are quite common, and there is no such requirement for matching source code.

Consider hardware

The right hardware platform is also essential.

The possibility of inserting backdoors into hardware means we need all the same things for hardware as well as software: free and open sources, reproducibility, public audits, and trusted designs. Unfortunately, hardware is much further behind than software in these regards. But there is lots of very promising work:

Stepping stones you can reach right now

Fairphone Open provides free software Android with built-in F-Droid that is fully supported by the hardware manufacturer. Hardware security can be achieved with baseband-free tablets and hacked Moto Gs. Purism Librem 5 with an isolated and hardware-switched GSM baseband is coming soon.

The tools are in place in F-Droid for any app developer to provide fully trusted binaries to their users. Briar, and Bitcoin Wallet were the first to meet all criteria, now that they are reproducibly built in F-Droid. Tutanota, Conversations, Die Tageszeitung (TAZ), Nextcloud, Riot, Kontalk, and many others are 100% free software and built from source by F-Droid. Others like Firefox, Wire, and Zom are close, and hopefully the more complete examples will inspire them to move in the right direction. And F-Droid is glue that holds these pieces together. The F-Droid community is ready to help all projects move on to the next step in trustworthy computing.

by eighthave at May 05, 2019 00:00

May 04, 2019

Privacy Browser

Privacy Browser Design Guidelines

From time to time I receive feedback from individuals regarding the layout of privacy browser on small screens. Usually this feedback relates to eliminating an element that they feel is not important enough to warrant the space utilization or diminishing the size of the fonts so that more information can fit on the screen. I am always thankful for these suggestions (I at least remind myself that I should always feel thankful for these suggestions), and sometimes they have led to beneficial changes in the layout. Other times there are reasons for the current design that the person making the suggestion has not considered. I thought it would be helpful to write a post explaining some of these design decisions so that they would be better understood by the community.

When designing Privacy Browser, there are a number of general principles I follow.

  1. Present as much control and feedback to the user as possible.
  2. Use the minimum possible amount of screen real estate.
  3. Minimize the number of taps that are required for common actions.
  4. Reuse existing Android elements as much as possible.

Let me explain of what I mean by each of these points.

Present as much control and feedback to the user as possible

There is both an art and a science to presenting lots of information to the user in a small amount of space in a way that is intuitive and useful. Many programs want to hide important information from users in a misguided attempt to make things “simpler”. Others organize information in a way that is jumbled or difficult to understand. The best programs present all the desired information in an intuitive format that isn’t distracting.

An example of how this design philosophy plays out in Privacy Browser can be seen in the bookmarks interfaces. Privacy Browser’s bookmarks are stored in a SQLite database. Most users don’t want to think about any of the complexities of the underlying structure of the data storage. They just want an easy and intuitive way to interact with their bookmarks. However, there are other scenarios, like troubleshooting database import/export problems, where a power user might need to access or modify the underlying data structure. This led me to create two interfaces, one for general bookmark usage, and one to view and edit the bookmark database values.

Use the minimum possible amount of screen real estate

Nobody likes wasted space, especially on a small phone. Now, this might sound obvious, but to use real estate effectively, each item in the interface must be big enough to see or read, and nothing the user interacts with can be smaller than their finger. Privacy Browser’s two drawer layouts provide a good case study. The navigation menu that opens on the left is generated by a standard Android NavigationView, which provides developers little control over the layout. As you can see in the screenshots below, the interface has been designed to space each entry far enough apart that the user doesn’t accidentally tap the wrong item. Like many default Android interfaces, it uses a relatively small font with a large amount of white space between the lines. On the other hand, the bookmarks drawer that opens on the right is a custom interface that I built. Each entry is also spaced sufficiently so that accidental taps are avoided, but my personal preference is to use larger fonts and less white space. This often has the effect of making users feel that the space is being wasted (because the font is so large), leading them to believe that if the font were smaller more bookmarks could be displayed on the screen. However, the constraining limit on the bookmarks is less about the size of the font and more about the minimum size of the human finger. Consider the three examples below, which are screenshots taken on a Pixel 2 XL running Privacy Browser 3.0.1. With a small system font size, the number of entries in the navigation menu is 13 and the number of displayed bookmarks is 16. When the default system font size is used, the number of entries in the navigation menu remains 13 and the number of displayed bookmarks is slightly more than 14. When the largest system font size is used, the number of entries in the navigation menu is still 13 and the number of displayed bookmarks is 12.

The takeaway from this is that, even thought the font size is larger in the elements I designed in Privacy Browser, the number of bookmarks displayed is greater than if I had followed the standard Android design guidelines used in the navigation menu. It functions as a sort of optical illusion. Even when placing the screenshots side by side, the mind still wants to think that more information is displayed in the navigation menu. But not only does my interface convey more entries for all layouts except for the largest system font size, it does so using nice, big fonts (something I really enjoy even though I have good eyes and something that people with poor eyesight find absolutely essential). It also provides more flexibility to the user by actually adapting the amount of information on the screen to the system font size that is selected, as compared to the standard Android layout, which adjusts the white space so that, on this particular device, 13 entries are all that are ever displayed.

Minimize the number of taps that are required for common actions

I don’t know any developer who doesn’t agree with this in principle, but it can be very hard in practice because 1) different users use different actions, and 2) every time you make something easy to get to you use up precious screen real estate. It is somewhat funny to me that almost every time I make any change to the layout of the options menu I receive feedback from users somewhat along the lines of, “How come you moved my favorite command to a submenu? I use it all the time and now it takes two taps! Also, why don’t you get rid of all the other commands. I never use them and they are just in the way.” As a developer, I can’t just consider how I use the app, but I have to try to think of all the possible ways users might use it.

Figuring out the optimal design ends up being quite a balancing act, one that gets refined over time based on my own personal experiences using Privacy Browser and the feedback I receive from users. As a case study, let me explain the process of designing the tab interface that was released in version 3.0. From the very beginning of the process I wanted to have a tab interface that was displayed directly on the main Privacy Browser window. Most other phone browsers hide their tab interfaces somewhere behind a button or a swipe, so that it takes two actions to do anything with tabs. For some browsers this also involves switching to a secondary activity that covers the entire screen. I knew it wouldn’t be possible to have everything relating to tabs visible on the screen at all times, but I wanted to get at least the most commonly used actions there.

The resulting design uses a TabLayout that is part of the app bar (under the action bar). It is designed so that on almost any device it is possible to see at least two tabs at once. It also has an easily accessible button for adding a new tab, which is a common action and doesn’t take up much additional screen real estate. Because Android already makes the tabs about as tall as a standard finger touch, it made a lot of sense to display the website title in two lines, thus displaying more information.

Initially I thought about adding a close button on each tab, similar to what Firefox or Chrome have on their tablet interfaces. However, I didn’t do this for two reasons. 1) I was concerned that users would accidentally close tabs when they meant to do other things. For example, if more than two tabs are opened on a small device, the user has to drag the tab layout left and right to scroll between them. It would be easy for the drag gesture to accidentally be detected as a tap on the close tab icon. And the absolutely worst kind of interface, worse than having a desired command buried beneath seven layers of submenus, is an interface that mistakes your intentions and does something different that what you just told it to do. 2) I don’t think Android’s TabLayout will allow users to interact with individual elements inside the tab. So the only way to accomplish this would probably be to either modify TabLayout or design an entirely custom interface from scratch. This would be an awful lot of work for something I expect wouldn’t work that well in the end, although there is an open feature request for this and I will probably look into it deeper in the future.

My solution was to place the close tab command as the first entry in the navigation menu, meaning that adding a tab takes one tap but closing a tab takes two (not a very symmetrical experience). Based on user feedback, in version 3.0.1 I added the ability to close a tab that is at the beginning of its WebView history using the back button. This allows tabs that are opened by an intent from another app to be quickly closed with one tap by hitting the system back button on the navigation bar. Not only is this a fairly intuitive interaction for most Android users, but it also takes care of closing tabs in 90% of my personal workflow. It is not a perfect solution, and things will likely evolve in the future, but it represents the current balancing act between usability, screen real estate, and what makes the most sense for the majority of users.

Reuse existing Android elements as much as possible

Android has a bunch of standard views, widgets, commands, tools, and other elements that can be used to build apps. It is also possible to custom build almost anything with enough work. One of my design philosophies is to use the standard building blocks as much as possible. There are several benefits in doing so. Among them are that Google spends a lot of time making sure these elements scale well between different screen sizes. They work across all the various versions of Android. They are automatically updated when newer versions of Android come out. They scale to different form factors (like tablets) and even to different environments (like Chromebooks). Custom code, on the other hand, requires much more extensive testing to make sure it is going to work across all the various devices out there in the real world. It can require extensive refactoring when new versions of Android come out. It might not adapt to new environments, like Chromebooks. And it won’t automatically update to follow newer theme guidelines, creating a less consistent user experience between Privacy Browser and other Android apps, which increases the learning curve and UX (User eXperience) dissonance.

All that being said, using the standard Android tools is also problematic. Android is buggy, Google isn’t very receptive to bug reports (they barely even read them), and really nasty glitches can continue for years without resolution or even acknowledgment. Also, these tools often don’t do exactly what you want them to do, leading to a lot of compromises and imperfect solutions. And they tend to waste a lot of screen real estate. Although many examples could be given, two will suffice, one where I have chosen to use the default tool even though it is imperfect and the other where I have built a custom solution.

Android has a standard icon for opening the navigation drawer, called the hamburger icon because of the three horizontal lines that look (only a very little bit) like a hamburger bun with a meat patty in the middle. There is a standard tool, ActionBarDrawerToggle, that lays this out in the top left of the action bar and makes it interface with the navigation drawer. The selection, animation, and layout of the icon are all handled by ActionBarDrawerToggle. However, the layout it uses consumes too much white space, as can be seen by the huge wasted area between the hamburger icon and the beginning of the URL text box in the screenshot below. I have considered replacing it with a custom layout, and I might well do so at some point in the future. But the advantage of using a standard tool has so far outweighed the negative of the lost space.

Look at all the white space just dangling out there.

The other example has to do with nested scrolling of the WebView, which allows the app bar to be scrolled off the screen. As described earlier, adding the tabbed interface requires a significant amount of screen real estate. This isn’t really viable unless there is a way to recapture that space while reading a website. Android has an entire set of tools for doing this, but for reasons that make no sense, they do not support doing so with WebViews. So, before I even started working on tabbed browsing, in the last major release of the 2.x series, I implemented an extension of Android’s WebView that worked with nested scrolling of the app bar. It wasn’t easy, but the functionality is so central to what Privacy Browser is trying to accomplish that it was necessary to do so.

by Soren Stoutner at May 04, 2019 22:12

May 02, 2019

Privacy Browser

Patreon

Privacy Browser now has a Patreon page. Those desiring to do so may support the development of Privacy Browser via a monthly contribution.

by Soren Stoutner at May 02, 2019 22:46

Privacy Browser 3.0.1

Privacy Browser 3.0.1 has been released. This is a bugfix release to correct a couple of serious bugs in the tabbed browsing interface that couldn’t wait for 3.1. A couple of other items were also added to release because they were ready to go in time and resolved less serious bugs.

Because some people don’t want the app bar to scroll off the page, especially on tablet interfaces that are not scrunched for space, there is an option to disable app bar scrolling. However, the way I had it configured, this would disabled app bar scrolling in the WebView, but not in the app bar itself. So, if a user accidentally scrolled up on the app bar interface (for example, when trying to scroll the tab layout left or right) the app bar would scroll off the top of the screen. And there would be no way to get it back without restarting the app or going into settings and enabling app bar scrolling. Having an important part of your interface disappear is a significant enough bug to merit an emergency release.

Similarly, when app bar scrolling was enabled, if a user had multiple tabs open, and one of them was blank (like a new tab), the app bar could be scrolled on and off the screen only on tabs that had a populated WebView, not blank tabs. So, if the user had scrolled the app bar off the screen, then opened the navigation menu by swiping from the left, then closed the tab, if the newly activated tab after the close was blank, there was no way to scroll the app bar back onto the screen. This could be remedied by loading the homepage or a bookmark, or by swiping to another populated tab (if one existed). But those options were not naturally obvious, and the user was often left feeling like the controls had been removed and they were left with a blank or crashed app. Again, interface goes missing; emergency patch release.

I received a crash log that described a rare crash that could occur when a web page finished loading. This was rare enough that I would not normally do an emergency release, but because it was an easy fix I added it into this batch.

With the 3.0 release, I received a lot of feedback, support, suggestions, and bug reports (thank you for all of them). The single most common topic regarded the closing of tabs. There is ongoing discussion about adding a close icon to each tab, which may happen sometime in the future. However, I realized I could improve the functionality of the back button as it related to the closing of tabs.

Prior to version 3.0, if Privacy Browser was at the beginning of the history list and the user pressed the back button, the command would be passed up to the Android system, which would move Privacy Browser off the screen and return either to the app that launched Privacy Browser or to the home screen. In early beta testing I realized this behavior didn’t always work well with tabbed browsing. For example, if a user had multiple tabs open and then switched to an incoming message in another app and clicked on a link in the message, Privacy Browser would reopen with the contents of the link in a new tab. After reading the web page, tapping back would return to the messaging app. This felt natural. But, if a user had been browsing with multiple tabs in Privacy Browser for an extended period of time and then hit back on one of the tabs that was at the beginning of the history view, they would be kicked out to whatever app had been running before Privacy Browser, even if it hasn’t been open for hours. This behavior felt unexpected, especially when other tabs were open. A kind of, “I wasn’t done yet, where are you going?” experience.

