Planet F-Droid

March 21, 2019

Adguard

AdGuard 3.0 for Android

AdGuard 3.0 for Android

You can say that with this huge update, AdGuard for Android is entering a new era. A jump like this can be only compared to the transition from the very first AdGuard for Android version to v2, and it's still more exciting this time.

AdGuard 3.0 for Android

Just look at how better it looks now!

There are significant changes to the UI, as you might expect from an update this big, but in fact the headliner of the new version is Stealth Mode, a new module dedicated solely to privacy protection. Let's kick things off by taking a closer look at the newcomer, and then continue checking out the rest of the changes (there are many more to talk about).

Stealth Mode #2094

It is telling that we’re starting our feature overview with Stealth Mode, listing it even before the redesign, or anything else. With Stealth Mode, AdGuard takes another role in addition to ad blocker and app manager: the role of a privacy protection tool, and a strong one at that. AdGuard has had a special Tracking Protection filter for a long time, but the new module presents an entire range of tools. Some of them will suit almost everyone, and others are for more hardcore users.

AdGuard 3.0 for Android

AdGuard Stealth Mode

Let's quickly go over them, but instead of mentioning every single feature, we will group them into categories.

  • General

Here we placed the features that you can enable without any risk of facing much inconvenience. Options like hiding your search queries or removing tracking parameters from URLs are almost strictly advantageous, and you have no reason not to use them if you care about privacy.

  • Tracking methods
AdGuard 3.0 for Android

So many options they don't fit on screenshots

Includes options that prevent websites from tracking you by using various mechanisms, for example, cookies. It’s worth mentioning that enabling self-destruction of first-party cookies is not recommended unless you want to take privacy protection to the absolute limit, as it may cause some websites to work improperly, or not work at all.

  • Browser API

In this section, you can enable or disable browser API-related options. Read the description for each of them first to find a good balance between privacy and convenience (for example, blocking Push API will prevent servers from sending any notifications to your browser).

  • Miscellaneous

As the name suggests, this category contains a mish-mash of options. Hiding your User Agent or masking your IP address are the sort of features you will find there.

If you feel intimidated by the variety of available options, you will like the new first launch wizard that will help you choose the configuration most suited for you — more on that later.

New UI

As important as Stealth Mode is, the tone of the update is largely dominated by the visual changes, and this time there are plenty. Almost every aspect of the old design was reworked, revamped and (hopefully) improved. There’s too much to mention in one chunk of text, so let's divide them into more digestible paragraphs.

App redesign #713

Everything is new here. New overall style, new icons, new layout. Our designers spent countless hours on it, going through many iterations. The end goal was to make users feel confident in their ability to navigate the app quickly and easily, and we believe we managed to achieve that.

AdGuard 3.0 for Android
AdGuard 3.0 for Android

New AdGuard for Android design

We did a lot of tidying up, removed all the elements that clogged up the screen, and added intuitive icons. If you want to get somewhere, it will be very clear to you how to do so.

Dark theme #104

This is probably one of the most desirable features ever. We’ve received requests from users to add a dark theme basically since the app was introduced for the first time more than three years ago. Finally, it has arrived.

AdGuard 3.0 for Android
AdGuard 3.0 for Android

Dark theme looks awesome! (source: us)

It is also true that for every voice that demands a dark theme, there is an equally loud one that goes against it. We would never betray our more conservative users, so the classic light theme is still available (and it's still the default one, for what it's worth).

Statistics charts #2083

Statistics are useful; it’s always nice to know how many ads were blocked, how much traffic was saved, and so on. But simply looking at bland numbers is not very informative, and also plain boring. Charts provide more information and are much more comprehensive.

AdGuard 3.0 for Android
AdGuard 3.0 for Android

Curves are much better than numbers (that's a fact)

While on the main screen, select the preferred time period and tap on the stat you're interested to display the chart (or go inside Apps Management to look at app-specific charts).

First launch wizard #1965

The wizard's goal is to make you familiar with AdGuard if its your very first time interacting with it. Upon the first launch, it will walk you through the available features and make some suggestions. Feel free to enable or skip any of them, depending on your preferences.

AdGuard 3.0 for Android
AdGuard 3.0 for Android

The wizard will help you avoid getting overwhelmed at first

Widget redesign #2354

The apps icon has changed, so the widget needed to be altered as well. Not much to say here: aside from the change in looks, widgets now provide some statistics about blocked requests and so on.

AdGuard 3.0 for Android

New AdGuard widgets

CoreLibs update

In case you need a refresher, CoreLibs is the new filtering engine that AdGuard is built upon. What AdGuard can and can't do is defined by it, so no wonder it's so important. One of the biggest advantages of CoreLibs compared to the previous engine is that it's cross-platform. This means AdGuard for Android can now take the best from the other AdGuard apps, and you can already see it in action with Stealth Mode.

In this update, CoreLibs receives a further boost, granting better performance and filtering quality. About 150 improvements were made to the filtering engine. We cannot list them all here, but here is a link if you want to check them out.

Other changes

Here are some of the more niche features that will primarily appeal to more tech-savvy users.

Improved DNS functionality #2415

We are now using our own DNS proxy server, which supports all existing DNS protocols. What does that mean for you, the user?

  1. AdGuard now supports the DNS-over-TLS protocol, which is one of the most secure modern DNS protocols
  2. To configure a DNS-over-HTTPS (another secure DNS protocol) server, you don’t need to know the SDNS and can use a simple string like https://dns.adguard.com/dns-query
  3. You can indicate any number of upstream servers for your custom DNS server setup

More filter subscriptions #12

AdGuard 3.0 for Android

More filters! More!

Self-explanatory: the more, the better! If your favorite subscription wasn’t in the default list before, check it again.

Custom subscriptions by URL #13

…and if it's still not there, no big deal! Just add it manually, because now it's extremely easy. Just tap the respective button, enter the URL, and your filter will appear among the rest. The new filter will be updated automatically, and of course you can add more than one at a time.

AdGuard 3.0 for Android

Ok, just one more, I swear...

Conclusion

And that wraps it up for AdGuard 3.0 for Android! Traditionally, the full changelog is available on GitHub. Make sure you install the new version by checking for updates (an icon on the main screen of the app), and if you are new to AdGuard, check out the free trial by downloading the app from our official website.

Let us know about your first impressions of the new AdGuard by leaving a comment below, and see you soon with more news!

PS: Unfortunately, all these wonderful changes would have not been possible without using some of the features available only on newer Android OS versions. Similar to Windows XP, the days of Android 4.x are coming to an end. And despite this wasn't an easy decision, starting with this version AdGuard will only work on devices with Android OS 5+. Owners of devices with Android 4.x can find previous versions of AdGuard on GitHub.

We are currently answering questions about the update on Product Hunt, so if you have any — we are waiting for you there. Oh, and by the way, there is an exclusive 40% discount for "hunters" there, don't tell anyone :)

by Vasily Bagirov at March 21, 2019 14:23

March 20, 2019

/e/ foundation

Leaving Apple & Google: update on upcoming /e/ services, new devices, and community actions.

Leaving Apple & Google:
update on upcoming /e/ services, new devices, and community actions.

Update on upcoming /e/ services

As some of our close followers already know, we have been working for a while on new or improved online services. They will complete the /e/ “Minimal Viable Product”, be the root for our V1.0 and will help us scale a lot.

New services will include:

– an Android application installer integrated in the system

– a new secure and scalable /e/ infrastructure for our drive/mail/calendar/notes… with more storage for free!

– self hosting /e/ docker server images for those who prefer to host all their data on a hosted server they own at a provider or in the cloud

Stay tuned!

6 new devices are now supported!

We have added several new devices to the list of supported smartphones. Now, you can enjoy /e/’s data privacy on:
– Samsung Galaxy J7 (Exynos) “j7eltexx”
– Xiaomi Mi 3 / Mi 4 “cancro”
– Google Nexus 5X “bullhead”
– LeEco LePro3/Le Pro3 Eliste “zl1”
– Samsung Galaxy A3 (2016 Exynos) “a3xeltexx”
– Samsung Galaxy Note 4 (Exynos LTE) “treltexx”

64 devices now supported!

Download, flash and enjoy now! Don’t forget to report your experience to us.

Community actions soon around the world!

We are working on a plan to help local communities organize some /e/ flash parties and meetups. We will provide some documentation, tools for flashing and a few goodies!

If you are interested in organizing such an event at your place, please contact us! Send us an email to join@e.email, with “community event [place]” as subject.

Be part of something bigger!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…

Act now:

Sincerely,
Gaël @gael_duval / @gael@mastodon.social

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at March 20, 2019 18:05

March 16, 2019

OsmAnd

Guideline for public transport

Guideline for public transport

March 16, 2019
  • Guidelines on how to build or correct public transport routes
  • The most common mistakes
  • "OSM Inspector" final check (Data validator)
  • "JOSM validator" final check (Data validator)
  • Hi!

    As you already know we have recently released an update of our app on Android!

    And guess what? It allows our users to work out their routes using public transport, which will certainly help one to move through the concrete jungle faster. The OSM database, however, has some unchecked and dubious info, so we decided to give you a hand and show how to use the newest update to your advantage. Our instructions will be detailed, but, overall, not too complex, because we want you to engage in the process of forming OSM. Try not to break it, ok? Just kidding! If you need a bit more support use LearnOSM.

    Guidelines on how to build or correct public transport routes

    So, let us go through the process of mapping out a route together using JOSM. We have chosen to create a bus route. For starters, let’s mark our stops. There are two options in the settings, so one can either mark it as a regular bus stop (public_transport=stop_position), or as a place where the passengers will be waiting for the arrival of their bus (public_transport=platform). These stops should be included directly into your route. Then, you should attach some tags, such as public_transport=stop_position, name, etc. You also can use presets: find them in Presets - Transport - Public transport.

    As a general rule, the platform for waiting passengers is located in front of a bus stop. It can be a node, a line or even a polygon. We will set two tags, one is public_transport=platform, and the other - highway=bus_stop (to meet the requirements of PT v1). We also encourage you to give it a name.

    You need to match the first stop with the starting point of your route. Logically, the last stop has to be near the finish. If, however, you have to put it in the middle, you will need to split the segment there.

    After checking whether we have tagged all the stops correctly, we will go on mapping out the route. We will need to search a panel on the right side of the screen for “Relations”. If you cannot find it, go directly to Windows -> “Relations”. Found it? Click on “Create a new relation”.

    A window will pop up. Here, we will create the relations. One can find the description of any tag they may need here.

    Let’s go ahead and add some tags:

    type=route

    route=bus

    from=Bus stop 1

    to=Bus stop 3

    name=Bus 5: Bus stop 1 => Bus stop 3

    ref=5

    Our next task is to add other elements of our route. Go to the main window, do not close the window where you have been creating the relation, though. Successively select all the segments of the route, using the CTRL button for multiple marking. These segments will appear in the tab Selection in the window where we have been creating the relation.

    Using the buttons circled in red, we will add them to the “Members” tab.

    Our next move is to add nodes public_transport=stop_position and public_transport=platform. Select them on the map and, then, add to the relation (higher than ways). Enumerate them to avoid further difficulties. For example, stop_position 1, platform 1, stop position 2, platform 2 and etc. As a result, our relation editing window looks like this:

    The roles for stops and platforms, however, will be automatically filled out. For instance, in the column called “Role” stop_position has an assigned “stop” role, while platform has “platform” role. We will change it just a bit here. In particular, we will change the first and the last platform and stop_position roles. Add “_entry_only” to the objects related to the first stop (stop_entry_only, platform_entry_only), it means that this stop has just one purpose - entrance. The last stop, accordingly, should be marked “_exit_only” (stop_exit_only, platform_exit_only). Sometimes the roles are not assigned automatically, then you will need to fill them in manually.

    We have marked the buttons for moving and sorting the relation members as 1 and 2 (in red).

    If the order of stops is incorrect, OsmAnd will NOT be able to plan a proper route for you!

    To check whether the route has any gaps, use small arrows located on the right side of the way. They also will help you to determine the direction of the route.

    Now, as you can see, we have a complete route, which starts at Bus stop 1 (on Fedinskaya street) and ends at Bus stop 3 (A-108).

    As a rule, buses go both ways. So, why not to create a backtrack? Just start from copying the relations by pressing “Relations - Create copy of this relation”. You can also access the button in the redactor. In order not to get confused, we can delete all stop_position and platform from the relation copy and leave only the ways. By clicking on a button called “Reverse the order of the relation members” in the redactor window, we will reverse the direction of the route and, furthermore, will be able to check whether they are correct. Now, let us add stops and platforms, adding tags in the process.

    All the directions, variants of route, and details attached to the route should be united relation type "route_master" which is required by the scheme PTv2. Our task now is to create a new relation and fill in the tags:

    type=route_master

    route_master=bus

    ref=5

    The tag “ref” is reserved for the number of the route.

    Not closing the redactor, let’s find the previously created route and choose “Select relation” from the context menu. If you did alright, which we are sure of, you will see your route change color. It will become purple, and the tags will appear on the panel “Tags / Membership”.

    We will add it to “Members” using the corresponding buttons and save the relation.

    The most common mistakes

    "OSM Inspector" final check (Data validator)

    OSM Inspector can help you to check whether routes are correct. Use it, it does a pretty nice work!

    In case there is a mistake, click on it in the tab “Selection” and detailed info will appear. A vertical scroll bar will show up automatically if there are multiple mistakes on different levels. Each mistake has a letter J next to it. Click on it, and the mechanism of the remote control will open the corresponding area in JOSM.

    Should the message “The OSM server ‘api.openstreetmap.org’ reported a bad request. The area you tried is too big or your request was too large. Either request a smaller area or use an export file provided by the OSM community” appear on the screen, the easiest way to resolve it would be to download this area through JOSM -> File -> Download data -> Download from Overpass API. Using Overpass API allows you to get more data from the server in one request as well as to download only the required type of data.

    Gap / Gap or unordered before this way

    Any unintentional split of your track will result in this mistake. Search for the relation with this mistake in the editing panel.

    On this screenshot, we can see that the line which shows our route indeed has some gaps. To get to the root of the problem, click on the route segment near the split in the Members list. This way will be marked with red coloring in the main window of the program.

    To move across the segments of a relation you can also use the keyboard. By going through the track manually, it is easier to spot the segment that was placed incorrectly. And when we already know what has caused the mistake, we can just drag it to its right place. You can also use buttons on your left, if you wish.

    The neighboring segments may have an inverted order, which is a fairly common mistake. To correct it, we can select the disorganized tracks in the list of Members and click the button on the left, which is “Reverse the order of relation members”.

    The image of a bus has been placed on the button in the latest versions of JOSM to automatically correct simple mistakes. And, finally, when we understand how to make corrections manually, we can run the program, fully controlling the process!

    Empty role for non-way object

    In most cases, it means that we have left out one stop_position or platform role. We will need to fill in the empty role.

    Road vehicle route over non-road

    This message will appear when the road is closed or does not allow a certain type of transport to pass through it. Just check the track and place some corrections.

    Stop without proper tags

    At the place of stop, there are no tags indicating the type of transport (bus=yes, train=yes and etc.).

    Route has only stops/platforms

    There are no ways in the route. Just add them.

    Trolley bus without trolley wire

    Tag trolley ways with trolley_wire=yes to mark contact electrical network.

    Unknown route type

    This type of the route is unknown. Add some details.

    Unknown role

    The type of the role should be specified.

    Stop is not node

    The place of a stop (stop_position) is not a node.

    Stop not on way

    A stop is not implemented in your route, it should be put directly in it.

    "JOSM validator" final check (Data validator)

    JOSM has an inbuilt validator which checks data. It will open automatically should you try to send the data to the server, it can also be handled manually. In order to do this, search for the tab “Validation Results” on the right of the main window. Still cannot see it? Let’s turn it on through Windows -> Validation results. Click “Check” button and the whole area (if none selected) validation should start. Should you try sending data to the server, this check will work out only recently changed info.

    Let us go through the results related to public transport:

    - Route relation contains a ‘forward/backward/alternate’ role

    The PTv1 scheme implies additional role assignment to a route, but it goes against PTv2 schema. Delete all the roles and, if necessary, create your route again from scratch.

    - Route relation contains a gap

    The same as Gap / Gap or unordered before this way in OSM Inspector.

    - Route scheme is unspecified. Add public_transport:version

    If a route matches with the PTv2 scheme (as mentioned above), add the tag public_transport:version=2 to the relation.

    - Stop position is not part of the route

    Look up Stop not on way in OSM Inspector, because they are identical.

    ____________

    As you already know, a public transport function has been added in the newest release of our app. We have received some valuable feedback from our users who had already tried this function out. Unfortunately, not all the data in OSM is reliable, which causes a few problems. We sincerely hope that, with the help of these guidelines, it will be much easier for you to create and check the public transport routes.

    P.S. We will do our best to upgrade these and other functional aspects of the app in the future. And remember that each user makes all the difference. Let’s create OSM together!

March 16, 2019 17:00

March 15, 2019

Adguard

Android Q comes to beta. What does it mean for AdGuard?

Android Q comes to beta. What does it mean for AdGuard?

Everybody who has any interest in Android OS is currently talking about Android Q beta that has been released just recently. The developers' blog post provides a lot of food for thought, but it doesn't answer the most important question: how does Android Q affect AdGuard? :) Read on to find out.

First of all, we feel obliged to say that a lot of things which we consider important were done right in this beta. We are particularly happy with all the privacy-related improvements that are coming to Android (for example, giving users more control over apps). However, some of the changes affect AdGuard in a negative way, and you should be aware of them before the update rolls out.

The main issue is that now it is harder to detect what app is connecting to AdGuard. Why is this so important? AdGuard is not just a simple DNS-level ad blocker. It is a fully-featured firewall, so it's crucial to be able to distinguish traffic between the apps. The same applies to HTTPS filtering — it won't be possible for the same reasons.