At the time, my solution was to make back load a blank page if the WebView was at the beginning of the history. This created a weird scenario where you could cycle between a blank page and the last website by repeatedly pressing back. However, in considering feedback I received about this behavior as well as the desire for a more readily accessible way to close tabs, I realized that, if a tab is at the beginning of the history list and back is pressed, the most natural behavior is to close the tab. This leaves Privacy Browser in the foreground if other tabs are open, resolving the unexpected behavior described in the previous paragraph. And it makes it easy to close tabs that were open via intents from other apps, which is probably about 90% of normal tab usage.

by Soren Stoutner at May 02, 2019 21:14

Purism

Introducing The New Librem Mail

Here you are. You take social good, freedom, and your personal privacy and security seriously. You know Librem Mail is part of Librem One, a suite of privacy-protecting, no-tracking apps and services – a network system that we, at Purism, believe is already starting to change the world for the better.

So why, and how, can it change your world for the better? How will it help and protect you, and why is it better than the rest?

Well, let’s start from the very beginning (always a good place to start): Librem Mail offers you an end-to-end encrypted email account, making sure that all end-to-end encrypted communication is kept private.

How is it kept private?

By using OpenPGP, the best-in-class cryptography. And just like every other client Purism offers as part of Librem One, Librem Mail uses free software-based clients (such as Librem Mail on Android, based on K-9 Mail), across all platforms. This ensures that rights (and freedom) of people using it are protected when third party verification of privacy and security protections is confirmed.

Will it make communicating with your friends more difficult?

Maybe you’re worried that such a degree of safety will isolate you. But no, it won’t, we’d never do that: like all other services offered in the Librem One bundle, Librem Mail allows you to communicate with anybody, inside or outside the librem.one domain. Each server-side service that Purism provides as part of Librem One encompasses a philosophy of decentralization, so you can communicate to other people on other systems. We do not lock you in to one (our) technology company.

Why is it safer than most email offers?

It’s safer because we don’t keep your data. Email that isn’t encrypted isn’t safe, so we made it temporary. Temporary emails expire after 30 days. If you want to keep a temporary email, just send yourself an encrypted copy. We are aware this is a new approach to email safety, that you may need some time to get used to the idea. So we’ll only start the timer once the campaign ends (temporary emails sent on the day the campaign ends, or before, will be deleted 30 days after the campaign ends).

As the Mail service evolves, we’ll add the following features:

  • Discoverable keys: sending email to someone else @librem.one but don’t have their encryption key? The Librem Mail client will pull it in automatically.
    This is called “Blind Trust Before Verification”.
  • Encrypt-on-receipt: If you share your public key, we can encrypt your mail on receipt. Or, no more temporary mail.

Both of these convenience options put more trust on the service, so they will be on by default, but you can opt-out. We will elaborate when these features are released.

One other reason Librem Mail is safer it that we use free software, so you can know – and verify – you are not being tracked; and also because we utilize standard protocols and self-hosting options (for your business, your friends, even for yourself). Our services are powered by our own PureOS, Purism’s rights respecting operating system. Librem Mail uses Standard SMTP/IMAP/POP MTA, with OpenPGP, which may sound terribly technical if you are not an advanced user… but don’t worry, you don’t really need a lot experience to use Librem Mail.

Here’s a quick and simple setup on how to configure advanced options (if you are an advanced user, feel free to connect with other applications native to your system).

 


Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone – including privacy-conscious users, entrepreneurs, business people, developers, writers, digital artists, activists, geeks and defenders of freedom all around the world. We believe people should have secure devices an services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

The post Introducing The New Librem Mail appeared first on Purism.

by David Seaward at May 02, 2019 13:51

May 01, 2019

Purism

Opt-IN, No Ads, and No Tracking Solve a Lot of Problems in Society

There are a lot of issues with social giants and we are hearing about them daily, from Cambridge Analytica manipulating people through social media feeds, through silicon valley social companies censoring people, to algorithms that discriminate you and the content you see based on your friends or posts or likes.

It’s also a common question from the press to Silicon Valley social giants “what are you going to do about certain content on your private platform?” and those social giants keep incorrectly answering that question with “we will censor things on our closed platform based on an evolving policy.” But this is missing the larger more menacing point.

What most people want is rather simple:

Opt-in

Most people want to opt-in to what they want to follow, be that a news feed, a celebrity, a friend, or family. Most people do not want to be force-fed a constant stream of manipulated content to catch and keep their attention.

No Ads

Most people want an ad-free experience but are willing to accept some contextual advertising or non-creepy advertising from opt-IN data shared. Most people do not want everything they have ever done and said and shared to be secretly recorded permanently in exchange for using a service online.

No Tracking

Most people want to retain their privacy and freedom and most people are concerned about their digital footprint. Most people do not want to be tracked all the time from all devices.

The Pros and Cons of Timelines

Every social network tends to have a timeline. The original idea behind a timeline makes sense–aggregate all of the posts from people in your network and present them in a chronological view. Because so many social networks are funded by ads, however, that quickly changes into posts from your friends as well as overt ads and promoted posts pushed to the top of your feed.

This leads to the next complaint about timelines: hiding chronological order. Ad-driven social networks are in a constant struggle to determine what’s “relevant” to you. They do this not just by collecting raw data about you and your social network, but by tracking you and training their own systems based on how you view posts. This is one reason why social networks try to hide chronological sorting and force you to view posts based on relevance. By tracking which posts you view versus which posts you scroll past, they train their own systems and figure out which ads you’d most like to see.

The ironic result is that your timeline ends up being full of things you don’t want to see, dictated by a central authority instead of you.

Decentralized Timelines

This problem is most prevalent with ad-funded proprietary social networks but it also shows up in decentralized federated social networks like Mastodon. This is a side-effect of what’s otherwise a beneficial feature: local and federated timelines. Local timelines show you a live feed of posts that are happening on the local social network (say social.librem.one) and federated timelines show a feed across Mastodon networks. This can be great because it shows you people on the network you haven’t explicitly followed and posts that your social network haven’t yet promoted so in that steady stream of new posts there’s a chance you might find something you like.

The downside to local and federated timelines is that there are also a bunch of posts you aren’t interested in from people you don’t want to follow. You don’t opt in to that feed so when it gets content that you particularly find offensive, distasteful, or not aligned with your views there’s little recourse unless your opinion of undesirable content happens to match those of the central moderators.

How We Handle Timelines

There are plenty of social networks that are trying the traditional opt-out approach. We are trying something completely different at Librem Social: disabling timelines altogether. That way you only see content you have explicitly opted into (posts from people you follow). We are also working on additional features to give you even more control over how you view and filter content in a decentralized way instead of relying on a central authority to dictate what should and shouldn’t show up in your feed. In addition to blocking users, Librem Social will offer flagging of content for DMCA copyright violations, spamming, harassment, and illegal activity.

In our view, the advantage of full opt-in control over your feed outweighs the downside of not being able to discover some content you like (signal) in the public feed amongst all the content you don’t (noise). Popular content can still spread through the network via organic boosts from people you already follow instead of artificial boosts from relevance algorithms or advertisers.

A Different Approach to Social Media

Combining no ads, no tracking, and opt-in is the trifecta of what most people want, because it offers a different approach to how social media functions:

  • It offers no timeline or news feed pushing data onto your device and into your brain.
  • It offers people to build communities for any legal topic with opt-in for users.
  • It means things you want to follow you follow, things you don’t want to follow you don’t.
  • It means there is no trending timeline to manipulate.
  • It means there is no need for private platform censorship policies.
  • It means people are back in control of what they see, share, and block.
  • It means digital society can operate the same as it does in the physical world.
  • If means if you want to be part of the butter-side-up club you can and won’t see anything from the butter-side-down club, and if you don’t want butter at all there’s a club for that too.

Adding in decentralized (like email) accounts, based on the popular ActivityPub standard, would allow everybody on the Internet to control and follow anybody they’re interested in without a centralized Silicon Valley company controlling the entire user-base.

This Opt-in, No Ads, No Tracking, Decentralized, No Timeline social platform is not a complicated idea, but it seems like it will take a social-purpose-driven corporation that isn’t funded by advertising and data collection to do it.

The post Opt-IN, No Ads, and No Tracking Solve a Lot of Problems in Society appeared first on Purism.

by Todd Weaver at May 01, 2019 23:21

How Purism Works Upstream and Gives Back

One aspect in free software (and its copyleft licensing) is the benefit of releasing software for others to use as long as the same licensing terms are used.

Purism has a long history of giving back and working with upstreams and continues to release everything Purism authors under free software licenses in accordance to Purism’s Social Purpose Corporation Articles of Incorporation.

In light of our Librem One launch, and since we use free software for our clients and services, it shouldn’t be a surprise that we use free software considering our commitment not just to free software but to open standards. There is so much we want to tell you about Librem One over the coming weeks from various design decisions, policies, and upstream software that we couldn’t address all at once on launch day. To start, let’s talk about the free software that we use in Librem One.

Clients

It’s no secret to anyone familiar with free software on mobile that Librem One apps are based off of popular existing free software applications. Most people understand why we opted to use existing, high-quality applications instead of reinventing the wheel by writing them from scratch. What may be less clear, however, is why we opted to release rebranded applications.

Before we talk about why we rebranded, let’s highlight the upstream projects our versions are based on:

Why Rebranding?

A major goal with Librem One was to provide people with convenient and easy-to-use alternatives to big tech services that respected their privacy. The key to this was the combination of decentralized services with a centralized brand. With decentralized services that used open standards and ran on free software, users aren’t locked in to any one provider and can even host services themselves (more on that in a future blog post).

By putting services under a centralized brand, we make these decentralized services just as convenient to use as the big tech alternatives. That way an end-user doesn’t have to know what Matrix, ActivityPub, or even IMAP are or try to find all of the applications that work with those services on their particular platform. Instead, they just need to know that they want to chat, join social media, or send email.

Discoverability

Many of the changes we made to existing clients and our server configurations were to make it easy to connect with others on Librem One. The goal is for you to be able to say “you can reach me at username@librem.one” and regardless of the service, your friend should be able to find you. In many cases the clients and servers didn’t allow this kind of feature out of the box because the apps are focused on a single service, not a collection under one brand.

Convenience

Beyond all of that, convenience is important. We wanted people to be able to switch from existing big tech services without having to fill out a bunch of forms with server information. Instead we wanted them to just type in their username@librem.one login and their password and have the client already configured and ready to use, just like they are used to with big tech alternatives. This required some customization in the existing apps so that they defaulted to using Librem One services while still allowing a user who wanted to, to dig into the settings and use any other provider if they wanted.

If you are interested in the changes we’ve made, you can check them out at their temporary location here.

Servers

In addition to clients, we are also hosting free software services for Librem One. We will elaborate on our services and our plans to make it easy to host them yourself in a future post but for those that are curious we are using Postfix and Dovecot for Librem Mail, Matrix for Librem Chat, and Mastodon for Librem Social. We are partnering with Private Internet Access for Librem Tunnel.

Our Contributions

An non-exhaustive unordered list to summarize our thanks to all the people we’ve been involved with:

While this list is not complete, it highlights the core beliefs behind Purism, its team commitment, and its free software roots. At Purism we will continue to work with, advance, partner, fund, push upstream, and most importantly release all our software under free software licenses.

Our commitment to working upstream is no better highlighted than by our Librem One bundle of ethical services that are supported by our partners Matrix, PIA, and Mastodon.

Sign-up Now and support the movement to protect your digital rights online.

The post How Purism Works Upstream and Gives Back appeared first on Purism.

by Todd Weaver at May 01, 2019 17:06

April 30, 2019

Purism

Underscoring Our Transparency: First Librem One Bug Report

We are super excited about our Librem One launch, if you can’t tell, but to make things even more exciting, we also have hit a different milestone with the service: our first security bug! We believe in transparency in general and especially when it comes to security. Security bugs happen in all software and services and our stance is the best approach is not just to address security issues as soon as possible but to be up front and alert you to security issues as soon as possible.

One of our keen community members rae discovered a severe security vulnerability in the Librem Chat service that allowed them to login to our chat server as any user. This is obviously a serious vulnerability and so we immediately shut down that chat server while we investigated.

It turns out the bug was related to a change that was made in the unreleased “master” branch of the matrix-appservice-ldap3 plugin being used by Librem Chat to authenticate users over LDAP. The bug ultimately came down to a mistake in a single line of code in a function related to LDAP searches:

- result = yield self._ldap_simple_bind(
+ result, _ = yield self._ldap_simple_bind(

What a difference an underscore makes. See https://twitter.com/matrixdotorg/status/1123298776725303299 for the security notice from the Matrix team

Impact

First it’s important to discuss what this bug didn’t impact. All other Librem One services including Tunnel, Mail, and Social were not impacted by this bug. It was an authentication bug specifically with the Librem Chat service.

Fortunately this bug occurred early in the service launch before too many customers were using chat. We shut down chat immediately upon confirming the bug and the overall outage lasted about 30 minutes while we investigated and patched. We have also taken the precautionary step of removing all existing access tokens, which required any clients that were logged in to re-authenticate.

We do not have any indication of any malicious exploitation of the bug, and any attempts to access a user’s chat encryption keys would have resulted in a prompt on your own chat client to approve the access from a new device. If you did happen to see that prompt on your account, click the “Ignore” link in the notification and contact us at Purism support. If an attacker did manage to login to your chat account, they would have been able to send chat messages as you and also see your chat account details, including your current client’s IP, if they looked at your account privacy settings.

To check whether someone successfully logged in as you, go to your Librem Chat settings and scroll down to the Devices section. You should only see your Mobile device listed, unless you also logged into Librem Chat via a web client or other client. If you see any other device in that list (in particular a riot.im device) and you did not use that device yourself, then select that device and delete it. If you have any questions about this issue, please contact our support team.

The post Underscoring Our Transparency: First Librem One Bug Report appeared first on Purism.

by Kyle Rankin at April 30, 2019 21:43

Privacy Browser

Cookies and Tabbed Browsing

Anyone who has been following these posts for a while has noticed the running thread of limitations caused by Android’s WebView, which is why the 4.x series is going to include a forked version called Privacy WebView. While developing tabbed browsing I discovered that first-party cookies are enabled/disabled by app, while third-party cookies are enabled/disabled by WebView. This means that if the current tab enables cookies, they will also be enabled for any background requests made by any other tabs that are currently open.

There is nothing I can do about this presently, but it will be addressed in the 4.x series. In the meantime, I have added a warning in the settings.

by Soren Stoutner at April 30, 2019 02:38

April 29, 2019

Purism

The New Librem One Services

Tired of your digital life being exploited online?

Hi. We’d like to present Librem One.

Purism isn’t only about designing and producing secure hardware and software, and we have just added a neat bundle of services to our offer:


Encrypted chat – simple end-to-end encrypted chat, VoIP, and video calling.

Encrypted mail – easy to use, end-to-end encrypted email.

Encrypted VPN – toggle your connection to a secure VPN tunnel.

Public social – safe and privacy-respecting social media account.

Sign up now and get services that respect you

Our bundled, all-in-one services are ethical, respectful of your digital rights and concerned about your privacy – something we guess has been on your mind lately – or maybe for quite some time now. It’s in everyone’s mind, these days: we love the convenience of digital, internet-based services, but we worry about what we read and watch in the news. We love communicating, but communication between peers and family is meant to be private. It’s meant to be safe, and yet we are being harvested. We put our loved ones at risk by emailing them, by tagging their name. Interacting with the ones you love is not meant to serve other’s interests or to exploit you in any way.

At Purism, we are a Social Purpose Company. We don’t exploit you (and, by our own philosophy and contract, we can’t exploit you). We don’t offer advertising services to third parties. We don’t track users. We don’t look at, sell, or share anything – we offer a simple subscription model.

Librem One is a subscription service, using open standards and free software, and it is available for $7.99/mo, or $71.91/yr for the four services. Librem One does offer a basic tier, with encrypted chat and public social, for a pick-your-price from free to $5.99/mo. Librem One bundles popular, convenient services into a single, easy-to-use account – with more services are to be added over time.

Librem One. Pure, ethical services for people with principles.


Librem One is a growing bundle of ethical services. By creating a network service that advances social good, societal freedom, personal privacy and the best security, Purism is changing the world for the better. If you’d like to know more or support us, we have an ongoing crowdfunding campaign.

The post The New Librem One Services appeared first on Purism.

by David Seaward at April 29, 2019 17:01

Complete PureBoot Demo and More Progress

Hi again! Things have been busy on the PureBoot front since our last blog post on overall coreboot progress. – and we can prove it: we now have a video that walks us through the complete PureBoot demo we showed for the first time at SCALE a few weeks ago.

The video, as you can see, starts with powering on the Librem Laptop with a Librem Key inserted. PureBoot then starts by checking the firmware for tampering and authenticating itself to the Librem Key, which blinks green to indicate the system is safe.

Next we select the Default Boot option, and PureBoot scans the /boot directory for any tampering – and if and when it doesn’t find any, it starts booting the OS as normal.

Once the OS boots, you see a prompt show up on the screen requesting the user’s GPG PIN, which demonstrates PureBoot unlocking disk encryption using the Librem Key instead of a passphrase. We find this approach to be more convenient for the user than typing in a long passphrase; and being a 2-factor authentication, it’s more secure too.
Finally we reboot the machine and simulate tampering, by storing a new shared secret in the TPM chip without the Librem Key inserted. Once we do reboot, PureBoot detects and warns us that the Librem Key isn’t inserted. We could skip this warning and boot anyway, but we insert it and then the Librem Key flashes red to warn us that there was tampering.

More PureBoot Improvements

In addition to the demo, we’ve also made a number of PureBoot improvements since our last blog post:

Dynamic USB disk detection

In the past you had to hard-code a specific disk device, in order for PureBoot to use when booting or using a USB disk – which was clunky, and caused some problems to those trying to set up PureBoot for the first time on a system with only an NVMe drive. Now it dynamically detects any USB disks that are present – and if more than one exists, you get a prompt; otherwise it just automatically uses the one it finds.

Other Improvements

We’ve also added a number of cosmetic improvements to the initial boot screens, including removing or changing certain prompts that were proving confusing to some of our beta testers. We’ve also added an automated “OEM factory reset” option to the GPG menu, that will factory reset a Librem Key and then generate a new random GPG key on the device – and add it to PureBoot firmware in an automated way.

Heads Advanced Settings MenuThe Improved Advanced Settings Menu in Heads

We’ve also updated the official PureBoot documentation at https://docs.puri.sm/PureBoot.html to describe how to use our new coreboot utility to pull down pre-built PureBoot firmware, so you no longer have to compile it yourself.

What’s Next

The introduction of pre-built PureBoot firmware has brought in a new wave of beta testers, which in turn has led to a fresh set of improvements. Each of these changes brings us closer to PureBoot being ready for general availability… we are looking forward to being able to announce PureBoot as a pre-installed, pre-configured option when buying new Librem laptops with a Librem Key very soon, so stay tuned for more Pureboot news!

The post Complete PureBoot Demo and More Progress appeared first on Purism.

by Kyle Rankin at April 29, 2019 16:10

April 27, 2019

Privacy Browser

Privacy Browser 3.0

Privacy Browser 3.0 has been released. The major feature is the long awaited tabbed browsing.

Beautiful tabs!

Using a tab layout generally works well, and in some cases is even better than I imagined it would be. The favorite icon has been moved from the URL bar down to the left of each tab. This helps with identifying tabs and also frees up valuable space in the URL bar. Adding a new tab is accomplished by tapping the + icon. Closing a tab can be done from the first item in the navigation menu. I considered placing a close icon on each tab, but I was concerned that it would be too easy to accidentally close a tab when trying to switch between them. (For consistency and ease of access, Clear and Exit was also moved up to the top of the navigation menu.)

Updated navigation menu.

One of the things I discovered is that Android’s WebView only allows enabling and disabling first-party cookies by app, not by WebView (as is the case with third-party cookies). This limitation will be removed in the 4.x series with Privacy WebView, but until then I have added a warning to the first-party cookies setting.

First-party cookies warning.

Because some people don’t like links littering their browser with excess tabs, I created a setting to disable the opening of intents in new tabs. Intents are URLs that are sent from other apps. For example, if an email contains a URL, tapping on it in the email app sends an intent to the browser requesting that it load the URL.

Open intents in new tab.

I moved the URL loading progress bar from the bottom of the app bar to the top of the WebView. Otherwise, the progress bar would not be visible when the app bar is scrolled off the screen or when full screen browsing mode is enabled with the app bar hidden.

A bug was fixed that caused Privacy Browser to restart every time a Bluetooth keyboard was connected/disconnected (including when a Bluetooth keyboard would enter/exit power saving mode). It turns out that this, for some crazy reason, is the default Android behavior for all apps. Luckily, there is a fairly simple way to disable it.

Another bug was fixed that caused the bottom of the WebView to be cutoff when scrolling of the app bar was disabled. This was caused because the WebView was adjusting the layout assuming the app bar could scroll, which made a section of the bottom of the WebView equal to the height of the app bar not accessible if the app bar did not get out of the way.

This release includes the first full German translation in a while, kindly provided by Bernhard G. Keller. The Italian translation was updated by Francesco Buratti; the Spanish translation was updated by Jose A León; the Russian translation was updated; and the Turkish translation was partially updated.

The next release of Privacy Browser will focus on speeding up the loading time of the app, which currently is hampered by the synchronous loading of the blocklists on the main thread from an inefficient text format that requires extensive parsing.

by Soren Stoutner at April 27, 2019 20:32

April 25, 2019

/e/ foundation

Leaving Apple & Google: Afraid to flash? Mail-us your phone! And getting closer to 100 supported smartphones.

Looking for the Newsletter “Leaving Apple & Google: Ready? Register now for your first smartphone with /e/!”?

Follow this link

Leaving Apple & Google: Afraid to flash? Mail-us your phone! And getting closer to 100 supported smartphones.

On our way to 100 supported smartphones!

This week, we have added 2 additional devices to our list of supported smartphones. Now, you can enjoy /e/’s data privacy on:

  • Xiaomi Mi Mix 2s – polaris
  • Motorola Moto Z2 Play – albus

We now support 79 different smartphones and will keep on adding weekly.

Download, flash your device and enjoy now! Don’t forget to report your experience to us.

You have the expertise and knowledge to maintain a CustomROM for a specific smartphone? Become a device maintainer today! We’d love to talk, connect with us here!

Smartphone mail-in: we’d love to hear from you

For a few of you out there, flashing a smartphone to install an OS can be done in a matter of minutes; for many, it is uncharted territory and an impossible learning curve… WE HEAR YOU!

To solve this issue, we’d like to offer flashing your smartphone as a mail-in service. How does that work? Simple as 1/2/3:

We send you a foam postal box and prepaid shipping sticker to send us your beloved phone.
An expert technician flashes your smartphone with love and care and installs /e/.
A few days later, you receive your smartphone with /e/, ready to be used and abused 😉

We’d be curious to know how much you’d be comfortable to pay for such a service. To make it simple it would include smartphone flashing, packaging and not to forget pick-up and shipment!

Answer our anonymous poll on Limesurvey here

Be part of something bigger!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…

Act now:

Sincerely,
Gaël @gael_duval / @gael@mastodon.social

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at April 25, 2019 12:20

Purism

Librem 5 App Design Tutorial – Part I

Are you excited about the Librem 5 and GNOME going mobile, and do you want to start building our own, brand new app for it? Well, the first thing you need is, of course, to design the new app – this can be a bit challenging on its own, especially if you’re starting out with a new platform.

This is the first of a series of blog posts which will walk you through some of the most important UI patterns, and guide you step-by-step during the process of going from idea to mock-up. We will be using a read-it-later app as example. To start with, let’s get some context, and take a look at philosophy and process, goals and relevant art.

GNOME Design Philosophy

It’s always good to familiarize yourself with the design philosophy of a platform before starting to actually design in it. The GNOME Human Interface Guidelines explains this philosophy quite well in the “design principles” page, which you may want to read in its entirety; meanwhile, here are some of its most important points:

Simplicity and focus Make sure your goals (for the app) are clear from the outset, and focus on those. It’s better to make a separate application to cover an additional use case than cramming too many things into one app (e.g., video podcasts are different enough from audio podcasts to be better off as an app of their own).
Search and undo If there are large amounts of content in your app, provide full-text search so things are easy to find. People are likely to make mistakes: make data hard to lose, and never use a warning when you mean undo.
Avoiding preferences Adding an extra option may seem like a good, quick fix, but in most cases it is treating the symptoms rather than the cause. Try to figure out what that cause is instead, fix the problem for everyone; I highly recommend this article by Havoc Pennington on the topic.

Design Process

Now that we’re aware of all the right, high-minded ideals, we will consider the design process itself. So, let’s say we want to design a great read-it-later app.
If we follow the GNOME design process, which primarily consists of three steps (plus iterations), we will have to: first, defining goals, and non-goals, for our app; second, collecting relevant art, i.e. examples of similar apps (to borrow ideas from); and finally, making sketches/mockups of detail views and user flow.

Defining Goals

We’re about to design a native client app for read-it-later web services (such as Pocket). Services like these allow us to store articles or other web pages we’re interested in, but don’t have the time to read immediately. Using them means we can catch up on all the stuff we saved later, when we have more time. This means our primary goals are going to be:

• Listing saved articles
• Providing a great, focused experience for reading articles in the app
• Helping to catch up with the reading list
• Storing articles offline so they can be read without a network connection

Along with goals, we will also set some non-goals (i.e. things that are out of the scope of this application):

• Social features
• Content discovery

Relevant Art

Our next step is to find examples of existing apps that do similar things. It’s good to look at how other people have solved the same problems, what they did well (and what could be improved) before jumping right into designing a new app.