Good news is that in the latest AdGuard v3.0 beta this issue is partially fixed, depending on your preferred filtering mode:

  • in local VPN mode, everything will work as it should
  • in rooted local proxy mode, the firewall functionality and HTTPS filtering are still crippled, but they are going to be fixed by the time Android Q gets officially released
  • in no-root proxy mode, the same issues exist, and we will not be able to fix them unless something changes in the future versions of Android Q. We recommend to avoid this filtering mode.

by Andrey Meshkov at March 15, 2019 15:01

March 10, 2019

Gregor Santner

Paul Schaub

A look at Matrix.org’s OLM | MEGOLM encryption protocol

Everyone who knows and uses XMPP is probably aware of a new player in the game. Matrix.org is often recommended as a young, arising alternative to the aging protocol behind the Jabber ecosystem. However the founders do not see their product as a direct competitor to XMPP as their approach to the problem of message exchanging is quite different.

An open network for secure, decentralized communication.

matrix.org

During his talk at the FOSDEM in Brussels, matrix.org founder Matthew Hodgson roughly compared the concept of matrix to how git works. Instead of passing single messages between devices and servers, matrix is all about synchronization of a shared state. A chat room can be seen as a repository, which is shared between all servers of the participants. As a consequence communication in a chat room can go on, even when the server on which the room was created goes down, as the room simultaneously exists on all the other servers. Once the failed server comes back online, it synchronizes its state with the others and retrieves missed messages.

Matrix in the French State

Olm, Megolm – What’s the deal?

Matrix introduced two different crypto protocols for end-to-end encryption. One is named Olm, which is used in one-to-one chats between two chat partners (this is not quite correct, see Updates for clarifying remarks). It can very well be compared to OMEMO, as it too is an adoption of the Signal Protocol by OpenWhisperSystems. However, due to some differences in the implementation Olm is not compatible with OMEMO although it shares the same cryptographic properties.

The other protocol goes by the name of Megolm and is used in group chats. Conceptually it deviates quite a bit from Olm and OMEMO, as it contains some modifications that make it more suitable for the multi-device use-case. However, those modifications alter its cryptographic properties.

Comparing Cryptographic Building Blocks

ProtocolOlmOMEMO (Signal)
IdentityKeyCurve25519X25519
FingerprintKey⁽¹⁾Ed25519none
PreKeysCurve25519X25519
SignedPreKeys⁽²⁾noneX25519
Key Exchange
Algorithm⁽³⁾
Triple Diffie-Hellman
(3DH)
Extended Triple
Diffie-Hellman (X3DH)
Ratcheting AlgoritmDouble RatchetDouble Ratchet
  1. Signal uses a Curve X25519 IdentityKey, which is capable of both encrypting, as well as creating signatures using the XEdDSA signature scheme. Therefore no separate FingerprintKey is needed. Instead the fingerprint is derived from the IdentityKey. This is mostly a cosmetic difference, as one less key pair is required.
  2. Olm does not distinguish between the concepts of signed and unsigned PreKeys like the Signal protocol does. Instead it only uses one type of PreKey. However, those may be signed with the FingerprintKey upon upload to the server.
  3. OMEMO includes the SignedPreKey, as well as an unsigned PreKey in the handshake, while Olm only uses one PreKey. As a consequence, if the senders Olm IdentityKey gets compromised at some point, the very first few messages that are sent could possibly be decrypted.

In the end Olm and OMEMO are pretty comparable, apart from some simplifications made in the Olm protocol. Those do only marginally affect its security though (as far as I can tell as a layman).

Megolm

The similarities between OMEMO and Matrix’ encryption solution end when it comes to group chat encryption.

OMEMO does not treat chats with more than two parties any other than one-to-one chats. The sender simply has to manage a lot more keys and the amount of required trust decisions grows by a factor roughly equal to the number of chat participants.

Yep, this is a mess but luckily XMPP isn’t a very popular chat protocol so there are no large encrypted group chats ;P

So how does Matrix solve the issue?

When a user joins a group chat, they generate a session for that chat. This session consists of an Ed25519 SigningKey and a single ratchet which gets initialized randomly.

The public part of the signing key and the state of the ratchet are then shared with each participant of the group chat. This is done via an encrypted channel (using Olm encryption). Note, that this session is also shared between the devices of the user. Contrary to Olm, where every device has its own Olm session, there is only one Megolm session per user per group chat.

Whenever the user sends a message, the encryption key is generated by forwarding the ratchet and deriving a symmetric encryption key for the message from the ratchets output. Signing is done using the SigningKey.

Recipients of the message can decrypt it by forwarding their copy of the senders ratchet the same way the sender did, in order to retrieve the same encryption key. The signature is verified using the public SigningKey of the sender.

There are some pros and cons to this approach, which I briefly want to address.

First of all, you may find that this protocol is way less elegant compared to Olm/Omemo/Signal. It poses some obvious limitations and security issues. Most importantly, if an attacker gets access to the ratchet state of a user, they could decrypt any message that is sent from that point in time on. As there is no new randomness introduced, as is the case in the other protocols, the attacker can gain access by simply forwarding the ratchet thereby generating any decryption keys they need. The protocol defends against this by requiring the user to generate a new random session whenever a new user joins/leaves the room and/or a certain number of messages has been sent, whereby the window of possibly compromised messages gets limited to a smaller number. Still, this is equivalent to having a single key that decrypts multiple messages at once.

The Megolm specification lists a number of other caveats.

On the pro side of things, trust management has been simplified as the user basically just has to decide whether or not to trust each group member instead of each participating device – reducing the complexity from a multiple of n down to just n. Also, since there is no new randomness being introduced during ratchet forwarding, messages can be decrypted multiple times. As an effect devices do not need to store the decrypted messages. Knowledge of the session state(s) is sufficient to retrieve the message contents over and over again.

By sharing older session states with own devices it is also possible to read older messages on new devices. This is a feature that many users are missing badly from OMEMO.

On the other hand, if you really need true future secrecy on a message-by-message base and you cannot risk that an attacker may get access to more than one message at a time, you are probably better off taking the bitter pill going through the fingerprint mess and stick to normal Olm/OMEMO (see Updates for remarks on this statement).

Note: End-to-end encryption does not really make sense in big, especially public chat rooms, since an attacker could just simply join the room in order to get access to ongoing communication. Thanks to Florian Schmaus for pointing that out.

I hope I could give a good overview of the different encryption mechanisms in XMPP and Matrix. Hopefully I did not make any errors, but if you find mistakes, please let me know, so I can correct them asap 🙂

Happy Hacking!

Sources

Updates:

Thanks for Matthew Hodgson for pointing out, that Olm/OMEMO is also effectively using a symmetric ratchet when multiple consecutive messages are sent without the receiving device sending an answer. This can lead to loss of future secrecy as discussed in the OMEMO protocol audit.

Also thanks to Hubert Chathi for noting, that Megolm is also used in one-to-one chats, as matrix doesn’t have the same distinction between group and single chats. He also pointed out, that the security level of Megolm (the criteria for regenerating the session) can be configured on a per-chat basis.

by vanitasvitae at March 10, 2019 03:31

March 08, 2019

Privacy Browser

Problems with Redmine

March 14 Update: Redmine is working again.

There is a bug in the current Debian Redmine package that prevents users from being able to log into the site. I have reported the bug to the package maintainers, but it is uncertain how long it will take them to upload a fixed version. Currently we can view the status of existing bugs and feature requests but not make any changes. Until Redmine is fixed, users may submit bug reports in the comments to this post or by emailing them to me.

by Soren Stoutner at March 08, 2019 03:48

March 07, 2019

OsmAnd

OsmAnd 3.3

OsmAnd 3.3

March 7, 2019

We will be releasing the new version patch by patch during the next two weeks, and the info about app updates will be published in this article. Here is what has been done so far.

We follow our Privacy Policy and now we have completely removed Facebook and Firebase analytics from the free version (OsmAnd+ didn't include it).

Navigation on public transport: Metro, Buses, Tram and so on.

First, we would like to introduce Navigation for public transport which is currently in the beta phase. Each of you can try to navigate in your city by public transport now with OsmAnd. We want to receive your feedback for customization of this feature. Most importantly, we use the latest New Public Transport Schema that is also called Public Transport Version 2 (PTv2) for our Public Transport navigation algorithm. You can check your public transport here. Guidelines on how to build or correct public transport routes will be provided in our blog soon.

Redesigned Directions menu

We have made a more detailed Directions menu to help you navigate to your Home and Work and see the History of your destinations. When you click “Options”, you can see Settings for Navigation like the list of active GPX and others.

Improve Quick action

As requested by many users, we have added Show/Hide tracks, Day/Night mode switches in Quick action. Quick action is a flexible menu of shortcuts providing direct access to whatever features you need to access most frequently: just select and add them to this 'toolbar'. In this way, the next time you need to add a new favorite, add a navigation destination, enable or disable voice guidance, etc, you can do it in one click using Quick action. The Quick action button can be added via the Configure screen menu. To add actions to the menu, please press 'Add action' right on its menu bar. To remove an action, go to Configure screen and tap the 'Quick action' menu, then remove any shortcuts not needed.

Additional info in the Route details.

While building a route, you can view information about the road itself like road types, surface, steepness and smoothness which will help you in understanding the road conditions of your route.

Besides these changes, we've also made a range of fixes of some critical bugs, including flooded territories and crashes at some public transport stops.

Please update OsmAnd and share your opinion on our Facebook, Twitter, and Reddit!

Get it on Google PlayGet it on Amazon

March 07, 2019 20:00

/e/ foundation

Leaving Apple & Google: self-host /e/ online services, /e/ at MWC2019 Barcelona, new stickers…!

Leaving Apple & Google:
self-host /e/ online services, /e/ at MWC2019 Barcelona, new stickers…!

Soon to come: self-host /e/ online services…

In 2019, a mobile operating system is not only a ROM that runs on a smartphone. It’s also a set of online services running in the cloud, linked to the device OS: email, calendar, documents, pictures and videos storage…

Today a vast majority of Android users are stuck with no real choice than using Google Mobile Services to perform these tasks putting their personal data at risk.

/e/ is about freedom and privacy, so we have replaced Google’s data mining services by our own private cloud, running 24/7 as a beta since September 2018.

But that’s not all. We want to offer more choice and let users take total control of their data. In our latests builds, it’s now possible to set a specific server URL for the server that is hosting the /e/ account.

Next step is to provide everything needed to install these services on any server, dedicated, at home or in the cloud, to make one own’s drive. And all this will be 100% compatible with /e/.

Stay tuned!

/e/ at MWC2019 Barcelona

The MWC or Mobile World Congress is a 4-day global event where all parts of the Mobile industry come together to showcase their latest innovations: Telco carriers, smartphone brands, app developers, and many others, all under “one” roof. We couldn’t miss it!

We had the opportunity to attend more than 15 high-level meetings, including one with Brendan Eich, creator of JavaScript, co-Founder of Mozilla and currently Founder and CEO of the Brave web-browser.

We even showcased a /e/ smartphone to Tim Höttges , and of course he liked it a lot! Ah, yes, Tim Höttges is the CEO of Deutsche Telekom 🙂

Gaël & Alexis at the fair entrance

One smartphone running /e/ at our booth.

Sam talking to a visitor at our booth.

Tim Höttges, Deutsche Telekom’s CEO, testing a smartphone running /e/.

New stickers are here!

What’s the best way to show that you care about your data privacy? Use /e/ and put some /e/ stickers on your desk, laptop…

And it’s a great way to support our upcoming developments.

Be part of something bigger!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…

Act now:

Sincerely,
Gaël @gael_duval / @gael@mastodon.social

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at March 07, 2019 07:21

March 06, 2019

Adguard

AdGuard Browser Extension v3.0

AdGuard Browser Extension v3.0

A lot has changed since the first ad blocking browser extensions appeared on the market. Simply blocking ads is not enough anymore (not to say it is an easy task — advertisers are constantly learning new tricks to jam their ads past the filters). Today, big data rules the world. Tracking is omnipresent, the price of information has skyrocketed, and so has the value of privacy. People seek tools to protect it, and ad blockers need to adapt to the new demands in order to stay competitive. We understand this more than anyone, and the new AdGuard browser extension v3.0 reflects this.

Thanks to the newly added Stealth Mode, a privacy-oriented multitool, AdGuard further stands out from the ranks of regular ad blocking extensions.

What's new?

Stealth Mode, without any doubt, is the headliner of the new version, but let's be patient and go over every noteworthy change one at a time.

New design

It’s true that any change starts from the inside, but in the end you’ll be judged by your looks more often than not. The AdGuard extension now has a new design, and it’s not just a dumb reskin. There’s a lot more to it: fresh icons and a new overall theme make the interface more natural and user friendly.

AdGuard Browser Extension v3.0

AdGuard Extension v3.0 main menu

In the main extension menu, you’ll also find a brand new "Statistics" tab. It features detailed numerical stats and charts, with the ability to show different types of data: filter-specific data, data for various time frames, or in total.

AdGuard Browser Extension v3.0

New Statistics tab

Also worth mentioning is the User filter. It has undergone a few changes too. The new luminous element highlighting and auto-save function, as well as a unified text field for filtering rules should make editing more convenient. The text box can also be resized to your liking.

AdGuard Browser Extension v3.0

The new look of the User filter

We hope you’ll like the new design and find it convenient and pleasing to the eye. We certainly do!

Introducing Stealth Mode #283

Now, on to the main course of the update. We’ve said it a thousand times already and will say it again: privacy is not a luxury, it is an inalienable right of each person. Unfortunately, we have to fight for this right, and the AdGuard team is proud to be at the forefront of this battle.

Stealth Mode is a powerful instrument that protects your online privacy in many ways. In fact, Stealth Mode is more than that: it’s a whole module that includes a wide range of tools. Previously, only AdGuard for Windows users had access to Stealth Mode; and although the browser extension version doesn't have the full capabilities of its bigger brother just yet, it still does a very good job.

AdGuard Browser Extension v3.0

Stealth Mode — a great way to protect your online privacy

Those users who are new to the world of privacy protection might have some troubles understanding what this or that option does. And although all settings have tooltips, let's run through them real quick.

  • Cookies
    Cookies are one of the most common ways, for websites to get information about you just by using the built-in capabilities of your browser. By disabling them (or restricting their lifespan), you will make their job a lot harder. Be careful though: restricting third-party cookies will at most cause you minor inconvenience (e.g., you will have to manually enter your logins/passwords), but restricting first-party cookies can break some websites.

  • Hide Referrer
    Whenever you visit a website, it usually knows where you came there from, and will act accordingly. For example, let’s say you want to purchase a plane ticket after browsing travel packages — tickets for you might be overpriced. By hiding your referrer you deprive websites of this luxury.

  • Hide search queries
    Rather self-explanatory: whenever you click on a link from search results, it won't know what queries you made.

  • Send Do-Not-Track header
    Surprisingly, some websites are more polite than others, and actually will not track you if you ask them nicely by sending this special header with your web requests.

  • Delete X-Client-Data header
    Unique to the Chrome browser, this setting will prevent it from sending information about itself to Google domains.

  • Remove tracking parameters
    You must have noticed this before: often the link you follow contains garbage like utm_source, utm_content, etc. All these parameters are not essential in the slightest for the link to work, but serve for tracking purposes. Bonus: You can modify the list of these parameters yourself!

Future AdGuard extension updates will bring more Stealth Mode options, making it better and better at protecting your privacy.

Other major changes

Filter groups #1068

Going back a little, let's talk more about the new design. We changed the way in which the filters are presented to users. Instead of listing them all together, we combined the filters into semantic groups. Each group includes filters that serve some particular goal. For example, filters that block ads are grouped together, filters that block trackers and serve privacy purposes will be united into a different group, etc.

AdGuard Browser Extension v3.0

Filter groups

Filters in a group can be enabled and disabled individually, or all at once. Note that once the group is switched off, related filters will not work, even if they are enabled (they will not receive updates either). The new system should make filter management more intuitive and help new users.

New "Filters update period" setting #596

Speaking of filters, previously, filters were automatically updated every 48 hours (default period), end of story. Now you can adjust the frequency of automatic updates (by choosing from options: every 1/6/12/24/48 hours) or disable them completely, in case you prefer manual updates.

An option to disable integration mode #1012

For those who don't know, if you already have the AdGuard desktop app (either for Windows or Mac), our browser extension may become a useful addition to it. The extension can completely replace the browser-based “AdGuard Assistant” module (learn more). It is called Integration Mode, and now you can turn it on or off at will from the “Other settings” tab.

In conclusion

This doesn't, of course, cover the entire changelog. To see the rest of the changes (totaling almost a hundred), go to the GitHub repository.

Also, we would like to remind you that there is a beta channel for the AdGuard extension. If you’re interested in receiving the latest updates as soon as physically possible (and don't fear a stray bug or two), welcome into the fold.

And that’s all for today! Make sure your AdGuard is up to date, and see you soon!

At the moment of publishing of this post, the extension is in the process of updating. If you are using Firefox, the new version might not be available yet. To avoid waiting, you can install the beta version of the extension, it is quite stable.

by Vasily Bagirov at March 06, 2019 13:15

March 05, 2019

Privacy Browser

Privacy Browser 2.17.1

Privacy Browser 2.17.1 has been released to address a bug that caused Privacy Browser to crash if a bookmark was created with a very large favorite icon. This bug has existed ever since bookmarks were added to Privacy Browser in version 1.8, but nobody ever noticed until now because most websites are polite enough not to post full size photographs as their favorite icons.

This release also adds a line to the manifest that allows the user to move the APK to the SD card. By default, the OS does not allow apps to be moved. But I am all in favor of users having the choice to do so if they desire.

by Soren Stoutner at March 05, 2019 21:14

March 03, 2019

Paul Schaub

More Languages to the F-Droid Planet?

You may know about Planet F-Droid, a feed aggregator that aims to collect the blogs of many free Android projects in one place. Currently all of the registered blogs are written in English (as is this post, so if you know someone who might be concerned by the matter below and is not able to understand English, please feel free to translate for them).