Or: let’s check the competition.

Pocket, on Android, has way too many features – and a pretty complicated interface. It has many different categories, social features, a discover section, text-to-speech, and much more; most of these features are rarely used and make the app feel quite cluttered. Pocket is also not very good at helping you get through your list of saved pages; it mostly wants you to discover new things to save (and then not read them).

Clearly there are some lessons to be learned here.

Pocket on Android - screenshots

Instapaper is an app we’ve never really used, but judging from the screenshots, Instapaper’s UI feels a lot saner and way more focused than Pocket. The rich article previews in the list view and the typography are also quite nice.

Instapaper on iOS (screenshots from App Store listing)

Wallabag is a self-hosted alternative to both Pocket and Instapaper. The corresponding Android client (also called Wallabag) is not very sophisticated UI-wise, but it is quite a good example of a very simple native client.

Wallabag for Android (screenshots from Google Play listing)

Structurally, these apps are all quite similar: they feature a main view with a list of articles, plus an article view that displays the articles in a clean, readable format. Depending on what service we are looking at, there are multiple lists for different types of articles – such as Archive, Highlights, Favorites, Notes, etc. To keep things simple, and because we’re targeting Wallabag first and foremost since it’s the only self-hosted service, we’re keeping three categories only: Unread, Archive, and Favorites. This means we need to design four main screens for our application: the three article categories plus a reader view to display the content.

We know our needs, and we may close this part of the design process. You should have, by now, a very clear idea of what you need in order to design an application for the Librem 5, and of the GNOME design philosophy guidelines. Later on, we’ll be guiding you through the rest of the application design process – stay tuned for the second part of this tutorial, to be published soon!

The post Librem 5 App Design Tutorial – Part I appeared first on Purism.

by Tobias Bernard at April 25, 2019 10:56

April 23, 2019

Fairphone

Purism

April Progress Update – Librem 5 Hardware

Things are as awesome as usual.

Hi again, everyone! A lot has happened during these last few months of work, so get ready for a thorough Librem 5 hardware update report.

Conferences

Springtime seems to bring both nicer weather and plenty of events, and this year’s was no exception: Guido and Nicole went to Embedded World and met some very interesting people, while Tobias went to a GNOME Design Tooling Hackfest and worked on a number of ways to improve the workflow for those making GNOME app icons – including previewing hicolor and symbolic from a single template, auto-generated nightly icons and a new symbolics library app. Other team members attended LibrePlanet and saw a lot of excitement in the community about the devkit.

Design

In terms of design, the GNOME mockup templates were updated to include mobile screens, and thanks to Alexander Mikhaylenko from the community we now have a more realistic interactive mockup of the gestures for phosh; and GNOME 3.32 was released, containing many interesting things for our Librem 5 phone, such as a new app icon style and some adaptive core apps. There is now an initial adaptive mockup for Nautilus, and a nice tutorial blog post was written to serve as an introduction to designing apps for the Librem 5. See below for a preview of the Librem 5 shell mockups:

Software

Images

We have the new kernel builds integrated with the image-builder scripts, and finished flash-kernel and initrd rollout. The changes have been submitted upstream. Bug fixes included fixing an issue upstream when attempting to grow the root filesystem on first boot, which has been included in Debian buster – and this gives the root file system enough space to install Flatpaks. We also made some minor cleanups around the clocks and audio subsystem.

Mesa

We have had some issues with stability and texture corruption with the GC7000, and there is an ongoing investigation to resolving this. Two upstream bugs were found and fixed: a segfault in GALLIUM_TRACE and a segfault in GALLIUM_DDEBUG.

Gnome-settings-daemon

Thanks to Benjamin Berg and his review on the initial wwan plugin, we are now much closer to having this functionality in GNOME Settings.

Compositor

We also started experimenting with our own forked compositor, after some additional bug fixes – and even added features – and are just waiting for a few more pieces to fall into place before releasing it, so stay tuned! Concerning upstream wlroots bug fixes, we have made some functions static, fixed a build issue, uploaded wlroots v0.4.1 and wlroots v0.5.0-1 to Debian experimental, added support for supplying the preferred mode to the drm backend, and fixed layer shell popups in rootston.

Voice Calls

Concerning voice calls, our focus right now is testing call audio. In aid of this, we have been debugging DMA operations in the kernel, in order to discover why the audio buffer isn’t being filled quickly enough during playback through the SGTL5000 audio codec. The SIM7100 modem and the i.MX8’s SAI interface are also being investigated; while the latter is receiving PCM data, DMA transactions aren’t reading said data.

Libhandy

As far as Libhandy is concerned, a new expander row property was added, and it is useful to reveal external widgets depending on the state of the row. We are now working on adding a new adaptive view switcher, released version 0.0.9 and uploaded it to Debian. The team has also updated the libhandy version being used in GNOME settings, contacts, and web to v0.0.9 (see below for an example of the prototype of HdyPreferences window). Last but not least, the team fixed a regression bug, improved compatibility with glade and cleaned up style handling.

Text Messaging

We worked on enhancing the color scheme: from now on, all messages from unknown contacts will be colored red in the “Chats” list messages (but it can be disabled in the settings). A menu entry for adding unknown users to the contacts list and a “Leave Chat” entry in the main menu were also added. Chat logs are now preserved after chats are left, and chats remain when “Start Chat” (with the same contact) is opened. The “Delete Chat” behavior was improved – it now removes both the chat history and the chat. We have also worked with the design team to update, and improve, the UI – and, in terms of bug fixes, a severe issue that led to a segfault when the member list was updated was fixed, as was an issue that prevented new chats from being shown in the ‘Chats’ list. See bellow for a preview of the Librem 5 Chatty color scheme:

 

Kernel

Linux 4.18

The userspace firmware load helper has been disabled since it is not needed and can be problematic; a magnetometer was added and the power key was enabled.

Linux 5.X

We submitted the devkit’s LCD panel driver upstream, found and fixed an issue in the device tree where SAI6_RXD0 and SAI6_TXD0 needed to be swapped for the WWAN module, moved the redpine driver to the 5.0 kernel; we also posted a patchset to add initial support of the Mixel DPHY and a patchset to add initial support for the NWL MIPI DSI host controller, as found on the i.MX8MQ SoC. A patch to enable the updated TMU driver was submitted, and a VCNL404 light and proximity sensor driver added, as found on the Librem5 devkit. We have also submitted the librem5-devkit devicetree upstream – and the proposed change to OpenOCD, in order to add a m4 target, was accepted. Our upstream bug fixes included correcting some examples in the dt-bindings docs.

Hardware

When it comes to hardware, the team has continued working on our schematic of the Librem 5, tested an antenna patch with a recent build of U-Boot with the 5.0 kernel and generally continued the hardware devkit testing, especially around power and testing a prepaid SIM card showing a phone call is able to be placed. We also fixed a U-Boot issue that changes the charge controller’s slave address properly be 0x6B, and thanks to Hugo from the community, u-boot has been refactored. The team is now reviewing camera choices.

Our Community

Regarding community outreach, there was a mention of the Librem 5 devkit on the KiCad page; the troubleshooting section related to devkits in the documentation got some additions, and it was reorganized so users can find what they are looking for even quicker. Clayton from the community added the UART pinout table (which is very useful for debugging) to the documentation, and Bhushan Shah updated the tutorial on installing Plasma mobile in the documentation (thank you); an adaptive UI tutorial, a guide to sandboxing permissions, an example regarding network state and a very a nice example on writing an application were also added to the documentation.
A big “Thanks!” to all the external teams that have helped review and merge changes into upstream projects. Your time and contribution are much appreciated.

That’s all for now, folks – stay tuned for more exciting updates to come!

The post April Progress Update – Librem 5 Hardware appeared first on Purism.

by Heather Ellsworth at April 23, 2019 11:24

April 19, 2019

This Week in F-Droid

Decentralizing Localizations

App development is already well decentralized, and when F-Droid introduced metadata localization, we also made it possible to manage translations and graphics outside of F-Droid itself. Two tools, Fastlane and Triple-T, even provide a way to sync those between the app source repo, F-Droid, and Google Play.

Using Weblate for handling all F-Droid localization puts contributors with expertise in specific languages and how they should be translated in control of how everything in translated. Weblate is the place where translations happen, it is the GitLab of languages for the F-Droid community.

We as a community need to avoid putting too much maintenance work on a few people so we can keep our “bus factor” high enough to survive all things that come our way. People often request that F-Droid handle the localization of their app, but that would centralize the work in a place where it is much harder to share the workload. So app graphics or localized texts should be handled by the upstream app developer as much as possible, instead of sticking everything into fdroiddata.

That said, there are some apps with localized metadata in fdroiddata. The graphics and descriptions were added there to get things started when the metadata localization was first rolled out. Now that we have hundreds of apps that manage their own localization, we can move all that upstream as well.

We have also started a project to provide a translated 80-character summary for all apps in the archive. So if upstream developers are not willing to manage the localization, F-Droid can at least have this key piece translated so that users can see screens in only their language when navigating the Android client and website. That you can see on fdroiddata-localizations. I am currently managing that, but would love to increase our bus factor by getting more maintainers involved there. At this point, it is mostly a matter of running some syncing scripts, and checking to make sure the scripts did not do anything stupid.

by eighthave at April 19, 2019 00:00

April 17, 2019

Purism

Purism’s Librem 5 Progress in Videos

The Purism team is making a remarkable progress to deliver the Librem 5 phone.

Nothing shows the progress we have been making quite as clearly as a demonstration of the Librem 5 status from the devkit itself – so let us take you through a handful of (short) videos showcasing the current possibilities and development of our Librem 5 devkit:

Bootup in under 10 seconds

In this video we get to witness the devkit’s amazingly fast bootup – less than 10 seconds!

Incoming call

Here we are, receiving a voice call on the Librem 5 devkit.

SMS text messaging in chat application

Using the Librem 5 chat application to send and receive sms text messages (and hello world).

Web browsing and video playback

You can now browse the web, choose a video and watch it play.

Librem 5 devkit to devkit calling

And finally, the really awesome one that never fails to amaze: voice calling from devkit to devkit.

That’s it for now, we hope you are as happy about what you’ve just seen as we all are.

 


You can pre-order your Librem 5 phone now

The post Purism’s Librem 5 Progress in Videos appeared first on Purism.

by Todd Weaver at April 17, 2019 15:10

April 16, 2019

Fairphone

April 15, 2019

Purism

Purism at SCaLE 2019 – Retrospective on Secure PureBoot

In March, Purism took part in the Southern California Linux Expo – SCaLE 2019.

Once again, we were so busy we barely had the time to leave our booth: people were very interested in the Librem 5 devkit hardware, in the latest version of the Librem laptops and PureOS, on having the same apps for the Librem laptops and the Librem 5 phone… so we got to do the full pitch. On a less technical note, our swag was quite a success. People told us they loved our paper notebook and carpenter pencil, and asked questions about the pencils – which, according to Kyle Rankin, Chief Security Officer of Purism, have a section that is “kind of shaped like our logo”, and being carpenter pencils “are designed so you can sharpen them without having to use a proprietary pencil sharpener.” Visitors (and team) loved them for being beautiful, unusual and useful.

Above all, our audience wanted to see the PureBoot demos (apart from an inspirational young attendee, who asked his grandmother to take him to SCaLE specifically so he could meet Todd Weaver, our founder and CEO) – and each time we thought we could take a break, someone else came up and asked about PureBoot. We had constant demonstrations of PureBoot on a Librem 13v4 and Librem Key, and got lots of excitement from the security community and enterprise customers – national and international.

PureBoot, as introduced earlier, is a combination of hardware – a trusted platform module (TPM) inside a Librem laptop – with a disabled Management Engine. It boots using a coreboot BIOS and a Heads payload, that verifies it hasn’t been tampered with, using a Librem Key. This combination is the strongest security available in computing devices. Unlike other secured boot processes, this combination also allows you to control and sign with your own keys. We were frequently asked to demonstrate PureBoot for enterprise use cases – specifically, what the best-practices would be for an enterprise to secure their fleet of laptops; these same enterprise best-practices may also be applied to an individual, whether a beginner or a security expert.

During the in-person demonstration, Purism team members showcased for the first time the complete PureBoot solution from start to finish (and we are about to get technical):

  • A Librem 13v3 /boot partition was frozen in time and signed with a user-generated gpg key, on a Librem Key. The happy path is proven by an inserted Librem Key; the Librem laptop is powered on to show the device matches the previous known-good-state – and the LED blinks green.
  • The system is booted and PureBoot unlocks the encrypted disk, using the Librem Key and the user’s PIN. The Librem Key is then removed, and a malicious attack is simulated by modifying the secrets stored in the TPM.
  • The Librem Key is inserted, the Librem laptop powered back on, the measurements failed to match – alerting the user that the device was tampered with (since the last known-good-state) by a bright red screen on the Librem laptop, and a constantly blinking red LED on the Librem Key.
  • The user of the Librem laptop can now decide how to handle the tampered-with laptop: by flipping the Hardware Kill Switch on the WiFi/BT and deciding to boot; by booting from a known-good USB recovery OS and performing forensics on the system; or by working with Purism to return the system to a known-good factory state.