Recently someone suggested that we should maybe create additional feeds for blogs in other languages. I’m not sure if there is interest in having support for more languages, so that’s why I want to ask you.

If you feel that Planet F-Droid should offer additional feeds for non-English blogs, please vote by thumbs up/down in the planets repository.

Happy Hacking!

by vanitasvitae at March 03, 2019 01:53

March 02, 2019

Privacy Browser

3.x Series Roadmap

The release of Privacy Browser 2.17 marks the end of the 2.x series (unless a serious bug is discovered that needs to be addressed). The 3.0 release will implement the long awaited tabbed browsing. Following that, all other features that can be implemented without Privacy WebView will makeup the body of the 3.x series. At any time, users can see which features are planned for the next release and the list of all remaining features for the 3.x series.

With the 4.x series, the plan is to create a rolling fork of Android’s WebView, called Privacy WebView, that will add missing privacy features. Once the 4.x series is implemented, I plan to start working on Privacy Browser for other platforms. My initial thought is that I can develop it using the Qt framework and QtWebEngine, which will allow me to use one code base for Linux, Windows, and macOS. However, I will do a deeper investigation of the options and make a final decision when we get closer to that point.

by Soren Stoutner at March 02, 2019 05:39

March 01, 2019

LineageOS

This Week in F-Droid

TWIF 45: Localization improvements and faster news

This Week In F-Droid 45, Week 09, 2019 Feed

In this edition: Localization improvements in the F-Droid repository, F-Droid News section is splitting off, german article on how to have your own F-Droid repository, and Calendar Notifications Plus unpublished from Play Store. There are 2 new and 64 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Localization improvements in the F-Droid repository

As part of the Linguine grant, Weblate has implemented F-Droid/Fastlane support for app description metadata. This makes it incredibly easy to add translations without needing to go through any extra intermediate conversion steps. @_hc has been deep diving into the localization workflow, converting several apps to this new workflow, including the F-Droid app itself.

F-Droid News section is splitting off

@nicoalt has set up the hosting, and @_hc has set up the syncing, so news.f-droid.org is now live and in beta! In the coming weeks we’ll be converting the existing collection of newsposts to Hugo, finalize the site, and seamlessly integrate it into the main website.

The benefit of all this: More regular and timely updates. Instead of having to go through an approval process, and then only going live with the next index update, whenever that happens, it will now be online within about a minute of publishing, instead of up to several days.

The site is already updating, and if you want the latest news the earliest, you can point your RSS readers at https://news.f-droid.org/index.xml.

German article on how to have your own F-Droid repository with Repomaker

The German version of @Izzy’s third F-Droid article will go online coming Sunday (the 3rd of March). The English article is already online. If you always wanted to know how to have your very own F-Droid repository, have a look at:

Your own F-Droid Repository with Repomaker (English/German - language is auto-detected)

Calendar Notifications Plus unpublished from Play Store

The developer of Calendar Notifications has pulled their app from Google Play, while leaving it on FDroid:

I have realized yesterday that Play Store was a source of a constant stress recently. And for what? For an app that I develop as a fun-time activity and having absolutely zero profit from it. Recent SDK/API changes has forced me to kill/change some functionality that people liked and people were blaming me, not google.

New apps

Updated apps

In total, 64 apps were updated this week. Here are the highlights:

  • EteSync is a secure and end-to-end encrypted personal information sync for Android, the desktop and the web. (You will either need a paid account, or set up your own server.) It was updated from 1.2.0 to 1.2.2, fixing the setting controlling change notifications, and fixing a crash during sync for some users.

  • Major openScale, a weight and body metrics tracker with support for Bluetooth scales, was updated from 1.9.3 to 2.0.1:
    • replaced HelloCharts library with the MPAndroidChart library
    • added option to enable/disable graph legend
    • replaced statistic last week/month table view with radar graph
    • added rolling chart option
    • added graph marker and marker menu for line graphs
    • added option to enable/disable Y-axis
    • change indicator color depending on if you are going towards or away from your weight goal
    • fixed notification bug for Android O
    • simplified Bluetooth machine state for improved Bluetooth communication
    • grand access to fine location which includes coarse location access
    • disabled linear regression line
    • coloured y-axis and table icons correctly
    • fixed widget bug
  • Indigenous, an IndieWeb Micropub and Microsub Client, was updated from 0.31 to 0.33, now with manage channels and feeds, and support for sending location name. The floating action button on manage channel and feeds screen was moved to the action bar.

  • Featured Tusky is a Mastodon client. This is a big update from 4.1 to 5.1 with too many changes to list. Please refer to the release notes for changes and screenshots.

  • miniVector and Riot.im both updated to 0.8.23, with a refreshed look and support for key backup! Other improvements include:
    • Support Split-screen mode (#1832)
    • Enable auto focus when taking picture with the camera (#2831)
    • Notification settings re-organization, added bing rule troubleshoot
    • Redact has been renamed to Remove to match riot/web (#2871)
    • Remove long click download action in MediaViewer (#2882)
    • Sender name colors in rooms
    • Remove beta e2e warning (#2946)
  • Vinyl, a light and slick material design music player, updated from 0.19.2 to 0.20.1, now with sort by date for Songs and Albums, song title text in a horizontal scrollview, swipe to remove song from queue, and SD card write access using SAF API.

  • piggybudget, an expense tracker, was updated to 2.2, now with support for exporting your entire transaction history to CSV, as well as the inverse, importing CSV files into piggybudget.

  • Conversations was updated from 2.3.12+fcr to 2.4.1+fcr, bringing a new Backup / Restore feature, clearer distinction between private group chats and public channels, a redesigned participants view for group chats and channels, and a redesigned “create new contact/group chat/channel” flow in the Start Conversation screen.

  • Fedilab, the swiss army knife of Activitypub-based platforms (Mastodon/Pleroma/Peertube/GNU Social/Friendica) was updated to 1.75.0, featuring an ad blocker for its builtin browser, a renewed and simplified login page with auto-detection of the instance type, a “Console mode” layout, copy toot URL to clipboard, and “timed mute” accessible from all menus that have “mute”.

  • UserLAnd was updated from 2.3.4 to 2.3.7, adding support for continuous deployment, user review request, and fixing the “getting started” link.

Removed apps

  • CACertMan was moved to the archive, as it is completely unmaintained. (No updates since 2011.)

  • FiSSH was moved to the archive as the author apparently no longer wishes to publish it to F-Droid. No reason was specified.

2 apps were removed.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at March 01, 2019 00:00

February 28, 2019

Privacy Browser

Privacy Browser 2.17

Privacy Browser 2.17 has been released. The app bar now scrolls off the screen when the WebView is scrolled down and reappears when the WebView is scrolled up. This was an important prerequisite in preparation for tabbed browsing, as the tab interface will take additional screen real estate that would be bothersome if it couldn’t be hidden by scrolling. App bar scrolling can be disabled in the settings for those who do not want it. The full screen browsing options were simplified to work with app bar scrolling.

There is a new Logcat Activity. This displays the logs that Privacy Browser can collect about itself without needing any special permissions. It is useful for figuring out what caused a crash. Depending on the cause and the permissions needed to see the information, not all crashes will be displayed in the Logcat. The screenshot below shows a crash caused because Android’s over-aggressive memory management decided to wipe out one of the blocklists while it was being used.

Users can now specify the URL and which browser to open when creating a desktop shortcut.

The link and image context menus now have options to open directly with an app or another browser.

Default apps can now be set from the open with app chooser.

A bug was fixed that caused Privacy Browser to apply URL syntax highlighting to text a user was typing if they started typing it while a website was loading. Another bug was fixed that would display the pinned mismatch dialog if the IP addresses were pinned and they had not yet been acquired by Privacy Browser when the website finished loading. Because the IP addresses usually were populated by the time the dialog was fully displayed, this would show a pinned mismatch dialog with no mismatching information.

Google’s Android Support Library, which is no longer maintained, was replaced with the new and shiny AndroidX libraries. This is basically a rename on Google’s part. These libraries backport newer Android features so they work on older Android devices, as we all know how miserable most OEMs are at updating Android after a device is released.

We have a new German translator, Bernhard G. Keller, who updated all the German strings for this release and will be working on the Guide and About for the next release. Progress is also being made towards the first full Turkish translation. The Italian translation was updated by Francesco Buratti. The Spanish translation was updated by Jose A. León. And the Russian translation was updated.

Unless there is a critical bug that needs to be fixed, this is the last release in the 2.x series. The 3.x series will begin with the much anticipated addition of tabbed browsing.

by Soren Stoutner at February 28, 2019 22:01

NewPipe

NewPipe 0.16.0 released, adding comment support and mediaCCC service

We are happy to release NewPipe 0.16.0 bringing support for reading top-level YouTube comments. Moreover, with media.ccc.de NewPipe supports three services now!

Comment support

@yausername implemented one of the most requested features: support for reading comments!

From now on, NewPipe can display comments underneath the video description. At the moment comment support is limited to reading top-level comments. But @yausername plans to extend it when he has some spare time left.

Nevertheless, NewPipe can and will only support reading comments, because any other activity like writing or up-/down-voting comments requires a YouTube account. For more on this topic, take a look at our FAQ.

As always, NewPipe tries to be as much customizable as possible. In case do not want to read comments at all, feel free to disable them in the content settings.

Along with adding the ability to view comments, @yausername added an autoplay toggle to the video pages. This allows you to easily turn on and off autoplay videos without going to the settings. You can find the toggle in the “related videos” tab by swiping the comment to the left.

media.ccc.de service

@theScrabi completed the work he put into adding media.ccc.de before 35C3. As a result, you are now able to listen and watch to all the interesting conference records. To do so, open the navigation menu, change the service to mediaCCC. You can now either choose from a long list of conferences or just use the search.

For those of you, who might not know the Chaos Computer Club, feel free take a look at their Wikipedia article.

In case you miss a service and want to add it to NewPipe or are just interested how this can be done, please take a look at our documentation. @theScrabi has been constantly working on it the last few months. The docs are far from being perfect, so any feedback or help is welcome. At this point we’d like to thank @snappyapple632 for cleaning up and improving the docs slightly.

Further improvements

@clockworkant added support for Amazon Fire TV virtual keyboard and @nv95 made clearing history items easier.

Thanks to @connectety, NewPipe can now open videos from youtube-nocookie.com.

@Redirion improved NewPipe’s interaction with Bluetooth devices: Receiving a notification while playing a stream via Bluetooth does not cause a delayed volume change anymore. Additionally, the artist and duration of a stream or song were added to the media description.

@kapodamy fixed a pop-up player crash which occurred when switching to the main player. We also fixed the layout of the setting pages which do not contain any icons.

Get the new version

We recommend you to install the F-Droid app as it notifies you as soon as an update for NewPipe is available.

Please let us know what your experience of the latest release is, especially bugs in need of fixing. As usual, you can reach out to us via IRC (#newpipe on freenode), open issues on GitHub or ideally use our built-in crash reporter to send us machine-readable issue reports, or send in fixes yourself.

February 28, 2019 17:00

February 23, 2019

This Week in F-Droid

TWIF 44: Mirror, mirror on the wall

This Week In F-Droid 44, Week 08, 2019 Feed

In this edition: Mirror work in F-Droid 1.6 alpha 1, new blog on Planet F-Droid, submission queue maintenance, and part 4 of Izzy’s F-Droid series published in print. There are 7 new and 35 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Mirror work in F-Droid 1.6 alpha 1

@_hc has spent most of the week on mirror support in F-Droid. All that work is contained in the next alpha release of F-Droid 1.6, alpha 1. There were a number of small related fixes, and it will now choose a random mirror for each APK download.

For the index itself, the old failover model is still in use, meaning it always starts with the main F-Droid repo, and will only move to a mirror if that fails. We need to put some more thought into this, as @_hc’s experiments with randomizing mirrors for the index show that it causes many unnecessary index downloads.

In closing: important changes ahead! Please test 1.6-alpha1!

New blog on Planet F-Droid

@vanitasvitae added Handy News Reader to Planet F-Droid. As the blog feed also contains posts in German and Polish, he is looking for some way to filter these out.

Submission queue maintenance

After @Izzy finished his cleanup work in rfp and fdroiddata, he has gone into maintenance mode, keeping up with new issues and making sure things are progressing. There are quite a few apps ready for packaging now, waiting for someone to pick them up.

If you’ve been wondering why so many new apps keep being added to F-Droid, this is why!

Part 4 of Izzy’s F-Droid series published in print

The fourth part of @Izzy’s F-Droid series was published in c’t magazine. This corresponds to part 3 of his blog series, which should be online in about 1 week from now.

New apps

Updated apps

In total, 35 apps were updated this week. Here are the highlights:

  • DuckDuckGo Privacy Browser was updated from 5.15.1 to 5.18.0. It fixes a bug that prevents opening homescreen or shared links in the app, adds an information box to let you know how to install the search widget, and improves the data clearing process. The URL bar was also polished and received a few small bugfixes.

  • EteSync 1.2.0 is in, adding a button to install OpenTasks if it isn’t installed, and warning about clients that don’t support email attachments when sending event invites.

  • PianOli is a baby-game featuring a small piano. This update from 1.1 to 1.4 brings a new child-lock that blocks any naive attempts at closing the app. It should now be a bit harder for babies to close the app (and unfortunately also for grownups). Also new is the warning sound when quitting the app.

  • FairEmail was updated from 1.333 to 1.338, featuring improved auto-linking, improved inline attachment selection, synchronize-on-demand, support for semi-automatic encryption, and snooze menu on the expanded message view.

  • Shelter was updated to 1.4, introducing “linked unfreeze” shortcuts, “camera proxy” feature, support for cross-profile widgets, support for viewing and manipulating all installed applications (may break things), and in-app global search.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at February 23, 2019 00:00

February 19, 2019

OsmAnd

OsmAnd Online GPS Tracker 0.4

OsmAnd Online GPS Tracker 0.4

Feb 19, 2019

Hi, Everybody!

Guess what - we have got something new for you! OsmAnd Tracker version 0.4 is fresh from the oven and ready to be downloaded. It does not matter whether you are an amateur or a professional sportsperson, or a traveler - the app will pleasantly surprise you anyway.

In our blog we have already announced that we have chosen Telegram to access all the necessary data. It is an open social platform that perfectly satisfies our requirements. Not only does it provide the list of contacts, but it also allows sharing one’s location. A Telegram account will be used during the process of registration in OsmAnd Tracker. The cherry on top is that you do not have to download the Telegram app to use your account in OsmAnd Tracker, and vice versa - one does not need OsmAnd app to share their location with another user via Telegram. You do not have to worry about the safety of personal information and chats, though. Select the accessible data and do not worry. By the way, your messages will stay intact and secure.

The Tracker has an amazing new function that is Timeline. We used to have two tabs “Live now” and “My location”. Now our users can organize their tracks the way they like, sending their location with a timer. The transmission will stop the moment the set time runs out. You have time options up to 24 hours to choose from. The users you have sent the GEO position to will see either a text message with written coordinates or a dot on an actual map. And what if you want to share a road to work that you made a few days ago? Well, now - with OsmAnd - you can! Here comes “Timeline”, where you can find the exact time span and send it. That is it! As easy as it possibly could be. In this tab, you can also view the history of tracks that were either sent by you or to you on a chosen day. One also can have multiple chats with different settings and levels of integration. The application also allows you to access saved info chronologically to avoid any confusion and difficulties in finding a particular moment in your movement history, including the locations that have been shared with you by other users. Any user can master their tracks and work on the details directly in OsmAnd app, which is fantastic!

Further instructions and helpful advice can be found here.

Get OsmAnd Tracker today from Google play.

.

Get it on Google Play

February 19, 2019 20:00

February 17, 2019

This Week in F-Droid

TWIF 43: The Android Rebuilt edition (alpha)

This Week In F-Droid 43, Week 07, 2019 Feed

In this edition: First alpha of android-rebuilds is up, F-Droid performance and Izzy triaging. There are 15 new and 69 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

First alpha of android-rebuilds is up

The first alpha of the android-rebuilds repo for sdkmanager is up: https://mirror.f-droid.org/android-free/repository/repository.xml

This is the free software rebuild of all the Android SDK components, done by @beuc. See: https://forum.f-droid.org/t/call-for-help-making-free-software-builds-of-the-android-sdk/

The goal is to get it so that apps can use it instead of maven.google.com and any of the Google packages. It is very alpha, so anything could change or break at this point.

F-Droid performance

@krombel is investigating why F-Droid is slow, so that we’ll know what needs to be improved. Preliminary results:

  • DNS and ping is in generally working well
  • fdroid_us is on average available at 88%
  • fdroid_de is in the same timeframe available on 64%
  • nights (1-7 o’clock german time) are quite good (4-7 o’clock directly after an index update which contains often used apps) but daytime is in general bad performing (so taking more then 10s to respond on pings)

You can checkout this for “this week so far” or play with different settings on that dashboard.

Izzy triaging

@Izzy is finished with triaging, and issues/MRs are in a much saner state now, in both fdroiddata and rfp. In the remaining time of the week he has been weeding his repo. Kicked a bunch of apps out (most had far too many trackers, others had “moved” to the “official repo”), marked others “no longer maintained” and fixed up Anti-Features (could even remove some)…

Website search updated

@uniq worked on our website’s search this week, fixing a few minor bugs, as well as doing the long overdue upgrade to django2. He has also started keeping a changelog.