PureBoot Enterprise Best Practices

The best practices for enterprise using Pureboot were also described to a regular audience at the Purism booth in Pasadena, and here they are, for reference:

  • The IT/Security department uses an airgapped Librem Laptop, and they generate GPG keys for all staff and copy the GPG key per staff, onto an individual’s Librem Key;
  • They physically label the Librem Key for the staff member, sign the staff member’s Librem laptop with the Librem Key, hand the Librem laptop (and Librem Key) to the staff member, who boots and sets up the Librem laptop like normal; uses the Librem Key for tamper-detection, disk-decryption, mail encryption among other uses, such as anti-interdiction;
  • If a Librem Key is lost, a new key can be created from the airgapped backup Librem laptop, and handed to the staff member.
  • If a device was tampered with, the IT/Security department can have any number of policies implemented including: Librem laptop drops to offline mode for document recovery; Librem laptop optionally wipes the disks, or Librem laptop flags the user to bring it to IT/Security.

This offers the best in class enterprise control, measuring single-bit detection and tampering on a signed image – while subscribing to the usable computing practice of “boot not brick” of devices in the field.

It was really nice meeting you at SCaLE, and we hope to see you next time.

The post Purism at SCaLE 2019 – Retrospective on Secure PureBoot appeared first on Purism.

by Todd Weaver at April 15, 2019 15:09

This Week in F-Droid

Privacy Preserving Analytics

F-Droid always avoids tracking users as much as we can. We will never require an account, and we have put a lot of effort into making it hard for even the f-droid.org server to track users. We also recognize that usage data has value. It can be used to help show the level of popularity, and to provide app developers some feedback on what users like.

After years of moving totally away from data, including disabling download counts on f-droid.org, we have started an experiment with tracking usage without tracking users. We are building upon the work of Tor Project and Guardian Project. We have enabled access logging on https://search.f-droid.org and https://mirror.f-droid.org/ for the initial trial. (Note: search on f-droid.org could happen fully client-side using javascript, in that case, those searches will never hit search.f-droid.org and therefore will not be logged).

The one caveat here is that Nginx does not allow custom time formats like Apache does, so the web logs will contain exact date and time of each hit. The time zone is zeroed out. The raw logs will not be published, and they will be sanitized before being fed into any analytics system like Matomo/Piwik. Also, Nginx does not allow custom error log formats, so errors will have complete information. The error logs will therefore not be used in analytics without full sanitation, and are only kept for a short time period.

Our Setup

Our servers run Debian, so this gives commands for that context. First, ensure that Nginx is set up with the “geoip” extension. That enables Nginx to convert IP addresses into country codes, so that country codes are logged instead of IP addresses.

# apt-get install libnginx-mod-http-geoip geoip-database

Then enable the custom logging setup in /etc/nginx/nginx.conf:

geoip_country /usr/share/GeoIP/GeoIP.dat;
log_format privacy '0.0.0.0 - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "-" $geoip_country_code';

access_log /var/log/nginx/access.log privacy;

This then makes the access log data look like:

# tail /var/log/nginx/access.log
0.0.0.0 - - [12/Apr/2019:07:01:37 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" PL
0.0.0.0 - - [12/Apr/2019:07:02:27 +0000] "GET /robots.txt HTTP/1.1" 200 24 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:02:27 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:04:08 +0000] "GET / HTTP/1.1" 200 278 "-" "-" BR
0.0.0.0 - - [12/Apr/2019:07:06:41 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:11:45 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" FR
0.0.0.0 - - [12/Apr/2019:07:16:32 +0000] "GET / HTTP/1.1" 200 278 "-" "-" CA
0.0.0.0 - - [12/Apr/2019:07:16:49 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" GB
0.0.0.0 - - [12/Apr/2019:07:19:42 +0000] "GET / HTTP/1.1" 200 278 "-" "-" VN
0.0.0.0 - - [12/Apr/2019:07:20:20 +0000] "GET /robots.txt HTTP/1.1" 200 24 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:21:51 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:26:57 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" DE
0.0.0.0 - - [12/Apr/2019:07:32:01 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" SE
0.0.0.0 - - [12/Apr/2019:07:32:23 +0000] "GET /android-free/repository/sys-img/android/sys-img-9.0.0_r33-sdk.xml HTTP/1.1" 200 904 "-" "-" US
0.0.0.0 - - [12/Apr/2019:07:37:04 +0000] "GET /android-free/repository/ HTTP/1.1" 200 949 "-" "-" DE
0.0.0.0 - - [12/Apr/2019:07:38:55 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 173 "-" "-" RU
0.0.0.0 - - [12/Apr/2019:07:39:12 +0000] "GET / HTTP/1.1" 200 278 "-" "-" EC

by eighthave at April 15, 2019 00:00

April 12, 2019

Fairphone

Handy News Reader

Gain a good habit of a backup.

When it comes to any surprising event, it's always good to be prepared at least to a some degree - thanks to which You can feel comfortable regardless of which way the wind blows. In case of smartphones and computers sometimes You may stumble upon unpleasant surprises, such as app crashes and the like - after all, there is all pretty convoluted stuff under the hood, and sometimes something may don't work the way it should. Unfortunately as a result of those cases it is possible for You to loose something - from Your preferences of using a particular app (reflected in its settings) to the data stored within it. However much You can loose, there is often a need to start from scratch, all over again - which usually is pretty time-consuming.

There is, fortunately, a good workaround invented especially for such cases - and it's called "a backup". Many apps are equipped with its own backup feature, which - when it comes to app crash or any other serious failure - often allows You to easily and quickly restore everything to the point when it all worked the right way. It is often possible to restore both Your preferences and personal data. And sometimes an app may be even smarter: it may backup and restore completely by itself (!), so You don't need to pay any attention to it, even if some crash occurred - the whole thing will be restored in a moment, and You couldn't even tell that anything has happened.

Although Handy has had a backup feature for a long time now, not so long ago it has been significantly improved for You to enjoy the situation described above. So now:

  1. Handy will backup itself more often (the more often a backup is done - the less probable is that You'll notice any difference after the app restores itself after possible crash) - ensure that this option is checked: app's settings/Additional/Enable automatic backup.
  2. More things are currently included within the backup: Your current Favorite Articles list and Your preferable app's settings.
  3. In case of a crash Handy should restore itself automatically - to the last point when everything has been all right.
  4. Regardless of the autobackup interval (how often Handy should backup itself - You can set it up within app's settings/Additional/Auto backup interval) You can backup the app on demand - just open an article list, tap three dots on the top right and choose "Create auto backup".

by Thomas Leigh (noreply@blogger.com) at April 12, 2019 14:34

/e/ foundation

Leaving Apple & Google: now 5GB for Free, more than 75 smartphones supported and become a H/e/ro…

Leaving Apple & Google: now 5GB for Free, more than 75 smartphones supported and become a H/e/ro…

/e/ users now get 5GB of storage for FREE!

Remember: in September we launched /e/ test accounts with combined storage space for emails, pictures, documents… These accounts were limited on purpose to 50MB to allow us to learn how to do it right. Not really ideal to use /e/ as daily driver.
Last week, we moved to a new, more scalable infrastructure that can welcome many more people. And instead of keeping storage space limited, we have upgraded all 3000 /e/ user accounts with 50MB test accounts to 5GB accounts for FREE!
We are also working on adding Premium plans to offer more storage. In the meantime, you can already subscribe to 20GB for 99€ by becoming an Early Adopter backer! And by contributing, you are also helping the project to be sustainable over time.

More than 75 smartphones are now supported!

We keep on adding smartphones to our supported devices, helping more people regaining their privacy on their phone. Now, you can also enjoy /e/’s data privacy on 9 additional smartphones:

  • LeEco LeMax2 – x2
  • Google Nexus 6P – angler
  • Samsung Galaxy J5 (2015, 4 variants)
  • LG G2 (International) – d802
  • Xiaomi Redmi 4(X) – santoni
  • Samsung Galaxy S4 mini:
    • 3G – serrano3gxx
    • LTE – serranoltexx
    • Dual-SIM – serranodsdd
  • Motorola Moto G4 Play – harpia
  • Motorola Moto X Play – lux
  • Sony Xperia Z5 – sumire

Download /e/ NOW!

Download, get your /e/ account, flash and enjoy now!

We are looking for developers/maintainers to port /e/ to recent devices! Contact us or spread the news 🙂

Don’t forget to report back your experience, we’d love to hear from you.

Become a H/e/ro!

Would you start a community of /e/ users in your area?  Would you like to help others understand /e/ better? The community is organized by /e/ users for /e/ users and comprises of /e/ users.

Read all about the events and activities planned in the days ahead at our community site.

Be part of something bigger!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…

Act now:

Sincerely,
Gaël @gael_duval / @gael@mastodon.social

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at April 12, 2019 08:43

April 11, 2019

Handy News Reader

Don't miss anything while scrolling.

However ordinary an action scrolling text seems to be - it may be surprising as well. Earlier on, whatever way You prefer to scroll article text, a single scroll has taken You exactly one single screen down- or upwards. This way, however, sometimes You may find Yourself a little bit confused because not always the very first line on the top remains fully visible (which is due to the fact that text can be scrolled virtually to any point of its height, so - for example - it is possible to scroll the text even halfway its top line). In such a case some of us may need to scroll back a little bit in order to check on the last read line of the text.

Now the scrolling itself can be much more convenient, thanks to the new, alternative and optional mode You can use: last line preservation. This feature assures You that whenever You scroll article text - on its very top You'll always see one or a couple of the last lines You've just read. This way You don't need to scroll back anymore in order to check if the text in fact has been scrolled correctly (or to recall its last thought). Just enable the feature (settings/Article's text/Page scroll 90%) and enjoy even more convenient reading :) .

by Thomas Leigh (noreply@blogger.com) at April 11, 2019 22:07

Purism

Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops

Things have been busy in the coreboot department, lately, and we are excited to announce a number of new improvements:

  • Pre-built binaries of our default coreboot BIOS firmware
  • Pre-built binaries of our tamper-evident PureBoot firmware
  • Improved script to automate coreboot builds and flashing from pre-built binaries
  • PureBoot tamper-evident support for non-TPM Librem 13 version 2 and Librem 15 version 3 systems

Pre-built Binaries

In the past, updating to our latest coreboot BIOS images required you to go through an automated, yet time-consuming process, of downloading and compiling coreboot from scratch. While we know that many people prefer building the firmware from source–after all that’s one of the big advantages to using free software –some would rather have the convenience of pre-built binaries, for the same reason they like pre-built binaries for regular OS packages.

This is a way of getting convenience while also knowing the ROM you are loading has already been tested for your particular laptop version. Just like with our regular coreboot BIOS, trying out our beta PureBoot firmware images–that use Heads instead of SeaBIOS–required users to go through a somewhat complicated process of building from source. While we hope to soon offer PureBoot as a pre-install option when you buy a laptop, in the mean time we will be providing pre-built PureBoot firmware binary images.

Starting today, you can get binary ROM images both for our traditional coreboot and PureBoot in the https://source.puri.sm/coreboot/releases repository. We’ve already disabled and neutralized the Intel Management Engine in these pre-built images as well. As we update and make improvements to coreboot, we will keep these images up-to-date—a great reference point if you want to make sure you are running firmware with the latest updates and security improvements.

Improved Flashing Script

Providing pre-built images is a good start to making our coreboot images easier to install and update, but we do realize most people don’t want to figure out how to use flashrom on the command line, and we are releasing a new and improved flashing script at https://source.puri.sm/coreboot/utility so it’s easier to either pull down the latest pre-built coreboot binary, or build it yourself. If you are using the traditional coreboot BIOS, it will even flash the update for you, whether you want to update the traditional SeaBIOS coreboot image or transition over to PureBoot. Current PureBoot users should flash from within the trusted Heads environment itself: the script detects it and provides users with instructions on which ROM file they should copy to a USB disk and flash.

To use the improved script, copy https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh and run it as root. The README for the script lists what dependencies you need, and the script itself will also detect and alert you if you are missing packages it needs:

mkdir ~/updates
cd ~/updates
wget https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh -O coreboot_util.sh
sudo bash ./coreboot_util.sh

PureBoot Tamper-evident Support for Legacy non-TPM Laptops

We make sure our own security, and our improvements aren’t limited to those who buy our latest hardware. This is why we ported coreboot to the Librem 13 version 1 and continue to provide coreboot updates to it and other early Librem laptops. One of the things I’m most excited to announce is that we have ported PureBoot tamper-evident support into Skylake-based Librem laptops without TPM chips! This means that if you have a Librem 13 version 2 or Librem 15 version 3 without a TPM, you can now use a Librem Key in place of your TPM chip and get similar protection against tampering!

Heads Using a Librem KeyHeads Using a Librem Key

How Does This Work Without A TPM?

When we first announced our partnership with Trammell Hudson to port Heads to our laptops, we also started offering TPM chips, first as an optional upgrade for an extra cost and ultimately installed by default for no extra charge. Until now, the TPM chip was needed to store all of the pre-approved firmware measurements securely, as that was the only method Heads supported; once we announced the addition of the Librem Key to our product line, we realized that there might be a way for the Librem Key to take the place of the TPM for older Librem laptops.

Traditionally, Heads will send measurements of itself to the TPM, and if it matches the pre-approved measurements you originally set up the TPM will unlock a secret that gets converted into a 6-digit HOTP code and sent to the Librem Key, which has its own copy of the secret and generates its own 6-digit HOTP code. If the code it receives over USB matches the code it generates, it flashes a green LED; otherwise it flashes a red LED to alert you of tampering.

When configured for a system without a TPM, and instead of using a random secret that’s unlocked with the correct firmware measurement, our PureBoot Heads ROM uses the firmware measurement itself—converted to a hash—as the secret. When originally setting it up, the Librem Key is to be configured to store a copy of that secret. Upon boot, Heads uses its own local flashrom to pull down a full copy of the running firmware, hashes it, and converts it into a 6-digit HOTP code. Like before, it sends that HOTP code to the Librem Key and the Librem Key compares it with the code it generates. If they match, green LED, if they don’t, red LED.

This method turns the Librem Key into a kind of external TPM—at least in the sense that the device itself is being sent firmware measurements instead of the TPM, in the form of a hash converted into a 6-digit code. The main practical difference you’ll notice is that the no-TPM solution takes an additional number of seconds at boot, before you will get to the first boot prompt—as it takes time to copy down the full firmware image.

What’s Next for Coreboot

We are working on a number of additional improvements to make coreboot, PureBoot and our coreboot update process even better. Among them is a migration to coreboot 4.9, compiling the PureBoot firmware from source and from within our firmware update script; more automation around the initial PureBoot and Librem Key setup process, and maybe—if there’s sufficient interest—backporting PureBoot to Broadwell-based Librem laptops (13 version 1 and 15 version 2).

The post Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops appeared first on Purism.

by Kyle Rankin at April 11, 2019 14:05

April 09, 2019

Purism

Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone

This year’s edition of LibrePlanet went on so well, we had people stopping by to ask questions before the conference was open for the day.

Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

But it gets better: on the second day we drew audible gasps of astonishment – from people in the audience and staff alike – when we demonstrated a voice call from a phone to the Librem 5 devkit and it rang on cue, alerting of the incoming voice call. To add to the excitement, the Purism staff then powered up a second Librem 5 devkit and opened the chat/sms program and sms (text) – and messaged to and from another staff member over the cellular connection.

Purism's booth (and part of the team) at LibrePlanet 2019

The Librem 5 as a product highlights the impressively diverse nature of our team’s expertise at Purism – from schematics through kernel development, through the creation of phosh; from the authorship of libhandy to initial adaptive design of core applications such as Web to PureOS Store and house curated applications, all the way to custom in-house design and the development of Calls, and Chat. A good summary to our presence at LibrePlanet, a few weeks ago, is that it ended up being an impressive demonstration of what people expect to get when the Librem 5 begins shipping in Q3 of 2019. And how amazed they will be at what they get.

The post Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone appeared first on Purism.

by Todd Weaver at April 09, 2019 16:08

April 05, 2019

Purism

Librem Laptop RAM and Storage Bump, 32GB max RAM

Technology is constantly improving, and we do get excited whenever we can add those improvements and upgrades to our products — especially when we can do so without raising prices. Recently, we announced a version 4 upgrade for our Librem 13 and Librem 15 laptops; today we are happy to announce we have upgraded the default configuration on both laptops to 8GB RAM and a 250Gb M.2 SATA disk, while keeping the same base price of $1399 and $1599 respectively.

We know that many of our customers have high RAM requirements, whether that’s due to using a RAM-hungry OS like Qubes or to just having too many chat tabs open in your browser. The single SO-DIMM RAM slot in the Librem 13 and Librem 15 meant an upper limit of 16GB RAM on our laptops… until now. Due to constant advances in RAM density we have been able to validate 32GB SO-DIMMs in our current product line and starting today will offer 32GB RAM as a premium upgrade to both the Librem 13 and Librem 15. If you’ve been holding off on your Librem laptop order because of RAM, wait no longer!

The post Librem Laptop RAM and Storage Bump, 32GB max RAM appeared first on Purism.

by Kyle Rankin at April 05, 2019 15:27

April 04, 2019

Purism

Purism Becomes PIA’s First OEM Partner

PIA’s popular VPN platform will be fully integrated into Purism’s software and hardware offerings for unprecedented security and privacy protection

SAN FRANCISCO, Calif., April 4th, 2019 — Purism, the social purpose corporation which designs and produces popular secure hardware, software, and services, is working with Private Internet Access (PIA) as its very first OEM partner to bring an unprecedented combination of tracking-free and encrypted tools and services to the people.

PIA is, and has been since its inception, renowned for its popular VPN service that refuses to log user data. The company is committed to privacy protection and internet freedom and is a longtime sponsor of internet privacy advocates such as EFF and the Software Freedom Conservancy. By combining its signature VPN capabilities with Purism’s leading secure hardware and software products, the two will create a first-of-its-kind bundle for users to set up a privacy protecting and secure environment out of the box. The addition of PIA as a VPN partner strengthens Purism’s growing roster of partners and services that make its Librem line the most comprehensive privacy and security focused offering on the market. Other existing partnerships include Nextcloud for secure document management, Matrix for secure chat, Werner Koch GPG expert, Trammell Hudson who supported Purism’s industry first TPM integration with Heads, and Nitrokey’s development of Purism’s Librem Key for physical encryption.

“PIA is the gold standard of VPNs, and we are thrilled to be working with a company that is so closely aligned with our ethics,” said Todd Weaver, founder and CEO of Purism. “PIA has stood behind their commitment to protect user data, whether it’s taking a political stance to promote broadband privacy with a full page ad in the New York Times or demonstrating in court that they truly do not log their customers’ data. Our partnership with them is a big win for users who don’t want to sacrifice convenience or freedom in the products they use.”

“Purism has been an important player advancing the cause of internet privacy and freedom and are the perfect partner for us to work with on integrating PIA into a broader suite of hardware and software,” said Ted Kim, CEO of Private Internet Access. “Combining our privacy protecting VPN capabilities with Purism’s line of products will provide the ultimate security package to users.”

Purism plans to include PIA-based VPN by default in the Librem 5 phone, as well as within PureOS for its Librem 13 and Librem 15 laptops. Purism will also collaborate with PIA on a future services bundle.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism +1 415-689-4029 pr@puri.sm See also the Purism press room for additional tools and announcements.

The post Purism Becomes PIA’s First OEM Partner appeared first on Purism.

by Todd Weaver at April 04, 2019 15:03

/e/ foundation

Building the 3rd mobile ecosystem” – /e/ project update Q1 2019

Hi,

Since we met live, connected by phone or by email, /e/ has evolved a lot and keeps on reaching more and more people globally.

We believe it is crucial to keep partners and investors fully up to speed around our progress, key success and challenges, therefore, starting from today, we’re launching a quarterly update to share with you highlights about /e/ and ECORP. We hope you’ll like it. And of course, we welcome feedback if you would have any.

Let me start things off by saying that the past quarter has been super active with several releases, trade shows, loads of great meetings with possible partners and press.

Today’s highlights:

  • /e/ mobile OS, product update: 0.5 is live, towards /e/ 1.0…
  • community & traction: 82 000 pages viewed last month!
  • events update: ECORP at FIC 2019, MWC 2019, Assemblée Nationale…
  • media coverage update: Le Point, Le Figaro, Gizmodo, Linux-Magazine…
  • team update: recruiting a VP of engineering
  • finance update

Product update

Focus this quarter has been on improving reliability of our infrastructure to ensure we can welcome as many users as possible shortly and quickly. We successfully transitioned this week to a new set-up which will allow us to scale faster and easier. Security & reliability has been deeply improved too, with user data encryption, security hardening on servers, intrusion detection system, triple data replication.

To increase value for our users, we extended free storage per account from 50MB to 5GB. Soon we will offer first Premium Storage plans.

We are now supporting 68 smartphone models and adding weekly. ROM and updates have been downloaded more than 8000 times since the introduction of the beta mid September!

Will launch /e/ 0.6 in April, introducing our Android app repository integrated into the /e/ ROM. The app repository will be released in alpha for now with access to free Android apps and open source Android apps. Users will be able to vet apps for privacy and see built-trackers and permissions before installing.

Community

Community forum at https://community.e.foundation is growing steadily with more than 1200 registered users, totaling 82k page views in the last 30 days. Becoming a key resource for users on a daily basis to find support and other key information about the project. More and more contributors daily, Community “stickyness” x2 since early 2019.

Events

We attended FIC’19 in Lille in January, and MWC’19 in Barcelona in February, We had 20+ meetings with manufacturers, ODMs, chipset vendors, cyber security vendors. Biggest highlight of MWC19 being a demo to Tim Hottges, Deutsche Telekom’s CEO who really appreciated /e/.
We were also invited to the 2nd edition of ‘Culture and Tech Encounters’ at the French National Assembly, where members of parliament, industry leaders, journalists and other leaders discussed about GAFAM’s weight in our everyday life and how to regain digital sovereignty (the event was organized by Think Tank Altaïr).

Press

Highlights this past quarter include coverage by Gizmodo, Le Figaro, Le Point, Linux Magazine amongst others:

Team

Currently, team includes 6 paid FTE, plus 30 volunteers totaling about 20 FTE.

We are also recruiting a VP of Engineering. Please share! 🙂 https://medium.com/@gael_duval/e-is-looking-for-their-vp-of-engineering-776c5e64069d

Financing

Targeting a Series A for the end of 2019.

Currently have open an intermediate investor round for 800K€, enough to reach our objectives for the next 12 months.

Thanks for your attention and looking forward to meeting again soon!

Sincerely yours,

Gaël & the /e/ team!

by admin at April 04, 2019 09:09

This Week in F-Droid

TWIF 50: First Twitch app in F-Droid

This Week In F-Droid 50, Week 14, 2019 Feed

In this edition: Twire is the first Twitch app to arrive in F-Droid. There are 4 new and 66 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

New apps

  • SINE Isochronic Entrainer: Brainwave entrainment application with isochronic tones.

  • Featured Twire is the first free and open source Twitch browser and stream player to arrive in F-Droid. Features:

    • Twitch account login
    • Follow your streamers
    • Read and write to the chat
    • Custom themes (dark theme support!)
    • Audio only mode
    • …and much more!
  • MPD: A flexible, powerful, server-side application for playing music.

  • Wikimedia Commons for Muzei

Updated apps

In total, 66 apps were updated this week. Here are the highlights:

  • DAVx⁵ updated from 2.2.3.1-ose to 2.4-ose. It has a completely rewritten UI architecture with improved robustness and responsiveness. The UI has also been improved to make it more compliant with Material design. Finally, there’s improved behavior for read-only contacts, and the usual smaller improvements and bug fixes.

  • Tusky updated to 6.0, with the following improvements:

    • Timeline filters have moved to Account Preferences and will sync with the server
    • You can now have a custom hashtag as tab in the main interface
    • Lists can now be edited
    • Security: removed support for TLS 1.0 and TLS 1.1, and added support for TLS 1.3 on Android 6+
    • The compose view will now suggest custom emojis when starting to type
    • New theme setting “follow system theme”
    • Improved timeline accessibility
    • Tusky will now ignore unknown notifications and no longer crash
    • New setting: You can now override the system language and set a different language in Tusky
  • Orgzly updated to 1.7.2, now allowing you to sort search results by event time; copy selected notes; and cut, copy, move and refile multiple notes at once.

  • Simple File Manager Pro updated to 6.2.0, making search recursive, searching in subfolders too.

  • MIFARE Classic Tool updated to 2.2.6. Autorun on tag detection can be deactivated now, there were some fixes for the all-0-keys bug, and PayPal links were removed to comply with Google’s payment policies. (See above.)

  • Major Vädret is a simple weather app for Sweden. For this update from 0.1.8 to 1.0.0, the app has been completely rewritten, with a new app icon and new theme, and adding sunrise/sunset times, wind direction & speed, and new bottom navigation. A crash on device rotation was also fixed.

  • FreshRSS was updated from 1.0.1 to 1.1.0 with the following changes:

    • Swipe gesture to navigate between subscription sections
    • Sort subscriptions alphabetically in all section and by newest item crawl date in unread section
    • Pull-to-refresh pattern to sync with server
    • Add animation in views’s transtions
    • Fetch subscription’s icons and display them
    • Add sections and section headers to subscriptions
    • Add badge to unread articles section to indicate total count of unread articles
    • Browse feeds by category
    • CSS for article detail
  • Fedilab updated to 1.78.0, with several improvements to polls, and an improved search feature with pagination and tabs—which will be active if your Mastodon server is at least version 2.8. You’ll also find UI improvements when composing, and a redesigned media activity.