New apps

  • SUSI.AI: Susi ai is an intelligent personal assistant.
  • EVE Mining Calc: Mining helper for eve online.
  • kboard: A programmable keyboard for Android that lets you send phrases, lenny faces, macros, and data from the Internet in a single tap!
  • MultiVNC: Vnc viewer that aims to be easy to use and fast.
  • TalkBack: Accessibility improvements.
  • Streak Alarm: Snapchat streaks reminder.
  • SQLiteViewer: A simple sqlite database viewer.
  • Simple Draw Pro: The “pro” version replacing Draw. Follow through here for the full story on what “pro” means.
  • Stop-o-Moto: Make gif and video files by taking single pictures.
  • Classical Music Scanner: Auxiliary program for the unpopular music player and opus 1 music player.
  • Bépo clavier externe: Bépo pour clavier externe.
  • Pi-hole Droid: Unofficial client that connects to your pi-hole to show charts and statistics.
  • DSBDirect: Access avh schweinfurt’s dsb board.
  • cone: Data entry tool for the plain text accounting ledger format.
  • POuL BITS

Updated apps

In total, 69 apps were updated this week. Here are the highlights:

  • Featured Nextcloud has been updated to version 3.5.0. Highlights are the new Material design, a chunked upload depending on connection (wifi 10mb, mobile 1mb). One can now directly upload a captured image in any folder. Also the existing Document Provider integration got extended to be fully working, so e.g. creating & saving a text from editor is directly working without starting the Nextcloud app. Last but not least all downloaded files will be updated in a background job every 15 min when on Wifi, to ensure that you have always the latest copy. This deprecates the old “keep in sync” setting.

  • App Launcher was updated from 4.1.1 to 5.0.1, with completely rewritten item selection under the hood, and now requiring at least Android 5.0.

  • Simple Calendar Pro was updated to 6.3.0, adding default settings for start time/duration/event type for new events, allowing import and export of settings, and fixing some glitches.

  • piggybudget was updated from 1.0 to 2.1 with a competely overhauled GUI featuring pretty colors, a clickable three-dot menu on items in the transaction history, and the history now also shows the day of the week.

  • StreetComplete was updated from 9.0 to 10.0. Quests previously hidden can now be made visible again from settings, all “other answer…” options leading to another dialog now have their text ending in “…”, wording in maxspeed quest was clarified, the choices in the crops quest are now now sorted with new UN FAO data, the tactile paving bus stop quest is now shown for ways as well, and when showing a quest for an element (e.g. a shop) that is not at street level, show additionally on which floor it is located.

  • Fedilab was updated from 1.72.0 to 1.73.0, adding Friendica support (restricted due to Friendica API limitations), support for chromebooks, and several bugfixes.

  • Tremotesf was updated from 1.8.5 to 1.9.0, and now remembers used download directories and shows them in the dropdown menu when adding a torrent or changing location. Also added were an option to enable compact view for torrents, an option to show torrent names on multiple lines, and the ability to rename torrents directly from its context menu or its properties screen’s menu.

  • G-Droid was updated to 0.8.0, adding the ability to review and comment on apps via Mastodon!

  • Tasks was updated from 6.4.5 to 6.5.2, with improved notification accuracy, performance improvements, and many bug fixes and translation updates.

  • Telegram was updated from 5.2.1 to 5.3.1, now with blur and motion effects in chat backgrounds, custom colors as backgrounds and apply patterns, search for new backgrounds by color or topic, share and set backgrounds via links that work on all platforms, use backgrounds you set on one device on your other devices, and a selection of new backgrounds.

  • UserLAnd was updated from 2.2.1 to 2.3.4 with more robust crash logging to aid in debugging, initial XSDL support for devices running Android versions below 9.0, several crash fixes, more robust username validation for new filesystems, and now correctly displaying the reason for failed downloads.

Beta updates

The following updates won’t be automatically suggested to you unless you have “Unstable updates” enabled in the F-Droid app settings, but you can expand the “Versions” tab and install them manually. Note that these are marked beta for a reason: proceed at your own risk.

  • Pix-Art Messenger was updated from 2.1.5 to 2.2.0 beta (2019-02-10)

  • Conversations was updated from 2.3.12+fcr to 2.4.0-beta+fcr:
    • New Backup / Restore feature
    • Clearly distinguish between (private) group chats and (public) channels
    • Redesigned participants view for group chats and channels
    • Redesigned create new contact/group chat/channel flow in Start Conversation screen
  • F-Droid F-Droid was updated from 1.5.1 to 1.6-alpha0

Removed apps

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at February 17, 2019 00:00

February 14, 2019

Adguard

How not to spoil Valentine's Day

How not to spoil Valentine's Day

For so many of us Valentine's Day is one of the most special and exciting days of the year. It is not only a reason to spend time together with your loved one, but also a great occasion to make presents, sweet surprises and say important, sometimes even life-changing words. We put so much of ourtime, effort and emotions into preparations for this day, it can be absolutely heartbreaking if something ruins it.

Now imagine that this "something" is not some unstoppable force or an unlikely turn of events, but a regular, stupid, boring online ad. The following stories are about people just like you and me, who had what could become one of the most memorable and happy days of their lives completely spoiled by targeted advertising.

The first story: no surprises, Christmas miracle gone wrong

How not to spoil Valentine's Day

Oh my God, is it Xbox?

This story is about Nora Crotty, a woman who struggled to find a Christmas gift for her parents. We all know this disgusting feeling when you can't come up with a good present and have to resort to something generic as a last second substitute. On the contrary, there are very few things that can compare to making a perfectly fitting gift for someone you love. Luckily for Nora, she got an awesome idea. Knowing her parents were extremely proud of their respective alma maters, she googled and then purchased for each of them a vintage-inspired college sweater.

Imagine her disappointment when her mom used Nora's laptop to log into her Facebook and then "proceeded to tell me about ‘these neat UVM sweaters’ she kept seeing on the sides of her feed, and 'wouldn’t that be a great idea for dad?!'" The targeted ad ruined what could have become a cherished memory for the entire family.

There is no shortage on similar stories on the Internet. Sure, you can delve into Google account settings, delete search history, etcetera, etcetera, but should it really be the thing that occupies your attention when you are pumped up about making a surprise for a beloved person?

The second story: Marriage proposal over ads

How not to spoil Valentine's Day

If you are married, you are a lucky one: you had a chance to either propose or be proposed to. If you are not married, you are even more lucky, you just don't know it yet — because you have this magical moment ahead of you. It is hard to describe, but it is one of those rare experiences that you can only share with someone once in a lifetime, and it sticks with you forever. Well, at least it was like that for me.

Jo Piazza was at this stage in her relationship when she kind of suspected her boyfriend was going to propose, but she didn't know when and how. And she very well enjoyed that state of things, living in the mix of anticipation and pleasant ignorance. Then, as it often goes in this type of stories, her laptop started to act up, so without any second thought she grabbed the boyfriend's one to look up whatever. In her own words, "This was the most aggressive retargeting campaign I’ve ever seen. Ads just kept coming, each one more aggressive than the next, popping up on both Google and Facebook." You can guess what type of ads they were: engagement ring ads. Naturally, Jo tried to ignore this new knowledge, but ultimately it slipped through in a conversation.

Of course, the boyfriend proposed anyway, and the ring was beautiful, but it wasn't the same.

The third story: hey Google, am I pregnant?

How not to spoil Valentine's Day

Here I actually have two quite different stories for you. The first one is not related directly to online ads, but is very representative in terms of targeting. The huge US retailer with a very fitting name — Target — assignes every customer a Guest ID number, tied to their credit card, name, or email address. Then Target looks at the history of purchases, searching for patterns that would indicate that the customer is expecting a baby. Such customers very soon start receiving coupons for all kinds of baby items. This sometimes leads to ridiculous situations:

An angered man appeared at a Target store, asking for a manager. He was infuriated that his high school daughter got a bunch of coupons for baby clothes and cribs. The manager apologized, and even called a few days later to apologize again, only to find out that Target, in fact, got the news ahead of the soon-to-be grandfather. This could even be seen as a funny story if it wasn't that creepy, considering the very intimate nature of the matter in question.

But what does it take to escape the all-seeing eye of the big companies and hide your pregnancy? When Princeton sociology professor Janet Vertesi became pregnant, as an experiment she took all possible and impossible measures. This included using Tor browser, paying for all maternity clothes and other products in cash, and vetoing friends and family members from discussing the pregnancy on Facebook. In the end, she succeded: she didn't see a single parenting-related ad through the course of her pregnancy. Was it worth it? "Opting out makes you look like a criminal," says Vertesi. She doesn't recommend others to do what she did, describing it as both "incredibly inconvenient and difficult to do".

Conclusion

Does it mean that we lose and the big data companies win? Not necessarily. You can live normal life and still protect your privacy by using an ad blocker or any other way to block online trackers. Today and tomorrow you can purchase an AdGuard license for you and your significant other with a 40% discount. A great way to make sure all your future gifts will always bring joy and happiness!

By the way, do you have similar stories of your own? Did you have the misfortune of ads ruining your day one way or another? Share your pain with us by sending an email to pr@adguard.com with the subject "Ads vs Me", and we will include your story in the compilation of the most unfortunate/bizarre/scary cases when things go wrong because of ads and tracking.

by Vasily Bagirov at February 14, 2019 12:40

Paul Schaub

I Love Free Software Day 2019

Free Software is a substantial part of my life. I got introduced to it by my computer science teacher in middle school, however back then I wasn’t paying that much attention to the ethics behind it and rather focused on the fact that it was gratis and new to me.

Using GNU/Linux on a school computer wasn’t really fun for me, as the user interface was not really my taste (I’m sorry KDE). It was only when I got so annoyed from the fact that my copy of Windows XP was 32 bit only and that I was supposed to pay the full price again for a 64 bit license, that I deleted Windows completely and installed Ubuntu on my computer – only to reinstall Windows again a few weeks later though. But the first contact was made.

Back then I was still mostly focused on cool features rather than on the meaning of free software. Someday however, I watched the talk by Richard Stallman and started to read more about what software freedom really is. At this point I was learning how to use blender on Ubuntu to create animations and only rarely booted into Windows. But when I did, it suddenly felt oddly wrong. I realized that I couldn’t truly trust my computer. This time I tried harder to get rid of Windows.

Someone once said that you only feel your shackles when you try to move. I think the same goes for free software. Once you realize what free software is and what rights it grants you (what rights you really have), you start to feel uncomfortable if you’re suddenly denied those rights.

And that’s why I love free software! It gives you back the control over your machine. It’s something that you can trust, as there are no secrets kept from you (except if the program is written in Haskell and uses monads :P).

My favorite free software projects for this years I love free software day are the document digitization and management tool paperwork, the alternative Mastodon/Pleroma interface Halcyon and the WordPress ActivityPub Plugin. These are projects that I discovered in 2018/2019 and that truly amazed me.

I already wrote two blog posts about paperwork and the fediverse / the ActivityPub plugin earlier, so I’ll focus mainly on Halcyon today. Feel free to give those other posts a read though!

I’m a really big fan of the fediverse and Mastodon in particular, but I dislike Mastodon’s current interface (two complaints about user interfaces in one post? Mimimi…). In my opinion Mastodons column interface doesn’t really give enough space to the content and is not very intuitive. Halcyon is a web client which acts as an alternative interface to your Mastodon/Pleroma account. Visually it closely resembles the Twitter UI which I quite like.

Halcyon – An alternative user interface to Mastodon/Pleroma

As a plus, it is way easier to get people to move from Twitter to the fediverse by providing them with a familiar interface 😉

There are some public instances of Halcyon available, which you can use to try out Halcyon for yourselves, however in the long run I recommend you to self-host it, as you have to enter your account details in order to use it. Hosting it doesn’t take much more than a simple Raspberry Pi as it’s really light weight.

I know that a huge number of free software projects is developed by volunteers in their free time. Most of them don’t get any monetary compensation for their work and people often take this for granted. Additionally, a lot of the feedback developers get from their users is when things don’t work out or break.

(Not only) today is a chance to give some positive feedback and a huge Thank You to the developers of the software that makes your life easier!

Happy Hacking!

by vanitasvitae at February 14, 2019 00:00

February 12, 2019

OsmAnd

OsmAnd 2.5 (iOS)

OsmAnd 2.5 (iOS)

February 12, 2019

OsmAnd 2.5 is now available!

OsmAnd Live

In a nutshell - you can access OsmAnd Live from an IPhone now. Do you remember our New Year’s resolutions? We have promised to catch the iOS version of OsmAnd up with the one on Android, and we are getting there. This update is just the beginning, so we will continue gradually adjusting the features of the app. OsmAnd Live gives you a unique chance to collaborate with other active app users to create a verified detailed map. Once you have inserted a correction in OpenStreetMap, it takes an hour for the online map to adjust. And, finally, there are no limits on downloading maps and contour lines.

Subscription options

Even though, the subscription for OsmAnd Live is inexpensive, it gives you numerous benefits, such as unlimited downloads, the access to contour lines, and hourly updates. In fact, by subscribing to the app you help to support our developers and the contributors that edit the info on OpenStreetMap. Just choose your subscription plan and you no longer need to update the map data on the device, it will be done automatically every hour or so. There are three options to choose from: a monthly, trimester, and annual. The subscribed users have all the downloads and plugins available. You can also manage the subscription and payment details using App Store or IPhone Settings.

And remember that only together we can achieve the best results!

New features are coming SOON!

Get it on App Store

February 12, 2019 21:00

February 09, 2019

This Week in F-Droid

TWIF 42: The Packaging Marathon Edition

This Week In F-Droid 42, Week 06, 2019 Feed

In this edition: Help needed with Debian Android Tools and Requests for Packaging marathon. There are 45 new and 98 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Help needed with Debian Android Tools

As you might know, we are trying to get the Debian Android Tools into Debian, so it becomes possible to build Android apps using only free and open source software from Debian. There are two key packages from the Debian Android Tools suite that are currently not going to make it into the new Debian Buster release. But with your help, this could still change! Read on for details…

The core of the problem is that Buster is using Java 11, and the Android AOSP code base still uses Java 8 and, only in some cases, Java 9. As far as @_hc can tell, just rebuilding the current Stretch package or updating will have more or less the same problems there.

So far, apo of the Java Team, seamlik of the Java/Android teams, and @_hc have all tried quite a bit to get something working. Now they are banging their heads against details in Java builds that none of them have ever dealt with before. So we’re putting out a call for help to find someone with this knowledge. Right now, it seems we need to figure out the new Java 9 “modules”, specifically using the --patch-module= flag to javac and java.

This issue is urgent as the soft freeze starts Tuesday the 12th of February. Any packages not in Testing by Monday will not make it into Buster!

For more information, including contact information, please see https://lists.debian.org/debian-java/2019/01/msg00052.html.

Requests for Packaging marathon

Requests for Packaging is our submission queue for new apps to be added to F-Droid’s main repository. This week, @Izzy, @Rudloff, @Licaon_Kter and @Relan have been going through old issues, spearheaded by @Izzy’s triaging work. As a result, they closed nearly 40% of all open issues, and we have a whopping 45 new apps to show for it! 24 of these were added in a single day!

New apps

Updated apps

In total, 98 apps were updated this week. Here are the highlights:

  • Scarlet Notes FD was updated from 5.9.7 to 6.6.3 with a new UI, a new search bar, the ability to sync externally with folder, and many other changes and stability improvements.

  • EteSync was updated from 1.0.1 to 1.0.4 with improved import of contact groups, updated event invitation signature, minor UI improvements, some color fixes, and stability improvements.

  • Red Moon was updated from 3.3.2 to 3.4.0, adding preliminary support for Android 8+ devices, also adding support for Android versions going back to 4.0 (previously 4.2), more intuitive behavior when saving filters with the same name, new changelog format, a zillion translation updates, and some bug fixes.

  • miniVector was updated from 0.8.21 to 0.8.22b, with an extra fix for the blank screen bug on Android 4.x devices. For other changes, see Riot below.

  • Forecastie was updated from 1.7.2 to 1.9.1, adding an adaptive icon, a dialog when searching for a location when there are multiple results, and changed OWM logic to use cityid instead of city.

  • Easy xkcd was updated from 6.1.2 to 7.3, with new transitions when entering and leaving overview mode, an AMOLED night theme, dividers in the overflow menu, complete rewrite of the app’s database, a new fullscreen mode that is toggled by tapping a comic, manual download for missing comics, and some smaller UI improvements and bug fixes.

  • Major MusicPiped was updated from 0.2.3-beta to 1.0.2 and has been completely rewritten in flutter with a completely revamped UI and functionality.

  • Mastalab now goes through life as Fedilab with accompanying new logo! This update from 1.70.0 to 1.72.0 adds GNU Social support, a split notification timeline, expand all CW in a thread with a single click, an upload button for Peertube, a quick button to delete toots for Pleroma admins and moderators, and some smaller improvements and bug fixes.

  • Fennec F-Droid was updated from 64.0.2 to 65.0, with improved performance, support for the WebP image format, and enhanced security via stronger stack smashing protection. Also, a new icon. (Changed by Mozilla, not us.)

Beta updates

The following updates won’t be automatically suggested to you unless you have “Unstable updates” enabled in the F-Droid app settings, but you can expand the “Versions” tab and install them manually. Note that these are marked beta for a reason: proceed at your own risk.

  • Riot.im was updated from 0.8.21 to 0.8.22. Note that this version was not released to the Play Store, and should be considered beta quality. It has an annoying display bug on Android 4.x devices. This version brings an all-new key backup and recovery UI, refreshed themes and a new icon, support for split-screen, autofocus when taking a picture, reorganized notification settings, and many bug fixes.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at February 09, 2019 00:00

February 08, 2019

Handy News Reader

Let's begin a new year with a bunch of new features!

We've already reached another year: couple of new Handy releases behind - with a bunch of new features, either already introduced or "in store" :) . Let's take a little bit of a survey through it.


What's new?:

Flick through articles with distraction-free picking and choosing :) .
If You are used to browse articles in full text mode and add chosen ones to read later or just to preserve (by adding to Favorites) - this feature is made especially for You :) . It allows to add a currently displayed article to Favorites quickly and easily - by a simple swipe from the top gesture. If repeated, the gesture will act vice versa, allowing You to remove from Favorites. So this is a really convenient and distraction-free way of handling new articles :) !