  • DroidShows updated to 7.9.0. Important: After updating to this version, the first start will take a while! The database has to be restructured for the new features. Please be patient. * * * Other changes:

    • Option to calculate the next episode by starting from the last episode that was marked as seen
    • Add episode to calendar by clicking on the air date
    • Context menu items to search on FANDOM (Wikia) and Rotten Tomatoes
    • Include timestamp for seen mark
    • Visual distinction in “Search shows” between current and archived shows
    • Pinned shows aren’t white, but have a “pin” next to them
    • Don’t show toast messages for automatic backups
    • Disable fast scroll (interferes with context menu and show filters)
    • Show database update errors as toast messages and logcat entries
  • Easer is an app that can automatically perform a wide range of programmable actions when certain events are detected. It was updated to 0.7.3, with better welcome pages, a new operation PlayMediaOperationPlugin and other improvements.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at April 04, 2019 00:00

April 02, 2019

Purism

The Future of Computing and Why You Should Care

The future of computing and why you should care

(transcript follows)

Let me set the tone by using a quote from a great person of history:

“The ultimate tragedy is not the oppression and cruelty by the bad people, but the silence over that by the good people.” ~ Martin Luther King Jr.

Let me start by stating: I believe we can change the future of computing for the better. However, currently something is wrong with our digital world; something basic, something is rotten at the core. I want to talk to you about what that is, how it came to be, and why we must change it. And I want you to care… because:

“A person who won’t care, has no advantage over one who doesn’t care.” ~ Mark Twain

This talk comes in three parts:

Part 1. History

The history of the mistreatment of our digital rights.

Most Big Tech companies that abuse people are based in the US, therefore I will describe the history from that perspective. Some things you need to understand: Governments write the rules of the game that society plays. There are always rules, and governments influenced by Big Tech are writing those rules. If you are somebody who wants no rules whatsoever, you will quickly realize rules will be written that govern you, without your involvement.

My sage advice to you: Write the rules. Let’s write the rules that we want to see in an ethical society that respects freedoms and liberties.

Nearly everybody knows that exploitative Big Tech abuse our digital rights, because it’s at the core of their business. It’s the root problem. It will not “get better” unless any one of three things happen:

  1. Government regulation (that is ethical for society)
  2. Business models change (to something ethical for society)
  3. People switch (to something ethical for society)

Big Tech—corporations whose business model exploits humanity for profit—they all suffer from a systemic toxin, that discourages personal freedoms and removes any digital rights we as society demand. Big Tech corporations are already starting the marketing to try to differentiate themselves from it. But marketing alone will not remove the poison within their business model.

Minor disclaimer: You may ask “But… You’re a Company?” Actually, we’re a Social Purpose Corporation (SPC). And that is not just a series of buzzwords, it’s a legal framework of a business that carries with it significant importance. it is the reason we can’t ever exploit people for profit, it is the reason we are unlike all Big Tech who were formed to strip your digital rights in the name of maximizing shareholder value.

There was a recent article in Inc. magazine about us:

“Purism is what is called a ‘Social Purpose Corporation,’ which allows a business to prioritize social objectives over fiduciary duties.” ~ Christine Lagorio-Chafkin – Senior writer Inc.

Let me dive deeper into the problem. All corporations, including all Big Tech giants, have a single goal: Maximize Shareholder Value. That’s it. That’s the only goal. But it’s not just a goal. Under eBay v. Newman, a lawsuit setting legal precedent stating:

The law makes it literally malfeasance for a corporation not to do everything it legally can to maximize its profits.

So if given the choice of making $1 by exploiting people online, or opting to treat people ethically, the Corporation must exploit people online for the dollar, or the board of directors and executives could face a lawsuit from any shareholder that claims they did not maximize the value of their shares.

The regulations at the foundation of Big Tech are forcing the exploitation of our digital rights.

Quoting Chancellor William B. Chandler, III who sums up the problem perfectly in his Delaware Court opinion when eBay sued Craigslist for not maximizing its shares:

“Having chosen a for-profit corporate form, the directors are bound by the fiduciary duties to promote the value of the corporation for the benefit of its stockholders.” ~ Chancellor William B. Chandler, III

We have centuries of legal precedent in the physical world, advanced by science and society guiding our moral compass, trespassing laws, freedom of speech, privacy rights, protection against personal harm and abuse. We have nearly no digital rights. Big Tech trespasses on your data, restricts speech, obliterates privacy entirely. Big Tech exploits people, causes harm and inflicts abuse upon our society.

If somebody approached your bedroom window from outside, put a camera up and started recording, you would immediately call the authorities and report the numerous laws broken—a case would be opened, arrests could be made, charges could be pressed, trials could ensue, criminals could go to jail; but in the digital world none of that exists—you are forced to leak far more details than a camera in your bedroom would share, and you are forced to leak that personal data from your phone all the time.

Big Tech exploits you every millisecond of every day.

All future government regulation will be influenced, funded, and lobbied by Big Tech. Could you imagine a future regulation where Big Tech wins to cryptographically sign everything with their keys, under their control on their products? What a nightmare scenario… Could you imagine your mobile phone under the complete control of Apple or Google?

We need to write the rules based on values we want in society.

AI algorithms from Big Tech have one input variable: $Maximize_Shareholder_Value. That translates directly into

  1. Gather everything on all of the society
  2. Keep people digitally captive
  3. Maximize exposure time
  4. Polarize opinion to elicit more profit

That is not what AI should be taught. Due to data manipulation, no two people in society are getting the same information; it is impossible to have a sane debate about any polarizing topic because we aren’t starting with a foundation of shared knowledge. What if the input request to AI algorithms was “Build an ethical society that respects freedoms and digital rights”? What would society look like then?

Maximizing shareholder value in a society that has nearly no digital rights, guarantees exploitation of that society. Why did we let this happen? How did we let this happen? I know why. Because… It’s convenient to give up control. It is convenient for you to download a proprietary application that exploits you, agree to the legal binding terms of service you didn’t read, and blissfully believe Big Tech is helping you in the digital world. It’s inconvenient to stand up for your freedom.

It seems we are offered to choose between convenience and control or inconvenience and freedom

I believe we can have both convenience AND freedom. We can actually build technology that benefits society faster when they are based on principles we deem ethical.

Society’s technology genius is not lacking, its moral genius is. Trust in Big Tech is eroding rapidly. No Big Tech company has core values that help our digital rights. The largest challenge we will face is the marketing budgets of Big Tech, when they claim things like:

“We protect your privacy” ~ Big Tech
Actually, You exploit personal private data without a persons knowledge
“We use encryption” ~ Big Tech
Actually, It’s inside proprietary apps that you control
“We are secure” ~ Big Tech
Actually, You hold the master keys controlling society
“You can trust us” ~ Big Tech
Actually, You won’t let anybody verify anything

Part 2: The present

Currently, Big Tech is maximizing shareholder value without values. The products, software, and services offered by Big Tech will continue to mistreat people unless we can establish what digital rights are and change society for the better.

Then we advocate, regulate, and build products that adhere to those digital rights.

Mark Twain famously wrote:

“It is curious that physical courage should be so common in the world and moral courage so rare.” ~ Mark Twain

I believe there are five fundamental digital rights:

1. Right to Change Providers
If a person wants to change a service provider, they can easily move to another. (Decentralized Services)
2. Right to Protect Personal Data
A person owns and controls their own master keys to encrypt all data and communication, nobody else. (User-controlled Encryption)
3. Right to Verify
Society has the freedom to inspect the source of all software used, and can run it as they wish, for any purpose. (Software Freedom)
4. Right to be Forgotten
A service provider only stores the minimal personal data necessary to provide the service. Once the data is no longer required, it is deleted. (Minimal Data Retention)
5. Right to Access
A person must not be discriminated against nor forced to agree to any terms and conditions before accessing a service. (Personal Liberty)

If we can do those things, we can change the future of computing for the better.

Part 3: The future

As technology gets closer and closer to our brain, the moral issues of digital rights become clearer and clearer.

It started with computers, where we would leave them and come back to them. Then phones, that we always have on or near us with millisecond leakage of personal data beyond human comprehension. Then wearables, that are tracking very private details. IOT devices are everywhere— I have to stop to remind everybody: “The S in IOT is for Security” ~ Anonymous—and finally, surgically implanted.

A question to consider: What Big Tech Company would you purchase your future brain implant from? This is coming.

However, I believe we can change the future of computing for the better. Let’s stand together and invest, use, and recommend products and services that respect society.

What future will you choose?

The post The Future of Computing and Why You Should Care appeared first on Purism.

by Todd Weaver at April 02, 2019 15:49

April 01, 2019

NewPipe

NewPipe welcomes new partner

Team NewPipe has found a new partner. We’re very enthusiastic about the awesome deal we negotiated with them. Read on for more information!

Please beware that the following text was part of this year’s April’s fools joke. Please see @TheAssassin’s reply in the comments for more details on the context of this joke.

Team NewPipe is proud to announce our new partnership with a well-known tech brand we admire a lot: Apple Inc., the authors of revolutionary devices like the Apple III, Apple Newton and Macintosh Portable. Apple stands for innovation and revolution in technology like no other company in the list of the top 10 tech giants.

As many of you might have read recently in the media, Apple plan to launch their own Apple TV+ streaming service. Of course, this service needs nice apps for mobile platforms. The Apple TV+ management is a big fan of NewPipe and sent us an offer we couldn’t deny in order to develop the Android version of Apple TV+ based on our core project: NewPipe!

ApplePipe Logo Proposal ApplePipe Logo Proposal

Thanks to the new EU copyright directive, we can legally re-license the entire project retroactively, put it under a commercial license and sell new applications based on it to other companies. We will soon remove the project from GitHub, and with the huge amount of money Apple has transferred to our bank account as an appeal to sign the deal, we hired a team of lawyers who prepared to send DMCA takedown requests to all platforms that might provide the source code again.

The tool that web-scrapes the Internet to recognize such copies and report them to our lawyers will soon be released as free software, of course, as other companies probably have similar issues. Also, we want to give something back, and after evaluation by our management, we can surely tell we can’t generate any revenue by the tool, hence it doesn’t make sense to keep it proprietary for economic reasons either.

Axel Voss is very enthusiastic about a positive vote for his copyright directive in 2018. Axel Voss is very happy about a positive vote for his copyright directive in 2018.

We would like to thank Internet expert, Springer lobbying advocate and MEP Axel Voss, rapporteur for the new directive, for ignoring the masses of people who expressed their concerns about the directive in the last 3 years to provide companies with powerful tools like the EU copyright laws to make this change happen. Furthermore we thank the EU parliament members who ignored the masses of people who protested in various forms in the last months. To be honest, in the end, the citizens have no idea about the requirements of companies like our newly founded NewPipe AG how to make money. Human rights can really draw back one’s commercial success, and we’re really grateful that the EU now approved a law that limits those rights in favor of huge corporations’ interests.

Part of our deal is that some of our core maintainers receive management positions at Apple. Christian Schabesberger will become the new CTO of Apple TV+’s client development department. Tobias Groza was offered the position of COO, but he denied, as he was offered a more lucrative position by our competitor Netflix. We wish him best luck with his new job, and thank him for all his contributions. I am working as backend development consultant part-time (I’m not greedy enough to work full-time, and will surely enjoy my future 6-days-per-month contract). @karyogamy and a few other developers were hired as senior software engineers.

We would like to express our appreciation to the hundreds of contributors who invested their free time into translating, developing or otherwise improving NewPipe. These people allowed us to partner with Apple, and we do feel a little guilty that we take NewPipe off GitHub and ignore our old license’s terms.

However, money is more important, and therefore: So long, and thanks for all the fish!

April 01, 2019 10:00

March 31, 2019

This Week in F-Droid

TWIF 49: The AnySoftKeyboard and Transdroid Torrent Search edition

This Week In F-Droid 49, Week 13, 2019 Feed

In this edition: Miscellaneous F-Droid work, AnySoftKeyboard and Transdroid Torrent Search updated. There are 7 new and 76 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

F-Droid work

@_hc worked on the F-Droid client this week, and has tagged 1.6-alpha2 for release. It has a few big usability improvements, and improvements to code quality, making some confusing parts of the code a lot easier to understand. This should hit the repository soon, if it’s not already up by the time you read this.

In other news, the translation work with Weblate is starting to pay off for smoothing out the website translation workflow, and it’s almost ready for anyone to run the sync process.

@nicoalt worked on including the latest fdroidserver in Repomaker which is currently the last blocker for a release. When doing this, he found a bug for which he’s currently awaiting feedback (and a merge) by others.

New apps

Updated apps

In total, 76 apps were updated this week. Here are the highlights:

  • EteSync was updated to 1.4.0, changing the sync to also do the initial preparation in chunks, which should help with massive syncs.

  • Cythara 3.1 adds viola tuning.

  • Featured AnySoftKeyboard was updated to 1.10.364, adding adaptive colors, which will match the keyboard colors to the current app. Also new is the Night Mode, which will switch the keyboard and app to a dark theme. There are also power saving tweaks, an updated build process yielding a smaller binary, Halmak keyboard layout for English, and your usual translation updates and bug fixes.

  • Simple Calendar Pro was updated from 6.3.2 to 6.4.1, now with email reminders and improved CalDAV event syncing in the background.

  • OpenUntis is an alternative FLOSS Android client for the Untis timetable system. The update to 2.2.0 now mutes the phone on lesson begin, and focuses the login button after scanning the QR code or restoring from prefs.

  • DarkCroc Theme was updated to 1.4, adding a rounded corner option and removing the aggressive system theming option.