Make Your reading always eyes-friendly - by flexible brightness adjustment.
Although we have already an option to adjust a text brightness "once and for all" (app's settings: "Article's text/Text brightness") - we've introduced yet another, easy way of flexible brightness adjustment while reading: by swiping up or down, alongside the left edge of the screen.

Please Your fingers with better tap zones.
Since there are great diversity among the size of mobile devices, we've decided to improve tap zones, keeping in mind there are a lot of screen sizes and ratios out there, as well as various fingers' sizes, too :) . So, to make the thing more flexible and universal in use, we've added an option for adjusting tap zones' size, which now can be tailored to any screen (or finger) size :) . I like to call this feature "a lazy finger's pleasure" ;) - for I didn't like to tap the previous tap zones because there were a little bit too small for Me, forcing My finger to be more precise, requiring more effort, etc. ;) . Now, finally, the finger can rest and relax while using Handy ;) .

Now Handy knows what You have not seen yet :) !
Alexey described it pretty well: "I have a feed with auto update on, which has many articles. Periodically I am looking through article titles (in article list) to find something interesting. But the articles remain unread. I want to know which article titles I've had already seen. So the new feature marks new articles with a special ("+") icon - until they remain visible on the list. The ones which You've scrolled out of the list's visible area will be left without a "+" sign (after 2 sec. of being off the screen).

So I always know which articles I have already seen and which are new. This is a similar thing to the 'x new articles' button, which I want to remove in the future".

If You, however, don't find this feature usable for Yourself, You can turn it off in app's settings ("Articles' list/New article icon").

Hello F-Droid :) !
We are now happy and proud to inform that Handy News Reader reached the decent set of free software gathered under the F-Droid app store. This is the place where You'll find many great apps - mostly so-called "free software" - which are often light, fast, and without ads, no strings attached :) ! Moreover, the app store itself has dark mode, allows to choose between various apps' versions (instead of forcing You to install "the newest and greatest"), and has a handful of other valuable features, so it is worth recommending as a good Google Play alternative.

Take a crash souvenir ;) - a crash log file.
There are times - however rare - when an app may crash. Now, in such cases, Handy will help us to solve crash issues by creating a special "log file" containing crash-related technical information. Handy may propose to send this file to us via Your e-mail app - or You can send it by hand (the file is located here: "internal memory/feedex/crash.txt").


"In store".

Alongside new features which are currently implemented - there are a handful of others, which are considered to be introduced in the future (among all the rest of the upcoming features described on this site). Some of those are:

"Run the app in..." - custom shortcuts let You to launch Handy always in Your preferred category (e.g. The Unread, Favorites, and so on).

Customize hyperlinks - choose a color of hyperlinks within article text.

Disable hyperlinked headers - if You often accidentally tap on article header in full text mode, You will be happy of that one :) .


That's all for now, let the good times roll - happy new year and have a good time with Handy!

by Thomas Leigh (noreply@blogger.com) at February 08, 2019 22:24

February 07, 2019

/e/ foundation

Leaving Apple & Google: new BlissLauncher features, new version naming, how to support /e/…

Leaving Apple & Google:
New BlissLauncher features, new version naming, how to support /e/…

Say hello to applications applets

Better privacy doesn’t have to mean bad design! We are constantly improving our “BlissLauncher” to give you the best experience and ease-of-use possible. With the apps applets you can access content from your favorite apps in a blink of eye with a left swipe from the home screen. Try it NOW by installing or upgrading to the latest version of /e/.

Download & install here.

/e/ new naming scheme!

We have several major releases coming up very soon and we’d like to improve and simplify our naming conventions going forward. We have revisited our naming for the software releases and also for our default apps. From now on, we will follow this scheme:

version_number-{o|n}-datebuild_number-device

Example: 0.5-o-201902063108-dev-dumpling.zip

Once you install the OTA update, you will notice that /e/ account (eDrive) doesn’t work any more.  Follow these simple steps to get it back up and running.

Be part of something bigger!

It is ESSENTIAL to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.
In one word: contribute as a developer, lend some servers on Internet, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…
Act now:

Sincerely,

Gaël

Follow us on Twitter and Mastodon: @e_mydata

by Samuel Cazin at February 07, 2019 18:33

Adguard

A recap of 2018 in ad blocking

A recap of 2018 in ad blocking

In late December we posted a recap of 2018 from AdGuard's point of view. But the year didn't happen in a vacuum; we are all in this together — ad blocker developers, ad blocker users, and advertisers. So anything that happens in the "world of ad blocking" concerns both us and you, the users. Let's look back at the most noteworthy events in the industry, assess their impact, and try to make some predictions for the next year.

By the way, in the previous year we wrote a similar post about 2017 and also made some predictions for 2018. Without false modesty, we can say that all of them came true! Let's use those predictions as a springboard to jump into the last year's recap.

Looking back at our predictions for 2018
- The value of personal data
- New startups or large players?
- Smartphones
- Anti-adblocking and ad reinsertion
- Connected home, AR, voice recognition and privacy
- Cryptojacking
- Ad blockers start to work together
Our predictions for 2019

The value of personal data

Our prediction:

The value of personal data is growing, along with the understanding of this value by users. As data gets processed in more and more sophisticated ways, the risks of abuse get higher and at the same time more comprehensible.

Did it come true?

Absolutely.

A recap of 2018 in ad blocking

We hit the bullseye with this one. In the modern world, information costs money, and companies pay insane amounts for the personal data of their potential users. People quickly realized the value of their personal information, and more and more of them take active measures to protect their privacy today. One example: last year, after a series of privacy-related scandals, almost 75% of all Facebook users took actions to restrict FB's access to their personal data; 1 in 4 actually deleted the FB app from their phones.

Our prediction:

The start of GDPR implementation in May 2018 will also trigger a surge in interest in personal data protection.

Did it come true?

Obviously, yes.

A recap of 2018 in ad blocking

The GDPR coming into full force this year was a great factor in increasing the appreciation of privacy. Companies now can't afford to hide data leaks — you could easily notice it just by the increase in popularity of this topic in the news. Facebook, of course, was the absolute champion in that regard this year ([1], [2], [3]).

One of the less obvious positive impacts of GDPR is that it kind of opened the floodgates. Now there are talks about more similar regulations; for example, California (US) already passed a law that will grant its residents more control over their personal information online.

New startups or large players?

Our prediction:

Interesting new startups in the niche of protection from aggressive marketing (ad blocking, anti-tracking) will appear, but the market trends (and the activity of popular browser developers) are more favorable for the evolution of large players than for the emergence of new ones.

Did it come true?

Yes.

Perhaps this prediction wasn't the hardest to make, but still. Large corporations are still setting the rules of the game.

  • Google went as far as blocking ads itself and even founding the Coalition for Better Ads. Now, Google will decide which ads are suitable for you, and it is, of course, a total and complete mystery what ads will be chosen (except it is not).
  • Mozilla first implemented tracking protection in its Firefox browser, and then evolved it to content blocking.
  • Apple continues to develop Intelligent Tracking Protection in Safari.

All in all, there is a clearly visible trend: it is absolutely impossible to fight the surge of ad blockers on desktops. This is what people want and this is what they will use, one way or another. If you can't beat them, lead them — Google knows this best of all, it seems.

It is a different story for mobile devices, and we will talk about that later.

Smartphones

Our prediction:

Ad blocking on smartphones is unlikely to grow at a significant pace in Europe and the US: smartphones are too dependent on their ecosystem’s developers (Google, Apple), and these developers do not like anti-marketing products. They let browsers with ad-restriction features exist on their platforms, but this is a niche product for geeks.

Did it come true?

It is happening right now.

A recap of 2018 in ad blocking

Ad blockers are not allowed in the big app stores: Amazon, Apple and Google all made it impossible for real ad blockers (not parodies that these stores are teeming with) to be distributed via their platforms. We experienced it first-hand, and while Google has long been known for this stance, Amazon and Apple joined the mob only this year.

You might say, wait a sec! Didn't Apple add an entire content blocking technology to Safari? They did, but it is laughable. Safari Content Blocking API was basically abandoned after its launch, it is in utter stagnation. And we know like no one else that you can't fight ads, especially ad recover/reinjection startups, without continuous innovation.

Moreover, the main offenders to privacy on mobile phones have always been apps, not browsers. There is no shortage of evidence for this claim, just look at our Facebook research. And any attempts to confront apps when they try to collect users' data come up against fervent resistance from none other than those same big corporations.

Anti-adblocking and ad reinsertion

Our prediction:

The anti-adblocking and ad reinsertion markets will continue to grow. A third of the sites from Alexa’s top 10,000 are already working with ad blocking users in some way.

Did it come true?

No doubt.

As ad blockers grow, these technologies continue to grow too. It should be mentioned that more and more websites are moving away from the adblock wall strategy (because it simply doesn't work, as multiple examples demonstrate), and towards ad reinsertion (technology that helps circumvent ad blockers).

The arms race is in full swing. Ad blockers are honing their anti-ad tools, and companies that specialize in ad recovery are studying bypass mechanisms. And there is no end in sight.

Connected home, AR, voice recognition and privacy

Our prediction:

Advertising technologies related to augmented reality, voice recognition <...> will evolve. Active penetration of connected devices in homes will continue, and new privacy, data loss and abuse scandals will arise. Attempts to regulate IoT legislation will be made, probably in the EU, maybe in the US. <...> Brands continue to master the marketing potential of voice AI assistants.

Did it come true?

It did, and it was hard to miss.

As the old joke goes, "the letter "P" in "IoT" stands for "privacy." Everything that touches IoT is a complete mess, a war zone. There are virtually no rules, companies accumulate ridiculous amounts of very sensitive data from voice assistants and smart furniture, and they are not particularly careful with it. Data losses happen left and right, here is a good example: Amazon sends 1.700 Alexa voice recordings to the wrong user. If you think this is somehow an exception to the rule, you are very wrong. Here is Alexa being hacked, again. And here Google Home joins the party.

The first attempts to regulate the data security of the Internet of Things have been made, too. The most notable is the Californian IoT legislation aimed at protecting Californian users' privacy.

Cryptojacking

Our prediction:

Threats related to crypto-currencies will not lose relevance. Scripts for stealth mining (cryptojacking) will continue to be found in the most unexpected places.

Did it come true?

Mostly yes.

A recap of 2018 in ad blocking

Everything crypto-related may seem to be on the slow side now, but a recent study showed a 400% increase in instances of cryptojacking since last year. Throughout the year we had several occasions to talk about cryptojacking. In this article, we conducted a research and found out that some of the most popular video hosting sites were involved in a cryptojacking scheme.

Ad blockers start to work together

Our prediction:

Ok, we didn't make such prediction. But we meant it!

November 2018 marked (hopefully) a new milestone in the ad blocking industry. The first Ad-Blocking Developer Summit gathered developers from all over the world to discuss the current state and the future of the ad blocking industry. We are proud to have been part of it, and hope that such conferences will become regular. If advertisers and big companies can work together, why can't we too?

A recap of 2018 in ad blocking

It is easy to underestimate the importance of this event, especially since it wasn't talked about much outside of the developer circle, but that would be a mistake. We will try to post a separate article about the results of this conference, and how we view them, later.

Our predictions for 2019

Let's see if we can nail the predictions just as well this time around. Here are some of the ad blocking trends we expect to see this year.

The growth of traditional ad blockers will slow down or stop completely

It seems that almost everyone who wanted to block ads has already learned how to do it and installed an ad blocker. In addition to that, many browsers are now trying to block ads on their own in one way or another. Yes, they do a noticeably worse job than traditional ad blockers, but this is enough to slow down the growth, which is already not as huge as it used to be several years ago.

A recap of 2018 in ad blocking

Google search trends for the "adblock" keyword over the last 2 years

Also, innovations in ad blocking are becoming increasingly difficult, considering that browsers constantly put spokes in ad blockers' wheels ([1], [2]). Mobile ad blockers could have been a saving grace for the growth of the industry, and the growth is indeed there, but it is just too slow. No breakthroughs are expected in 2019 either.

The big companies that set the rules of the game just don't want ad blockers, plain and simple. We will hear more about Google Fuchsia (a new OS developed by Google), and we will not like this news.

The situation we describe might seem quite grim, but it will not last forever. There will be a new wave of ad blockers sooner or later, independent from artificial ecosystems set up by big companies. We expect a shift in new ad blockers' priorities, with more emphasis on privacy protection.

Yet another boom in interest towards privacy is coming in 2019

The GDPR shook everyone big time, but this is all just the beginning. Many companies have not taken this law seriously enough, but when the first large fines are exacted in 2019, they will have to review their priorities.

Another major event to look forward to is the new California Privacy Law coming into full force in January 2020. Some US companies simply restricted access for European users and did not do anything about the GDPR. It is very possible they will have to rethink their approach very soon.

More paywalls, more subscriptions

This trend appeared earlier, but it will continue through 2019. The Guardian, New Yorker, ArsTechnica, and many, many others, are trying to diversify their business and stop being dependent on advertising profits.

A recap of 2018 in ad blocking

By the way, we do not think this is all about ad blockers. As we said before, their share is growing very slowly and some kind of "adblockalypse" (which some had expected) never happened. The real reason is, companies like BuzzFeed and Vox Media were built on the expectation of fast growth in advertising sales. Instead, they have found that Facebook and Google – “the duopoly” – have simply tightened their grip on digital advertising revenue.

It is rather ironic that all along, the reason for the various media's revenue problems was not ad blockers (as everybody feared), but the advertising giants Google and Facebook.

Innovations in ad blocking will come, but you will not see them

Even though we said that innovations in ad blocking are being impeded, that doesn't mean there won't be any. For example, there is a lot of talk about the use of AI technology in ad blockers, like automatic recognition of advertising on webpages ([1], [2], [3]).

Such technologies are really evolving, but we doubt that there will be any breakthroughs in 2019. The rate at which these technologies find their groove will grow gradually, and at first they will find applications mostly on the back end. Think automatic filter analysis, site monitoring, and so on. So far these technologies are not ready to be implemented in ad blockers.

by Andrey Meshkov at February 07, 2019 11:10

February 01, 2019

Privacy Browser

Privacy Browser 2.16

The release of Privacy Browser happened earlier than I anticipated due to a need to fix an urgent bug, introduced in 2.15, that caused SSL certificate pinning to be ignored unless navigating history using the forward/back buttons or the history list. Not all of the planned features for 2.16 had been completed when this bug was discovered, but enough of them had been that I decided to release what was ready as 2.16 and push the rest off until the next release.

IP address pinning has been added to compliment SSL certificate pinning. This can provide protections against scenarios where DNS servers have been hijacked or redirected to provide bogus IP addresses. There have also been improvements to the layout of the SSL certificates in domain settings.

The current IP addresses are also now displayed in the View SSL Certificate dialog.

There are new menu items for opening a website with apps and other browsers. If an app is specified as the default for a particular schema it will be opened directly. Otherwise, the user will be presented with a list. If no app has specified an intent for the schema, it will reopen with Privacy Browser

These options are found under the new Share options menu.

The WebView night mode text selection color has been improved.

There have been various improvements to the bookmarks database view activity. There have also been some changes to some of the strings that reference numbers to make them easier to translate.

The Italian translation was updated by Francesco Buratti and the Spanish translation was updated by Jose A. León. The Russian translation was also updated and the partial Turkish translation is getting closer to being complete.

The next release of Privacy Browser will allow for scrolling the app bar and viewing crash logs, which should be a big help in troubleshooting problems. Baring unforeseen circumstances, I expect it to be the last release of the 2.x series.

by Soren Stoutner at February 01, 2019 19:19

This Week in F-Droid

TWIF 41: The Third Reproducible App Edition

This Week In F-Droid 41, Week 05, 2019 Feed

In this edition: Stringlate discontinued, part 2 of Izzy’s F-Droid series is now online in German and androDNS: Third reproducible app in F-Droid. There are 16 new and 107 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Stringlate discontinued

The developer of Stringlate has stopped all work on the project (more information here). It’s really a shame, since it is used to translate other FLOSS Android apps (available on F-Droid). The project is looking for a new maintainer and could use help from the community.

H/T @Poussinou

Part 2 of Izzy’s F-Droid series is now online in German

See: F-Droid for advanced users and developers. This article has earlier been released in English (on-line) and in print in c’t magazine. In agreement with c’t magazine, the German articles will be posted with a delay. As such, part 3 will be out in a few weeks, after the print version has been published.

New apps

  • Featured AndroDNS: We have the third reproducible app in F-Droid! This DNS client allows you to perform customized DNS queries directly from your mobile phone.
  • eBooks: Parse and find e-books to download.
  • MuPDF mini: Minimalist viewer for pdf, xps, cbz, unprotected epub, and fb2 documents.
  • Go to Sleep: Reminds you to go to sleep… until you do.
  • Trigger: Open a door over wifi or the internet.
  • Bop-MusicPlayer: A lightweight powerful music player.
  • ScraperClub: Application for scraperclub.
  • AppOpsX: A front-end for the appopsservice.
  • piggybudget: Easily track your expenses.
  • GameDealz: A non-official client for isthereanydeal.com.
  • Free Klondike: A mixture of freecell and klondike solitaire.
  • TimeLimit
  • Diab: A smart diabetes manager app.
  • CPU Stats: Show cpu usage within the statusbar.
  • Trekarta: Simple, responsive map for your trek.
  • SDB Viewer: View song lyrics, a translation of it and guitar chords.

Updated apps

In total, 107 apps were updated this week. Here are the highlights:

  • KeePassDroid was updated from 2.3.4 to 2.4.1, with a new fingerprint setting and better handling for large attachments.

  • Delta Chat was updated from 0.20.0 to 0.100.0 with a complete rework of the UI using pure material design, and too many improvements to list! Check out the changelog.

  • Major EteSync saw a huge update from 0.22.6 to 1.0.1, adding support for changing the encryption password, Tasks support via OpenTasks, stock password entry, fixes for email invitations, support for the new associate account type, and more.