  • Fedilab was updated from 1.76.0 to 1.77.1, adding support for polls on Mastodon, a setting to remove the picture when sharing an URL, and a setting to hide the ‘delete’ button in notifications.

  • ClipboardCleaner updated to 1.3.0 bringing a timeout option for the service, and a help icon to explain why this app may not work.

  • DroidShows is a reboot of the DroidSeries Offline TV Shows Tracker with many extra features and an improved interface. After a hiatus of almost 1.5 years, a new update has landed, bringing it up to 7.8.0. This update brings proper support for Android Pie, and you can now change the synopsis language per show, and set the folder for daily backups via the Backup button. You’ll also find various smaller UI/UX improvements and fixes.

  • Telegram updated to 5.4.0, now with autoplaying videos, new settings for automatic media download, and logout alternatives. This update also includes fixes for OpenStreetMap and an option to switch between three tileservers.

  • Major Transdroid Torrent Search updated from 3.12 to 4.0. This update increases the minimum supported Android version to 4.0, and adds support for custom RSS search feeds.

  • VLC jumped many updates from 3.0.13 to 3.1.0, and now requires at least Android 4.2. Notable new features include an onboarding screen for new users, A-B repeat, a manual orientation lock in video player, an option to group videos by folder, and compact audio lists on small screens.

  • Simple sms remote lets you remotely control a phone through sms messages. The update to 1.3.0 adds a new module for audio recording, a new logo, and improved notifications.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at March 31, 2019 00:00

March 29, 2019

Jolla

A Message in a Bottle – from the Mer Project

I am pleased to announce a significant change in Mer and Sailfish OS which will be implemented in phases. As many of you know Mer began many years ago as a way for the community to demonstrate “working in the open” to Nokia. This succeeded well enough that Mer eventually closed down and shifted support to MeeGo. When MeeGo stopped – thanks to its open nature – we, Carsten Munk and I, were able to reincarnate Mer as an open community project and continue to develop a core OS and a suite of open development tools around it. Over time a number of organisations used the Mer core as a base for their work. However, there was one that stood out: Jolla with Sailfish OS which started to use Mer core in its core and they have been by far the most consistent contributors and supporters of Mer.

Once again, Mer has served it’s purpose and can retire. To clarify that this will be the official ‘working in the open’ core of SailfishOS we’re going to gradually merge merproject.org and sailfishos.org.

 

What will this mean in practice?

I’d like to just say that the colours of the websites will change and we’ll be able to access the existing resources using new sailfishos.org links.

So whilst that summary is true, actually it’s more complex than that! Yes, the same hardware will run the same services and Jolla’s sailors will continue to push code to the same systems. There will be more time to keep the servers updated and to improve community contribution mechanisms.

However, there are a couple of areas we need to develop: User identities and an open workflow with community contributions and bug reports.

We want to allow users/community members registered at jolla.com to access sailfishos.org resources. To this end we’ll need to somehow merge the user bases. There are some important privacy and security issues that need to be handled so we’re being careful in how we handle this merge.  We’ll start by just continuing to use the old Mer usernames and credentials. We will not be migrating accounts or any personal data from Mer to Jolla so switching to using the sailfishos.org user database managed by Jolla needs a little work. We will compare the databases to notify users of their options and allow them to register as sailfishos.org users with Jolla if they wish. Accounts with matching emails/usernames will be activated at once. Other accounts will be validated and activated manually by request. As a courtesy Jolla will also reserve all active usernames to ensure that ‘old’ Mer accounts cannot be hijacked or used where the email does not match.

At the end of all of this you’ll be able to manage your sailfishos.org account online, which also makes it easier for people to join and start contributing to the code.

In the meantime feel free to raise any questions on this dedicated discussion topic in together.jolla.com , in the Sailfish OS community meetings or with me in the #mer or #sailfishos irc channels on freenode.

 

Sincerely,

David / lbt

The post A Message in a Bottle – from the Mer Project appeared first on Jolla Blog.

by Mariana Perez at March 29, 2019 12:28

March 26, 2019

Jolla

New enhanced Sailfish SDK is here

Today we released Sailfish SDK 2.0, the latest version of our app SDK. The SDK has provided good value for our Sailfish users and developers, and has now matured enough for it to be move out of Beta status.

The new version adds the ability to install different Sailfish emulators to match the OS release of your choice. Currently there are emulators available for all of Sailfish 3 releases.

Highlights

The new SDK includes several features that enhance the development of apps. We have listed few of our favorite highlights:

Multiplatform

Create Sailfish applications using your platform of choice; Linux, Windows or macOS.

Multitarget

Use it to develop for the Sailfish OS version of your choice, you can even target multiple versions at the same time.

Integrated debugging

You now have the debugging tools right at your fingertips, integrated directly into the Qt Creator frontend.

Easy deployment

Test and debug your applications using the inbulit emulator, or using your own physical device.

Easy internationalisation

With the SDK you get the necessary tools to create localisations for your apps.

Agile

QmlLive enables you to test UI changes without recompiling.

There are also a lot of minor changes and bugfixes in this latest release. Please see the release notes for more information. As always, the Jolla SDK team is committed to improving the application development experience for Sailfish OS, and will continue improving and implementing new features in Sailfish SDK.

Next in the pipeline will be a command line interface (CLI), making it possible to build packages without using the IDE. We will also be improving the compilation performance and fixing problems which prevent building of some of the more complicated packages.

 

Sincerely,

Jolla SDK Team

The post New enhanced Sailfish SDK is here appeared first on Jolla Blog.

by Mariana Perez at March 26, 2019 09:46

This Week in F-Droid

The Latest Tab now highlights good descriptions

In the F-Droid Android client, the Latest Tab is a place for F-Droid to showcase apps that pay extra attention to communicating to users. With the upcoming 1.6 release, the Latest Tab will now only show apps that meet certain criteria. The goal is to point users to apps where they can better explore what they do only by looking at it in F-Droid. There will always be privacy concerns around installing apps, so users should have a good idea about what they install. This as a tool for the F-Droid community to encourage app developers to put that extra effort into explaining what the app does to potential users. All apps will still be listed in Search and Categories Tabs.

So with the 1.6 release, only apps that include all of the following pieces in their app metadata will be show on Latest:

  • Name
  • Summary
  • Description
  • License
  • a What’s New entry for at least one release
  • at least one graphic (screenshot or a feature graphic)
  • at least one of the above translated

Find out how to add these to your app by reading All About Descriptions, Graphics, and Screenshots.

by eighthave at March 26, 2019 00:00

March 25, 2019

Paul Schaub

Another Step to a Google-free Life

I watch a lot of YouTube videos. So much, that it starts to annoy me, how much of my free time I’m wasting by watching (admittedly very interesting) clips of a broad range of content creators.

Logging out of my Google account helped a little bit to keep my addiction at bay, as it appears to prevent the YouTube algorithm, which normally greets me with a broad set of perfectly selected videos from recognizing me. But then again I use Google to log in to one service or another, so it became annoying to log in and back out again all the time. At one point I decided to delete my YouTube history, which resulted in a very bad prediction of what videos I might like. This helped for a short amount of time, but the algorithm quickly returned to its merciless precision after a few days.

Today I decided, that its time to leave Google behind completely. My Google Mail account was used only for online shopping anyways, so I figured why not use a more privacy respecting service instead. Self-hosting was not an option for me, as I only have a residential IP address on my Raspberry Pi and also I heard that hosting a mail server is a huge pain.

A New Mail Account

So I created an account at the Berlin based service mailbox.org. They offer emails plus some cloud stuff like an office suite, storage etc., although I don’t think I’ll use any of the additional services (oh, they offer an XMPP account as well :P). The service is not free as in free beer as it costs 1€ per month, but that’s a fair price in my opinion. All in all it appears to be a good replacement for all the Google stuff.

As a next step, I went through the long list of all the websites and shops that I have accounts on, scouting for those services that are registered on my Google Mail address. All those mail settings had to be changed to the new account.

Mail Extensions

Bonus Tipp: Mailbox.org has support for so called Mail Extensions (or Plus Extensions, I’m not really sure how they are called). This means that you can create a folder in your inbox, lets say “fsfe”. Now you can change your mail address of your FSFE account to “username+fsfe@mailbox.org”. Mails from the FSFE will still go to your “username@mailbox.org” mail account, but they are automatically sorted into the fsfe inbox. This is useful not only to sort mails by sender, but also to find out, which of the many services you use messed up and leaked your mail address to those nasty spammers, so you can avoid that service in the future.

This trick also works for Google Mail by the way.

Deleting (most) the Google Services

The last step logically would be to finally delete my Google account. However, I’m not entirely sure if I really changed all the important services over to the new account, so I’ll keep it for a short period of time (a month or so) to see if any more important mails arrive.

However, I discovered that under the section “Delete Services or Account” you can see a list of all the services which are connected with your Google account. It is possible to partially delete those services, so I went ahead and deleted most of it, except Google Mail.

Additional Bonus Tipp: I use NewPipe on my phone, which is a free libre replacement for the YouTube app. It has a neat feature which lets you import your subscriptions from your YouTube account. That way I can still follow some of the creators, but in a more manual way (as I have to open the app on my phone, which I don’t often do). In my eyes, this is a good compromise 🙂

I’m looking forward to go fully Google-free soon. I de-googled my phone ages ago, but for some reason I still held on to my Google account. This will be sorted out soon though!

De-Googling your Phone?

By the way, if you are looking to de-google your phone, Mike Kuketz has a great series of blog posts about that topic (in German though):

Happy Hacking!

by vanitasvitae at March 25, 2019 17:22

March 23, 2019

This Week in F-Droid

TWIF 48: guardianproject.info migration

This Week In F-Droid 48, Week 12, 2019 Feed

In this edition: The guardianproject.info website migration effort is underway, and odds-and-ends. There are 6 new and 82 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Guardian Project Hugo Migration

Coffee and @_hc have been working to migrate the guardianproject.info website to Hugo. The site has been set up, and much of the content has been migrated, but work remains to get all the details right and port over the navigation.

Google Play Issues

@vanitasvitae points to a story about KDE Connect being briefly removed from the Google Play Store, ostensibly for violating Google’s new policy on apps that utilize SMS permissions, despite an exemption that clearly applied to KDE Connect. It was restored two days later.

@Poussinou highlighted some troubles for the MusicPiped app, which allows users to stream audio from Youtube. It was published to Google Play, however its primary function violates Google’s Terms of Service. Google have responded by denying update submissions from the developer, though updates continue to be available via F-Droid.

Odds and ends

New apps

  • OpenPods: Check the battery status of your airpods.
  • Vector Camera: An app that applies real-time effects to the camera input.
  • DOI to SciHub: Quickly download research.
  • p!n: Pin notes to the notification area.
  • MoLe: Convenient front-end to hledger-web
  • FiSSH: SSH authentication via fingerprint scanning over network (TLS sockets).

Updated apps

In total, 82 apps were updated this week. Here are the highlights:

  • Delta Chat was updated from 0.101.1 to 0.200.0, improving setup for many providers (including OAuth 2.0 support for Google and Yandex), and enabling sharing into the app.
  • EteSync was updated from 1.2.6 to 1.3.0, improving performance for large initial syncs.
  • Suntimes was updated from 0.10.3 to 0.11.0, adding an alarm and a clock widget.
  • Bop-MusicPlayer was updated from 1.1.2 to 1.2, making microphone use optional, and enabling control via Google Assistant.
  • WebApps was updated from v2.18 to v2.20, allowing for custom user agents, and favicon-action bar color matching.
  • Periodical was updated from 1.23 to 1.30, separating events and symptoms into different lists, and indicating each per-day.
  • Bitcoin Wallet was updated from 6.41 to 7.02, providing support for receiving to and sending from SegWit (Bech32) addresses.
  • FairEmail was updated from 1.381 to 1.395, adding local contacts view with search, full HTML signatures, export/import of contacts notification settings, and optionally shows accounts on startup screen.
  • KISS launcher was updated from 3.7.6 to 3.7.9, improving startup performance and memory consumption.
  • SkyTube was updated from 2.94 to 2.95, fixing video playback.
  • Slide was updated from 6.0.1-3 to 6.1, adding mod toolbox support, a text editor overhaul, and improvements to wiki link handling.
  • FreedomBox was updated from 0.4 to 0.5, adding SDK v28 support.
  • GitNex was updated from 1.0-rc6 to 1.0.1, bringing some small fixes to an otherwise feature-packed 1.0 release (congratulations GitNex!).
  • Manyverse was updated from 0.1903.13-beta to 0.1903.19-beta, with several new features including post preview.
  • UserLAnd was updated from 2.3.8 to 2.4.0, adding file-system import and export.
  • FiSSH has been unarchived at version 3.0.

Beta updates

The following updates won’t be automatically suggested to you unless you have “Unstable updates” enabled in the F-Droid app settings, but you can expand the “Versions” tab and install them manually. Note that these are marked beta for a reason: Proceed at your own risk.

  • Telegram was updated from 5.3.1 to 5.4.0, introducing auto-playing videos.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by garym at March 23, 2019 00:00

March 22, 2019

Fairphone