  • openScale is a weight and body metrics tracker, with support for Bluetooth scales. In this update from 1.8.4 to 1.9.1, you’ll find a custom Bluetooth stack to improve Bluetooth communication, new calculations and measurements, support for the Libra-W scale, and the usual smaller updates and bug fixes.

  • μMath+ was updated from 2.17.4 to 2.18.0, now with support for Android 9, assigning array elements by index, and displaying whole array without using indices.

  • Vinyl Music Player updated from 0.18.0 to 0.19.2, adding a new smart playlist “not played lately”, smart playlist decoration, and finish current song when the sleep timer runs out.

  • SysLog 2.2.0 is out with instructions for rootless operation, updated dependencies and crash fixes in landscape mode.

  • Yaacc was updated to 2.2.0, with content browsing now done in chunks, async and non blocking for the UI thread. Visualization was added when loading content, Yaacc UPnP Server now respects chunk load requests, and there is a load of bug fixes.

  • wallabag is a self-hosted read-it-later app. It updated to 2.1.0 with a new fullscreen article view, Share and Copy options for the link menu, scrolling via hardware keys, TTS auto-switch to article’s language, and a setting to keep screen on while reading.

  • Featured Huge changes for Mastalab again in this update from 1.65.1 to 1.70.0. Mastalab now supports Pleroma, including moderator functions! In further news, you can now compose messages in either plain text, markdown or html. Support for scheduling toots on the server was added and there is now a setting to display new toots either above or below the “fetch more” button. Tag timelines can be switched into art timelines, GIFs are autostarted and looped, there are a bunch of Peertube improvements, and much more.

  • Revolution IRC is a modern Android IRC client. It released version 0.5.0, with advanced theming features, SASL External (CertFP) support, new message indicator and banner, date markers, start on boot option, and per-channel send history.

  • Open Camera was updated from 1.44.1 to 1.45.2, now with a ‘low light’ noise reduction photo mode, continuous burst mode, support for writing WebP and PNG images, and H264, HEVC, 3GPP and WebM (no audio) videos. There is a new option to export (and re-import) all settings to a file, new layouts and on-screen icons, time-lapse rates of 120x and 240x, and many other updates and bug fixes.

  • Open Contacts updated from 9.0 to 11.0 with UI improvements and making the WhatsApp integration optional. It now supports importing VCard data as-is and there are many improvements to the contact details, such as showing phone number types in contact details. It is also possible to switch time format between 12/24 hours.

  • Major Trireme for Deluge is a thin client for the Deluge torrent software, and was updated from 0.9.1 to 1.0.2, adding support for the new Deluge 2.0 RPC protocol. In addition to that there are some lesser UI tweaks and bug fixes.

  • The NewPipe that was broken has been reforged! This update to 0.15.1 should fix the breakage caused by Google’s changes. In addition to that, downloaded files can now be opened with one click, the minimum Android version was bumped to 4.4, streams can be removed by swiping right, and postprocessing for downloads has been added.

  • Telegram was updated from 4.9.1 to 5.2.1 adding global permissions for groups, unified group settings, 5-second undo for deleting chats and clearing chat history, new sorting options in Contacts, and new animations when uploading and downloading media.

Removed apps

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at February 01, 2019 00:00

January 30, 2019

Replicant

Meeting Point at FOSDEM

The Replicant Community Meeting will take place on Sunday, the 3rd of February at 11:00 AM in room J.1.106 at ULB, Brussels Belgium.
We have successfully booked a BoF room at FOSDEM, so we will have a quiet, heated and comfortable place where we can all sit together.

Access is public and free as in beer.
We encourage everyone to participate and contribute their opinion.
This meeting will be essential to the future arrangement of Replicant as a structured Project.

Any schedule update or other info can be tracked on the event’s dedicated page on FOSDEM’s website.
Replicant’s blog will also be updated accordingly.

IMPORTANT NOTICE: This announcement is about the community meeting. The time schedule for the workshop hasn’t been decided yet.
Interested people are encouraged to write to the mailing list to help organize it.
Also, the related poll is still open.


by Fil at January 30, 2019 09:20

January 28, 2019

Adguard

7 things you need to do on Data Privacy Day

7 things you need to do on Data Privacy Day

Last time I checked, the year was 2019, and it is hard to overestimate how important information is today. It is being collected, stored, purchased, sold and stolen. And the most valuable information is information about you: the person. Companies go out of their way in attempts to build extensive profiles about online users, and other companies pay them a pretty penny for these profiles.

Today is the international Data Privacy Day, and it presents a great opportunity to talk about ways to protect yourself online. People usually don't like being a product, and probably neither do you. After all, you wouldn't let random weirdos stalk you while you eat, go shopping or watch TV. How are your online actions any different? Sadly, most people just don't know what to do about it.

In this article we will look at 7 ways to shield yourself from omnipresent surveillance, and in the end I promise a small but pleasant surprise.

1. Read privacy policies

Or at least check if there is any when you install a new mobile app or browser extension. This sounds silly, but it is true! Sometimes apps and extensions have no privacy policy, or even worse, it just tells you in plain text that they are going to grab all your personal data and then sell it.

7 things you need to do on Data Privacy Day

Just look at the OperaVPN privacy policy

Now, I don't say you have to read the wall of text that every privacy policy ever usually is. But even glancing over it for a minute or two to spot any obvious discrepancies will go a long way.

2. Pay attention to permissions you give your apps

Want to install this cool new game on your smartphone? Remind me, why does it need access to camera and microphone? Exactly. It doesn't. Treat every new app on your devices as a potential enemy to your privacy. Think twice about sharing information about yourself, even with applications and services by legitimate and respected companies — there are enough examples of massive data breaches.

3. Turn off location services on your phone

Geolocation is one of the most delicious types of data that analytics companies can put their hands on. By having access to someone's location history one can potentially find out almost everything about this person's tastes, hobbies, social and financial status etc. Restrict location services for apps that clearly don't need it, and consider disabling it completely if you don't need them at the moment.

7 things you need to do on Data Privacy Day

On iOS, go to Settings - Privacy - Location Services to configure permissions for each app or disable it completely.

On Android, it is much more complicated. As it turned out, simply disabling Location History in phone settings will not be sufficient to stop some apps from tracking. You need to go to your Google Account and find Web & App Activity setting. Finding it is not easy, so use one of the guides available online.

4. Clear cookies

Whenever someone writes about cookies, they usually start with a brief explanation of what they are. Cookies are small files sent by websites and stored on your PC or mobile device. They usually contain some information about your activity on this website, like shopping cart contents in an online store. But cookies are also one of the primary mechanisms for websites to track you. Consider clearing them once in a while, and when on mobile make it a rule to restart your browser from time to time.

7 things you need to do on Data Privacy Day

"You want to delete what?!"

Clearing cookies often comes with a cost, as your experience with some websites may not be as smooth. For example, you'd need to log in manually more often. So find your own balance between privacy and convenience, but whatever you do don't say we didn't warn you!

Oh, and if you think that using incognito mode somehow helps keep your privacy — it doesn't.

5. Install an ad blocker

Hey, we are an ad blocking company, so install an ad blocker, alright? wink wink But in all seriousness, by far the most efficient way to fight online tracking is to use a dedicated software. Be it a tracker blocker, or an ad blocker with anti-tracking filter lists, they all do the same: monitor your traffic and block any attempts to send information to tracking domains.

If you decide to choose AdGuard, know that all of our products offer special Spyware filter that blocks all known trackers and analytics. You will probably want to enable it in settings. AdGuard for Windows app also provides access to Stealth Mode — a whole module devoted to privacy protection, and soon it will be implemented to other AdGuard products, too.

6. Use encrypted DNS

Whoa, whoa! This one is not like the others! Indeed, many people have a very vague idea about DNS or haven't heard about it at all. We explain DNS in our Knowledge Base, but to save time let's just say that while unencrypted, DNS traffic can be exploited by your ISP or potential attackers to steal your personal data and even uniquely identify you. The worst part is that using regular ad blockers and taking other measures described above will do nothing about it.

7 things you need to do on Data Privacy Day

DNS privacy concerns

In order to protect yourself on the DNS front, you have to use one of the encrypted DNS protocols and switch to trustworthy DNS servers over the default ones. One of the simplest ways to achieve this is to choose AdGuard DNS. It is easy to set up, can be used on literally any device and will even block ads and trackers along the way. For the advanced users we can suggest AdGuard Home, which offers a lot of other options on top of AdGuard DNS, is highly customizable, but requires some skills to get going.

7. Use VPN or proxy

I put this in the end intentionally, not because using it is ineffective, but because it requires more setup, and to be honest, best VPN services are not free. VPNs and proxies are essentially servers that stand between you and the website you are trying to reach, and to that website it appears like the request is made by the server, and not by you.

7 things you need to do on Data Privacy Day

So why not just use VPN all the time? Some do, but you need to understand the tradeoffs before you dive in. Depending on what service you choose and on your location, you may experience a drop in connection speed. Also let's not forget that once you commit to using a VPN, you trust its owner with all your data, so choose carefully.

There are countless examples of "fake" VPN providers (mostly among the free ones) that hardly provide you with anonymity but instead collect your personal data themselves. Without doing any advertising, I would recommend selecting one of the well-known and trustworthy VPN services, even if it will cost you several bucks a month. After all, you didn't come here to save on privacy.

Conclusion & promised surprise

Protecting your online privacy is not an easy task. Following these pieces of advice will be a major step towards safety, but all this won't work if you don't make privacy a priority. Think twice next time you are about to tag your location on a photo or blindly a new mobile app access to everything on your phone. Remember that you're the one who is responsible for your privacy.

And to assist you and your friends&family in this fight for privacy, we offer a 33% discount on any AdGuard license key for 3 devices. The offer goes on until January, 31st.

Happy Data Privacy Day!

by Vasily Bagirov at January 28, 2019 08:03

January 27, 2019

NewPipe

NewPipe 0.15.1 released, adding update notifications

After having had to publish 0.15.0 a bit earlier than we wanted to due to YouTube breaking their site again, we’re happy to announce the release of the bugfix release 0.15.1.

Update notification

@krtkush implemented an important part of making NewPipe more bug hardened. He implemented notifications for app updates which inform users of the GitHub build about new versions available on GitHub.

@theScrabi had interesting conversation with F-Droid contributors about speeding up the APK build process on 35C3 back in December. As a result of this, @TheAssassin is working on setting up our own F-Droid repository. In a further step, we want to set up reproducible builds in our F-Droid builds process. This will resolve the problem that a NewPipe version which has been downloaded from F-Droid cannot be updated with a new build from GitHub.

These two steps aim to make NewPipe more flexible and faster in deploying critical bug fixes.

Further improvements

The download process which received a big upgrade in NewPipe 0.15.0, got a bunch of smaller improvements in this release, too. These are mostly bugfixes, e.g. the video and audio stream should be synchronous again. Unfortunately, this doubles the space which is required for merging the video and audio streams. For example when a video stream with 500MiB and an audio stream with 25MiB are downloaded another 525MiB are required while merging both streams into one file.

@yausername fixed an extraction bug which made livestreams stop after a few seconds.

Get the new version

We recommend you to install the F-Droid app as it notifies you as soon as an update for NewPipe is available.

Please let us know what your experience of the latest release is, especially bugs in need of fixing. As usual, you can reach out to us via IRC (#newpipe on freenode), open issues on GitHub or ideally use our built-in crash reporter to send us machine-readable issue reports, or send in fixes yourself.

January 27, 2019 11:00

January 25, 2019

This Week in F-Droid

TWIF 40: The NewPipe Broken Builds edition

This Week In F-Droid 40, Week 04, 2019 Feed

In this edition: NewPipe and broken builds, and more than 5000 followers on Mastodon. There are 20 new and 71 updated apps.

Hi everyone, here’s a fresh new TWIF for you! Many thanks to @Licaon_Kter for writing edition 38! Unfortunately we had a problem with updating the website, which means it was delayed by almost two weeks. We now have a temporary solution in place for faster updates and are working on a permanent one. This edition will cover both TWIF 39 and 40.

NewPipe and broken builds

We’ve had problems with building most apps, and with NewPipe in particular. @Bubu reports:

  1. Google changes some things in Youtube’s webinterface –> NewPipe can’t play Youtube videos anymore (previous version works though).
  2. The NewPipe team soon releases an update that fixes the problem.
  3. F-Droid buildserver is not fully stable at this point so builds are only running ~ every 2 days.
  4. First build of NewPipe fails with a Github internal server error. (Great!)
  5. At this point Google somehow pushes a license change to the Android SDK repositories (adding some GDPR stuff), but as the license hash is checked programmatically by the SDK tools, this breaks all CI pipelines that install Android SDK components. It also breaks most builds in F-Droid, including the next build of NewPipe. (Great, again!)
  6. I’m trying to figure out what we need to change in our buildserver setup scripts to make it work again. Apparently solutions which other projects have found are not working for us as we are forced to use an older sdk-tools revision.
  7. After almost a day of rebuilding F-Droid buildservers without success, everything magically starts working again without us changing anything. (So Google reverted their change?). Progress was tracked here and here.

Lessons learned:

  • Everything breaks at the most inconvenient of times.
  • NewPipe needs a faster update channel than the main F-Droid repository. The discussion about this can be found here.
  • We need to mirror the sdkmanager repository, such that Google can’t remotely break all our infrastructure.

The long-term fix for this is to create free software builds of the Android SDK so we are completely free from Google and their restrictive license terms. If you are as annoyed by this as we are, please have a look at the forum thread to see if you can help! –@Coffee

Over 5000 followers on Mastodon

We surpassed 5000 followers on Mastodon this month. We are happy to see that more and more people are finding us, and also that Mastodon keeps growing.

Downgraded apps

  • Version 2.1 of the game 2048 was broken, and has been removed from the repository. Version 2.2 is expected to arrive soon.

New apps

Our volunteers have been busy adding new apps, 20 in total!

Updated apps

In total, 71 apps were updated this week. Here are the highlights:

  • There was a bug in maintenance release 4.9.1a of Telegram, where it wouldn’t sync any messages for some people. We’ve removed this version from F-Droid. For those who already updated, upstream sources of 5.2 have been published and we are expecting these to land in F-Droid soon.

  • Some significant updates for Rocket.Chat 3.2.0, with a new user screen and a new room screen, support for muted state in the room, ability to delete the account, take a photo and send directly, and several other improvements.

  • Several months worth of development for Waistline, a calorie and weight tracker app, which updated from 2.3.7 to 2.4.2. Too many changes to list, but a selection: simplified food filter; filter by country; a new combined foods, meals and recipes page replacing the individual pages; and much more.

  • SecScanQR updated from 1.1.9 to 1.2.0, adding the search engine Startpage, “are you sure” dialog before deleting history, and round launcher icons. A security fix prevents the OS from taking screenshots, and the “WRITE EXTERNAL STORAGE” permission is now only needed when you want to save the generated QR-code.

  • Mastalab was updated from 1.64.1 to 1.65.1, now with support for deleting Peertube videos, NSFW control for Peertube videos, and many bug fixes.

  • G-Droid updated from 0.6.2 to 0.7.1, with a new list view, show similar apps ordered by similarity, pull-down to refresh, different sorting methods, show apps the user might also like, uninstall button, and several other improvements and bug fixes.

  • Sugarizer is an implementation of the Sugar Learning Platform, a learning platform for children. In this update to 1.1.0, the activities Ebook Reader, Exerciser and Sprint Math were added, as well as a sort palette in Journal. It will now allow action on multiple items in Journal, copy from Journal to device and from device to Journal, show help tutorial on initial screen, and show help on activities in list view. This release also contains many bug fixes.

  • Major OONI Probe released version 2.0.0, with a major UI overhaul. OONI Probe is a tool to measure internet censorship and other forms of interference. It can help to detect things like this. Highlights of this update include an overview screen for all test results, enhanced website testing where you can test a website of your choice, and data usage tracking on a test-by-test basis.

Beta updates

The following updates won’t be automatically suggested to you unless you have “Unstable updates” enabled in the F-Droid app settings, but you can expand the “Versions” tab and install them manually. Note that these are marked beta for a reason: proceed at your own risk.

Removed apps

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at January 25, 2019 00:00

January 24, 2019

Adguard

Our comment on Google Chrome's proposed extensions platform change

Our comment on Google Chrome's proposed extensions platform change

You might have already heard about this. Google is going to change Chrome's extension platform. The proposed change in its current state will cripple or even effectively kill a lot of extensions, and it will significantly reduce the capabilities of ad blockers including AdGuard Chrome extension.

We are receiving numerous questions about this situation, and in this post, I'd like to clarify our position.

In my opinion, Google does NOT intend to kill ad blockers. They genuinely want to make the extensions platform more secure and improve the situation with users privacy. It is not a secret that Chrome Web Store is full of spyware and even malware. So they had two options: invest more time into the manual review process or limit extensions capabilities. It's obvious now what they chose.

It does not mean that ad blocking extensions for Chrome will cease to exist. It just means that they will become worse. How much worse depends on the outcome of this discussion (please don't comment there if you are not a developer). The new proposed API is not final, and there is a chance that in the end, the solution will not be too bad.

So what do we think about it? I'll be blunt, we at AdGuard are sick and tired of what's going on with large ecosystems during the last couple of years. Google (1, 2), Apple (1, 2), and even Amazon (1) (who would have thought!) slowly deprive users of control over their data. Surprisingly enough, usually, it is being done in the name of security and privacy.

This is the reason why we spend so much time developing products that do not depend on those, who control ecosystems. AdGuard Home might be in its early stages, but every recent news reinforces my belief that this is the future of content blocking.

Needless to say that premium AdGuard products for Windows, Mac, and Android work on the network-level and are not affected by this change.

by Andrey Meshkov at January 24, 2019 10:11

January 23, 2019

Fairphone

Guardian Project

Use Onions/HTTPS for software updates

There is a new vulnerability in Debian’s apt that allows anything that can Man-in-the-Middle (MITM) your traffic to get root on your Debian/Ubuntu/etc boxes. Using encrypted connections for downloading updates, like HTTPS or Tor Onion Services, reduces this vulnerability to requiring root on the mirror server in order to exploit it. That is a drastic reduction in exposure. We have been pushing for this since 2014, and Debian, mirror operators, and others in the ecosystem have taken some big steps towards making this the standard. This should finally put to rest the idea that plain HTTP is enough for software updates with signed metadata.

To this end, we have always supported F-Droid’s practice of requiring HTTPS connections to f-droid.org and mirrors, even though the signed metadata file is the essential mechanism for providing security.

Using encrypted connections on your server

Over the years, we have been honing our apt sources setup to use encrypted connections as much as possible, while getting updates as fast as possible. The hard part of this is that the official Debian security server only provides HTTP. There are mirrors of that that are available over HTTPS, but they can receive updates hours or days later. The best fix for this would be for Debian to provide an HTTPS connection to security.debian.org. There are still things in the apt source configuration that can help. There are three levels we use:

  1. only Tor Onion Services for all updates, this means always encrypted and over Tor, but can mean that updates are delayed, for example if Tor traffic is blocked.
  2. First try Tor Onion, then try HTTPS. This provides a backup connection method in case Tor is not working, for whatever reason, but still could get updates slower than the official security source
  3. First try Tor Onion, then try HTTPS, then try HTTP. But HTTP is only enabled for security.debian.org

You can see an example of the final option by looking at F-Droid’s compile farm server config.

Fixing your boxes

@abelxluck aka @abeluck put out an Ansible Playbook to do this update. Here is a quick script for securely updating on Debian/stretch/amd64 based on the info published on the debian-security list:

#!/bin/sh -ex

apt -o Acquire::http::AllowRedirect=false update || true
apt -o Acquire::http::AllowRedirect=false upgrade --download-only || true

cd /var/cache/apt/archives

test -e apt-dbgsym_1.4.9_amd64.deb && \
echo "1da507155c7b1ad140739c62fdacceaf5b5ee3765b1a00c3a3527d9d82a8d533 apt-dbgsym_1.4.9_amd64.deb" | sha256sum -c

test -e apt-transport-https-dbgsym_1.4.9_amd64.deb && \
echo "59f3e1c91664fe3b47048794560ebe9c41f1eeccbdd95f7715282f8cbe449060 apt-transport-https-dbgsym_1.4.9_amd64.deb" | sha256sum -c

test -e apt-transport-https_1.4.9_amd64.deb && \
echo "c8c4366d1912ff8223615891397a78b44f313b0a2f15a970a82abe48460490cb apt-transport-https_1.4.9_amd64.deb" | sha256sum -c

test -e apt-utils-dbgsym_1.4.9_amd64.deb && \
echo "e3e157c291b05b2899a545331c7597ab36ca04e02cd9010562b9985b76af60db apt-utils-dbgsym_1.4.9_amd64.deb" | sha256sum -c

test -e apt-utils_1.4.9_amd64.deb && \
echo "fb227d1c4615197a6263e7312851ac3601d946221cfd85f20427a15ab9658d15 apt-utils_1.4.9_amd64.deb" | sha256sum -c

test -e apt_1.4.9_amd64.deb && \
echo "dddf4ff686845b82c6c778a70f1f607d0bb9f8aa43f2fb7983db4ff1a55f5fae apt_1.4.9_amd64.deb" | sha256sum -c

test -e libapt-inst2.0-dbgsym_1.4.9_amd64.deb && \
echo "0e66db1f74827f06c55ac36cc961e932cd0a9a6efab91b7d1159658bab5f533e libapt-inst2.0-dbgsym_1.4.9_amd64.deb" | sha256sum -c

test -e libapt-inst2.0_1.4.9_amd64.deb && \
echo "a099c57d20b3e55d224433b7a1ee972f6fdb79911322882d6e6f6a383862a57d libapt-inst2.0_1.4.9_amd64.deb" | sha256sum -c

test -e libapt-pkg-dev_1.4.9_amd64.deb && \
echo "cfb0a03ecd22aba066d97e75d4d00d791c7a3aceb2e5ec4fbee7176389717404 libapt-pkg-dev_1.4.9_amd64.deb" | sha256sum -c

test -e libapt-pkg5.0-dbgsym_1.4.9_amd64.deb && \
echo "cdb03ddd57934e773a579a89f32f11567710a39d6ac289e73efb20e8825874d1 libapt-pkg5.0-dbgsym_1.4.9_amd64.deb" | sha256sum -c

test -e libapt-pkg5.0_1.4.9_amd64.deb && \
echo "03281e3d1382826d5989c12c77a9b27f5f752b0f6aa28b524a2df193f7296e0b libapt-pkg5.0_1.4.9_amd64.deb" | sha256sum -c

apt -o Acquire::http::AllowRedirect=false upgrade

by Hans-Christoph Steiner at January 23, 2019 11:35

January 20, 2019

Replicant

The Replicant project will receive a mobile device from Necuno Solutions

The Replicant project has been looking forward to support devices with free software bootloaders. While Replicant is a fully free software Android distribution, many freedom, privacy and security issues are orthogonal to the operating system. The hardware design of each computer (smartphone, tablet, laptop, etc.) people use, and the architecture of the cellular network also have their set of issues. For more information on these issues, the Replicant project has some documentation on the topic.

So far all the devices that are (or have been) supported by Replicant use a nonfree boot software (the bootloader). These devices also use hardware restrictions to deny users the freedom to replace them completely with free software, effectively forcing them to run nonfree software. This is a very serious freedom issue that prevents users from being in control of their devices.

There were several attempts to add support for devices with free software bootloaders in Replicant:

  • The LG Optimus black: this smartphone doesn’t prevent users from replacing the bootloader. Paul Kocialkowsky did a lot of work to add support for this device in upstream u-boot (a free software bootloader) and added minimal support for it in the upstream Linux kernel. However support for some of its most important hardware components like the display are still missing in the Linux kernel. This device can probably still be found second hand
  • The GTA04 smartphone from Golden Delicious: this smartphone has a free software bootloader which is based on u-boot. The smartphone was designed to run GNU/Linux and has almost complete support in upstream Linux. There were attempts to add support for it in Replicant 6.0, however a lot of time was spent to try to make suspend to RAM work with Android. However older Replicant 4.2 images are available. Several hardware revisions of the GTA04 have been made and shipped to customers and developers over the years. However this has stopped due to manufacturing issues. Another issue is that the revisions before A5 only have 512M of RAM and a high DPI display: This combination makes running Android 9 potentially challenging. Fortunately the A5 revision has 1G of RAM, but not a lot of working units were produced.

There is also some ongoing work to specifically add support for smartphones that are currently supported by Replicant like the Galaxy SIII (i9300), the Galaxy Note 2 (n7100) and their 4G versions (i9305 and n7105). The 4G versions could also be supported by Replicant if the work to support their modem (through QMI-RIL) is resumed.

The Replicant project will receive a mobile device, the NC_1 (formerly called Necuno Mobile) from its manufacturer (Necuno Solutions), which will have a free software bootloader

This device has the size of a smartphone, but doesn’t have a broadband modem: while users will not be able to use a built-in modem for phone calls, SMS or to access the Internet, it is still the best way to be completely sure of avoiding any freedom privacy and security issues related to broadband modems and the cellular network. It will also require less work to add support for this device in Replicant.

Even if it’s possible to disable the modem on some of the mobile devices currently supported by Replicant by not loading the modem’s code, some nonfree software still run on these mobile devices. This includes the bootloader and potentially any other nonfree software that it may load. Because of that we cannot be 100% sure that the modem is completely disabled.

The Necuno Mobile will use an I.MX6 Quad system on a chip (which is a chip that contains the main CPU, the microSD card controller, the GPU, etc.). Its free software support is better than for many other system on a chip: the only functionality of the I.MX6 Quad that requires nonfree software is the video decoding acceleration. The article on single board computers has more details on freedom issues affecting various system on a chip and by extension the single board computers that use such components.

A Replicant developer (Joonas Kylmälä) will receive a Necuno Mobile to work on it.

The Necuno Mobile should have a Linux kernel that is very close to upstream: this is a good opportunity for a new attempt to enable Replicant to use upstream kernels. This has many advantages. One of them is that in the long run, it should decrease the amount of work required to maintain the devices and potentially increase their lifetime.

This should also enable the Replicant project to more easily add support for other devices that can use an upstream kernel, like the GTA04, or devices like the Galaxy SIII (i9300) and the Galaxy Note 2 (n7100) that are starting to have good support in upstream Linux.

It is also very interesting in the long run as we could share some of the work with other smartphones projects like postmarketOS who are also trying to support mobile devices with upstream kernels. It could also enable the Replicant project to more easily support future mobile devices that will have free software bootloaders, as some of them will also use kernels that are meant to run GNU/Linux.

by GNUtoo at January 20, 2019 21:40

January 19, 2019

Replicant

Replicant meeting at FOSDEM 2019

Call for participants

Like every year, FOSDEM will take place the first weekend of february in Brussels, Belgium.

Replicant is organizing a community meeting and a workshop that will take place alongside FOSDEM events.
The main intention behind this is to gather Replicant enthusiasts and contributors together in order to share ideas and discuss Replicant-related key topics.
This is a call for the community to participate and propose arguments to discuss.
A wiki page has been prepared, to collect proposals and schedules.
Proposals and questions can be presented to the mailing list.

Examples topics that have been proposed are:

  • What directions should the project take, what work to prioritize
  • How to fix f-droid to keep Replicant FSDG compliant

Together with the following workshop arguments:

  • How to setup the build environment
  • Hands on libsamsung-ipc and samsung-ril
  • Answer various questions about contributing to Replicant
  • Help contributors who are stuck with specific issues


Two free-software-powered polls have been published, to help us chose the best day and time:

We invite whoever might be interested, to indicate their preferred schedule for the events, in order to help us set up a sensible timetable.

The official meeting point and timetables will be published on this blog and on the mailing list.

Stay tuned!

EDIT:
The meeting report is available: https://redmine.replicant.us/attachments/download/1597/formatted-report.pdf

by Fil at January 19, 2019 13:32

January 18, 2019

FreeYourGadget

Gadgetbridge 0.32.0: Casio GB-6900B and per-device alarms

Gadgetbridge 0.32.0 has been realeased and is already on F-Droid!

The highlight of this release are are initial support for Casio GB-6900B (contributed by Andreas Böhler) and per-device alarms.

Per-device alarms also means that you can use the maximum number of alarms you device supports, no longer limited to three.

The rest of changes are mainly bugfixes and minor improvements.

This release took a bit longer than usual, since some core members where busy with other projects, like working on Codeberg, a new non-profit hosting and collaboration platform, where Gadgetbridge also moved to.

Yep, github is now a mirror for us. We still use the Issue tracker on github and we are still accepting PRs on github - but prefer new PRs on codeberg.org.

Also the wiki is now a mirror on github, if you want to help working on documenting Gadgetbridge, please create an account on Codeberg and meet us here.

Version 0.32.1

  • Fix db deadlock on alarm migration

Version 0.32.0

  • Initial support for Casio GB-6900B
  • Increase number of alarms and store them per-device
  • Support factory reset in debug activity (Mi Band 1/2/3, Bip, Cor)
  • Filter out unicode control sequences (fixes problems with Telegram and probably others)
  • Fix endless loop resulting in OOM when RTL support is enabled
  • Recoginize p≡p as an email app
  • No longer display Android paired devices in that were not a paired with Gadgetbridge
  • Amazfit Bip: Allow flashing latest GPS firmware
  • Pebble: Native support for M7S watch face
  • No1 F1: Support for a Chinese clone

by Andreas Shimokawa at January 18, 2019 23:00

NewPipe

NewPipe 0.15.0 released, upgrading downloads, fixing critical bug and dropping support for Android 4.3

We are happy to release NewPipe 0.15.0. This new version brings a completely refactored download mechanism. Please note that starting with 0.15.0, NewPipe dropped support for Android JellyBean (4.3) and older. As always, this release includes several smaller improvements and fixes.

Everybody is encouraged to update NewPipe because all prior versions do not work anymore. The update is necessary because once again, YouTube changed their setup.

Update: The F-Droid builds are delayed due to more Google-created issues. Read on for more information.

Update 2: F-Droid released 0.15.0 binaries. You can now upgrade via F-Droid.

Delay in releasing new version on F-Droid

Unfortunately, there are more issues created Google annoying both us and the team. The Android build tools installation was changed in a way so the F-Droid build infrastructure can’t build some projects, especially the ones which use the most recent versions any more. NewPipe is one of these projects.

After a few days, we started to look into why the release wasn’t published, and started to investigate the issue with the F-Droid folks. They were aware of the issues, and were looking for a bug fix, however in the meantime it looks like Google changed the licensing stuff once again.

The F-Droid devs pushed some temporary workarounds to the NewPipe build scripts, and we hope the next build cycle will produce a working NewPipe binary and upload it into the repositories.

We came to the conclusion that for the future, we want to provide our own, self-hosted NewPipe F-Droid repository, where we plan to publish our own builds and also the official F-Droid builds in a way so you can upgrade smoothly. The progress on this is tracked in a GitHub issue. We will publish a new post once the beta phase ends.

Please see also https://mastodon.technology/@fdroidorg/101483721232620121.

Downloads overhaul

@kapadomy put much time and effort into refactoring the complete download mechanism: More than 8.000 lines of code were changed, new features and settings added and multiple bugs fixed.

This includes muxing video and audio streams and therefore you should now be able to download most 1080p (and up) videos with audio again! Moreover, it is possible to download subtitles whenever they are provided by YouTube. @kapadomy also added the ability to queue downloads and improved the downloads page: The new layout groups downloads by status allowing you to find things faster. Tap on a downloaded stream and it starts playing! It is also quite easier to wipe all your downloads by using the new button in the app bar.

Unfortunately, we needed to release this version as quickly as possible due to a critical bug and therefore not all download improvements reach you with this version. For the same reason, we did not have time to provide a release candidate for testing and finding bugs. Hence this release might contain some more bugs as usual. In case you find one, please see below to learn more on how you can report it.

Support for Android JellyBean dropped

From this version on, NewPipe requires at least Android KitKat (4.4). The app has been quite unusable on devices with Android 4.3 and below due to several bugs which only occured on these specific Android versions. Fixing these crashes would have been time expensive and therefore not appropriate for the small number of users these versions command.

In addition, the video player library ExoPlayer which is used in this project only supports Android 4.4 and later. For this reason, NewPipe still had to provide an old player for these older devices. This could be removed starting with NewPipe 0.15.0.

To allow the development team to reduce the maintenance overhead and fully concentrate on bugs and features on newer Android versions, we decided to drop support for devices with Android versions lower than KitKat.

Critical bugfix

As mentioned in the introduction, YouTube changed their systems, and we had to adapt NewPipeExtractor and release a new version containing the changes.

This is not the first time we run into a situation like this. NewPipe 0.14.1 was released a couple of days after the regular release of 0.14.0, also because of changes on YouTube.

Like last time, we tried to finalize and publish a fix as soon as possible. Please be patient, we are aware of the problem, a fix is released, and as with all our updates, it will take some time until stores like F-Droid build and publish the packages. We will update the post once the binaries are available.

Further changes

Thanks to @agarwalakash06 it is possible to remove streams from the current play queue by swiping them to the right.

@beNitinhere and @Ping20002015 fixed a nasty null pointer exception causing NewPipe to crash when minimizing the main player.

Get the new version

We recommend you to install the F-Droid app as it notifies you as soon as an update for NewPipe is available.

Please let us know what your experience of the latest release is, especially bugs in need of fixing. As usual, you can reach out to us via IRC (#newpipe on freenode), open issues on GitHub or ideally use our built-in crash reporter to send us machine-readable issue reports, or send in fixes yourself.

January 18, 2019 18:00

Paul Schaub

Quick Note: Backdoor in ES File Explorer

ES File Explorer is a popular file explorer app for Android. Even though it is proprietary, I must admit, that I came in touch with it too some years ago.

As Techcrunch reports, a security researcher now detected a backdoor in the app, which allows users on the same local area network as the victim to access the contents of the phone.

This example shows, how important it is to have free software, which can be audited by everyone.

by vanitasvitae at January 18, 2019 13:42

January 16, 2019

/e/ foundation

Leaving Apple & Google: Android apps in /e/ V1, Mobile World Congress, how to support /e/…

Leaving Apple & Google:
Android apps in /e/ V1, Mobile World Congress, how to support /e/…

Will you find your favorite Android applications in /e/ V1 “app store”?

We have set up a simple online form so that you can check if they are available in our database. And it will automatically get reported to us if it’s not found, so we can add it later to /e/’s application repository!

Read more about it here.

/e/ at MWC 2019!

Thanks to NEXEDI who have invited us at their booth, we will attend the Mobile World Congress in Barcelona. We will be present at Hall 5 Stand 5B1. Expect some pre-V1 demos there!

/e/ smartphones

/e/ V1 beta2 is now supported on 4 more devices: we have just added support for: Sony XPERIA XA2, Samsung Galaxy Note 2 (3G), Yu Yunique, and Google Pixel XL2 (download, flash and test here), all running /e/ V1 beta 2 “Oreo”.

Do you want more supported devices? Tell us here about the devices you’d like to see. And we are also looking for maintainers to port to recent devices.

Support /e/!

It’s VERY important to contribute if you want /e/ to succeed and shape a more ethical IT world, with an open-source and privacy-compliant mobile ecosystem.

In short: contribute as a developer, lend some server capacity, spread the word about /e/ in Internet forums, social media, email, retweet our posts with #eFoundation hashtag…Act now:

Sincerely,

Gaël

by Samuel Cazin at January 16, 2019 08:03

January 12, 2019

This Week in F-Droid

TWIF 38

This Week In F-Droid 38, Week 02, 2019 Feed

In this edition: F-Droid 1.5.1 is the recommended version, firewall apps in the spotlight. There are 3 new and 77 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

F-Droid version 1.5.1

Major The main F-Droid client has a new recommended version, while it only has some translations fixes and one graphics one (screenshot background on dark themes) compared to 1.5 (announced in TWIF36), it will appear for automatic install for users of 1.4 or older too.

Firewall apps in the spotlight

“The 35th Chaos Communications Congress (35c3) ended about two weeks ago, and F-Droid was well represented there. Indeed, tons of free software projects and communities were there…“, and you can read more about in the dedicated F-Droid at 35c3 post. One of the more interesting, yet chilling, talks there was “How Facebook tracks you on Android (even if you don’t have a Facebook account)” bringing to the light the ways that the Facebook SDK embedded into everyday (popular and closed sourced) apps becomes means to track users.

One of the slides mentioned that firewalls, AFWall+ and NetGuard, can contain data leaking to the Facebook servers, and while we would recommend you not to use apps that feature tracking, the good news is that both firewalls are available in F-Droid. Keep in mind that while NetGuard uses a local VPN to filter traffic, hence it can work on any device, AFWall+ needs a rooted device to function.

An alternative firewall app, based on a local VPN too, is also Blokada, recently reviewed (in German) by Mike Kuketz on his blog here.

F-Droid PHP library

Izzy’s PHP library for parsing F-Droid repositories is now an official part of the F-Droid software offering: https://gitlab.com/fdroid/php-fdroid

Contributions are welcome for adding support for index-v1.json and signature verification of index-v1.jar. We already have Java, Python, and Ruby code for doing this, so it should be fairly easy to do. Potential contributors should coordinate with Izzy.

New apps

  • Dice Overflow: A simple board logical game, it is a mix between dice and the ColorOverflow game. The goal of the game is to conquer all cells on the board.
  • Oversec: Privacy for All Apps! Encrypt and Disguise Messages in All Your Apps! You need to see the videos linked in the description!
  • SaidIt: An official client for the news site saidit.net. This app is a fork of QuantumBadger’s RedReader.

Updated apps

In total, 77 apps were updated this week. While they all got their bugs fixed, their translations updated and expanded, here are the highlights:

  • Etar 1.0.14 saw some bug fixes, a new theme too. Also users are advised to switch to another calendar widget app since this functionality has been removed from Etar.

  • ICSdroid is now known as ICSx⁵ following in the steps of DAVx⁵. You can read more about this here.

  • Mastalab keeps its update pace, already at 1.63.1 bringing
    • Login with Peertube accounts
    • Display five timelines (Subscriptions, Overview, Trending, Recently added, Local) with pagination
    • Display accounts and their channels
    • Follow / Unfollow accounts and channels
    • Watch comments + write/remove comments
    • Vote on videos (thumbs-up, thumbs-down, remove rating).
    • Pick up three different modes for videos (Torrent/Webview/Direct)
    • Video starts automatically in fullscreen in landscape orientation.
  • Did we mention Peertube? Yes, even more news, as the app got updated to 1.0.23 adding a work-in-progress like/dislike function, translations updates, general UI polish and video downloads.

  • miniVector was updated to 0.8.21 tracking the upstream Riot.im update that was featured in TWIF37 last week.

  • Movim the distributed social networking platform based on XMPP has a new version of their app out, almost 2 years to the day. While the app (a wrapper around Webview) saw just a little polish, the services it connects to have evolved a great deal in the mean time, you can read more here.

  • “Muzei Live Wallpaper” got updated to version 3.0, so while we wait for the main Muzei app to be updated (soon), apps like Mysplash and Muzei - Bing Image of the Day that hook up with it had to update as well in order to be compatible with the updated APIs.

  • UserLAnd 2.1.0 is already here, so update, as the crashes in the new terminal were fixed.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Licaon_Kter at January 12, 2019 00:00

January 11, 2019

Handy News Reader

About…

This website is a kind of "fanpage" dedicated to Handy News Reader - an Android app with the help of which You can be up-to-date with all Your interests - in a very convenient way: respecting Your Time as well as Your Inner Peace (it avoids switching attention and distractions which are so familiar today when You think of mobile devices).

I've created this website with the aim of letting You know that there is an app out there - which may come in handy and make a significant difference in Your life. If I'd be asked for its bottom line - I would tell that

staying in touch with all My Passions and Interests never has been so easy.


Persons behind the scene:

Alexey - the developer of the app - usually programmes in C++ with Qt library and Java. Alongside Handy News Reader He created very interesting and promising Clock and event widget - a widget-based multi-functional organizer app.


Thomas Leigh - responsible for the design of this website, English and Polish version, and all the copywriting involved.



Ronny Steiner - as a beta-tester He provides a valuable feedback and contributes in the app's development, code- and idea-wise. He also did the translation of the website and the app into German language - thank You! :)

by Thomas Leigh (noreply@blogger.com) at January 11, 2019 16:31

This Week in F-Droid

F-Droid at 35c3

The 35th Chaos Communications Congress (35c3) ended about two weeks ago, and F-Droid was well represented there. Indeed, tons of free software projects and communities were there. Starting with the F-Droid Meetup on the first day, there were frequent events and impromptu meetups between F-Droid core team, contributors, and app developers and users throughout the whole event. The F-Droid Meetup was in a small room, packed full of people, including developers of many key apps in the F-Droid ecosystem. I enjoyed meeting everyone in person after years of communicating online. I’ll try to list the represented apps, but I’m sure I’ll forget some: 35c3 Schedule, Bitcoin Wallet, Conversations, Etar, F-Droid, K-9, NewPipe, Öffi, OpenKeychain, Orbot, Tor Browser, Tusky. There were lots of good discussions in that session, lead mostly by @bubu and @jspricke. We encouraged more developers to run their own repos, @NicoAlt wrote up a thorough explanation.

Reflecting back on the 35c3, it is really an impressive event. A 16,000 person event that is almost entirely run by volunteers, including the core organization. They got more than 4,200 volunteers in total. On top of that, there are multiple talk stages with separate organizers, and even “self-organized” rooms and “assemblies” which provide more spaces for decentralized organization. Plus it felt really well organized, with highly skilled talk moderators as well as real time translation into English, German, and French for all “official” talks. The videos for the talks are really well produced, with high sound quality, and all translations available. And people seem to actually watch them, there has been over 2000 views of my talk already, which I really didn’t expect. My talk is available on CCC’s site as video or audio, playable without Javascript even. And of course they are on YouTube in original English, German, and French.

I think my talk went well, the room was 100% full with about 330 people in it. The audience seemed into it, and I got follow up questions after the thing was over. I ended up not going into detail, which I think was a mistake. The talk would have been better with a detailed section of how to work through all the nearby/offline issues in an app. Next time!

Then the whole event is the giant mix of a bunch of things that seem very unlikely in combination:

  • high profile IT and security talks attended by thousands
  • on site discos and parties
  • all sorts of interactive art displays
  • a well respected opt-in photo/video policy
  • a huge amount of topical “assemblies” which vary from Burning Man-like
  • tent villages to seas of tables full of hackers
  • a giant social event for introverts
  • one whole wing devoted to children’s activities and events inter-mixed in the conference
  • Burning Man-like “art cars” of all sorts driving around, but small since it was indoors, and even a race track

Then of course, there is lots of opportunity to meet people in person and have in-depth conversations. I had a good talk with Jeremy_Rand, a Replicant developer, about how to make a 100% free version of F-Droid for Replicant. That is summarized on their issue tracker about making F-Droid.org have only 100% free software.

Pretty much every F-Droid contributor who was there meet up at various points. One key topic was how to start businesses around F-Droid. From my point of view, it seems that the consensus is building around following the Debian model: F-Droid as its own entirely, represented by a non-profit entity only as needed. Then for doing consulting business, people can do F-Droid work under any organization they see fit. @dschuermann took the initiative to finally get the consulting page up: https://f-droid.org/consulting. Any contributor who is a member of GitLab fdroid group is welcome to submit a merge request to add themselves there.

Talks worth checking out:

There were many interesting and relevant talks, here are a few that I enjoyed:

by eighthave at January 11, 2019 00:00

January 10, 2019

Paul Schaub

Kuketz Blog about Blokada

Just a quick hint: Mike Kuketz released a blog post about how you can use Blokada to block ads and trackers on your android device. In his post, he explains how Blokada uses a private VPN to block DNS requests to known tracker/ad sites and recommends a set of rules to configure the app for best experience.

He also briefly mentions F-Droid and gives some arguments, why you should get your apps from there instead of the Play Store.

The blog post is written in German and is available on kuketz-blog.de.

by vanitasvitae at January 10, 2019 12:05

January 05, 2019

Gregor Santner

Markor Android app - Markdown, todo.txt - Notes, ToDo andamp; Bookmarks

Markor is a TextEditor for Android. This project aims to make an editor that is versatile, flexible, and lightweight. Markor utilizes simple markup formats like Markdown and todo.txt for note-taking and list management. Markor is versatile at working with text, it can also be used for keeping bookmarks, copying to clipboard, fast opening a link from text and lots of more. Created files are interoptable with any other plaintext software on any platform.Markor is using open formats and is free software, openly developed and accepts community contributions.

January 05, 2019 11:00

This Week in F-Droid

TWIF 37: The European Bug Bounty Edition

This Week In F-Droid 37, Week 01, 2019 Feed

In this edition: Happy New Year, @Izzy’s third F-Droid article on-line and Europe to fund bug bounties for 15 open source programs. There are 11 new and 72 updated apps, with a major release for UserLAnd.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Happy New Year

It’s a new year! The F-Droid team wishes you a great 2019 in health, prosperity and freedom.

@Izzy’s third F-Droid article on-line

@Izzy writes:

Always wanted to run your own F-Droid repo – but were afraid it’s too complicated? No longer, as part 3 of my @fdroidorg series shows:

Your own F-Droid Repository with Repomaker

Europe to fund bug bounties for 15 open source programs

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects, as part of the FOSSA project. Projects include Drupal, Notepad++, and of interest to F-Droid users: VLC.

(via @kuketzblog)

New apps

Updated apps

In total, 72 apps were updated this week. Here are the highlights:

  • DAVdroid is now known as DAVx⁵. You can read more about this here. It was also updated from 2.0.7-ose to 2.1-ose, removing the “Accounts may be gone after rebooting” startup dialog, and offering several smaller changes and bug fixes, and behind-the-scenes changes.

  • A Time Tracker lets you easily track how much time you spend on various activities. After 2½ years of inactivity, it updated to 0.50, moving all menu items to the Settings menu on the main screen, improving its F-Droid listing and making under-the-hood changes to its build process.

  • QKSMS was updated from 3.5.4 to 3.6.1, adding the ability to share contact cards and to share multiple images directly from other apps. It also features an updated search bar style, faster startup, more detailed MMS summary, contact photo in notifications, and several bug fixes.

  • FOSS Browser 6.1.1 is out, with an overview instead of startPage, order and filter bookmarks, edit url of bookmark, open favorite website on start, Code of Conduct site, and a Privacy Declaration. There are updates to the adBlock hosts list, help dialog, and French and Portugese translations. Beyond that you’ll find many more fixes and improvements.

  • Yaacc lets you play media from UPNP/DLNA devices on your network, and lets UPNP/DLNA devices play media from your phone. This update to 2.1.0 will activate the device when unplugged in order to prevent device suspend; it will display cover art, current item and next item in the network player; and it adds new app icons.

  • Mastalab keeps moving at light speed, as it updates from 1.50.3 to 1.62.1. This update includes Pixelfed readyness, although it requires something to be changed on the Pixelfed side as well. This change is expected to land any day now.

    Also adds ability to:

    • Mix tag timelines (Any of these words/All of these words/None of these words) - Your instance needs to support it (next Mastodon release)
    • Rename tag timelines
    • Follow Misskey instances
    • Open XMPP links and emails with external applications (custom fields)
    • Set custom icons for videos & GIF media
    • Display “follow request sent” in profile for locked accounts (undo the follow + flag)
  • KISS launcher’s update to 3.7.0 adds an AMOLED black theme.

  • Riot.im 0.8.21 made it into F-Droid, with the following improvements:
    • Show userId below display name in member detail screen (#2756)
    • Clicking on a user and a room avatar opens a new screen with animation to view the avatar in full screen, with zoom capabilities (#2455)
    • Added Troubleshoot Notification settings page
    • Added badge to indicate number of group invitations on the Home Screen (#1923)

    This release also contains many bug fixes, and improvements to notification code.

  • Markor is a text editor centered around simple markup formats like Markdown and todo.txt for note-taking and list management. Version 1.6.0 is out and comes with a way to insert date and/or time, and adds the website title when sharing into Markor. For more improvements and fixes, see the author’s blog post.

  • SleepyWifi brings back “turn Wi-Fi off when the phone is in sleepmode” for Android 8.1. It updated from 1.1 to 1.3, adding a foreground notification, a 10-second delay for the notification, a Dutch translation and an “About” screen. Known bug: the app sometimes fails to re-enable Wi-Fi.

  • Your local weather was updated from 4.5.3 to 4.6.3, adding per-widget location setting and settings for graphs and weather forecast, a combined graph and widgets with combined graph. Also fixes negative temperature in notifications, and weather forecast in widget.

  • Manyverse is a very different messenger than you’re used to, because it works locally and off-grid. If you are unfamiliar with Manyverse and its underlying protocol, Secure Scuttlebutt, you should probably read this background article.

    This update from 0.1811.14-beta to 0.1901.2-beta brings the following new features:

    • add notes on internet p2p invite codes
    • delete an internet p2p invite code
    • re-share an internet p2p invite code
    • block profiles, publicly or secretly

    And fixes:

    • navigation bug between profile screens
    • UI glitch in profile screen
    • Wi-Fi discovery and sync on some devices

    Other improvements include quicker startup when user has many P2P invites and showing an informative text when loading takes too long.

  • Major UserLAnd lets you run GNU/Linux Distros on Android - no root required. It updated to version 2.0.0, adding a built-in terminal to UserLAnd. (Version 2.1.0 is expected in F-Droid soon and should fix crashes in the new terminal.)

Beta updates

The following updates won’t be automatically suggested to you unless you have “Unstable updates” enabled in the F-Droid app settings, but you can expand the “Versions” tab and install them manually. Note that these are marked beta for a reason: proceed at your own risk.

Removed apps

  • Most of the old simple mobile tools were moved to the archive: Calendar, Contacts, File Manager, Gallery and Notes. They are no longer maintained, and have been replaced by their “Pro” counterparts.

  • AddressToGPS was moved to the archive because the network service it relies on stopped working recently, and there hasn’t been activity from the app’s maintainer in over 2 years. For more details, see this issue. As replacement, we suggest Acastus Photon, or although heavy, OsmAnd~ which can look up addresses even when offline.

6 apps were removed.

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at January 05, 2019 00:00

January 04, 2019

Privacy Browser

2018 Financial Report

Going forward, I thought it would be helpful to post a yearly financial report on the growth of Privacy Browser.

Revenue

  • Google Play: $344.09
  • Google AdMob: $101.57
  • PayPal: $39.06
  • Bitcoin: $24.10
  • Amazon: $1.37

Total Revenue: $510.19

Google Play revenue comes from selling the standard flavor on Google Play. Google AdMob revenue comes from the display of ads in the free flavor, regardless of the distribution method. PayPal revenue comes mostly from selling the standard flavor on XDA Labs, although sometimes I also receive PayPal donations. Bitcoin revenue comes mostly from donations, although it is possible to purchase the standard flavor on XDA Labs using bitcoin. Amazon revenue comes from selling the standard flavor on the Amazon Appstore.

Install Base

Google Play reports some fairly detailed statistics about installations. The other distribution methods (F-Droid, XDA-Labs, the Amazon Appstore, and direct downloads from Stoutner.com) either do not track this information or provide only vague information. The screenshot below shows the installs of the standard flavor on active devices, which is defined as the “Number of Android devices that have been active in the past 30 days with the application installed”.

Unsurprisingly, even though there are far more installs of the free flavor, there are fewer active devices. This is because most users either decide they don’t like Privacy Browser, or they switch to using the standard flavor.

by Soren Stoutner at January 04, 2019 21:48

January 01, 2019

Privacy Browser

2018 Security and Privacy Canary

Backdoors

During 2018, Stoutner received 0 requests from governments or organizations to insert backdoors into Privacy Browser.

During 2018, Stoutner inserted 0 backdoors into Privacy Browser.

Privacy

During 2018, Stoutner received 0 requests from governments or organizations to weaken the privacy of Privacy Browser.

During 2018, Stoutner has made 0 changes to weaken the privacy of Privacy Browser.

Legal Requests for Information

During 2018, Stoutner receive 0 legal requests for information from government law enforcement organizations. These requests sought information for a total of 0 individuals.

During 2018, Stoutner provided information in response to 0 legal requests for information from government law enforcement organizations. These responses included information for a total of 0 individuals.

The types of information that Stoutner possesses and can disclose to legal requests from government law enforcement organizations are described in the privacy policy.

by Soren Stoutner at January 01, 2019 21:59

December 31, 2018

OsmAnd

2019 New Year resolutions

2019 New Year resolutions

Dec 31, 2018

Happy New 2019 Year!

Following the nice tradition of creating the list of New Year Resolutions, on behalf of our team, I will create and share it here and hope it would be an appropriate post for the community.

2018 achievements

  • Measure Distance.
    This is a long-expected UI simplification and enhancement to create GPX tracks as lines and as route points using a mobile phone. It allows:
    • To draw lines and measure straight distances
    • To draw a route between selected points as car, pedestrian, bike even as boat on channels route. Basically it calculates a route between all intermediate points and so far we've tested up to 50-100 points.
    • To save all edits as GPX track.
    • Edit an existing GPX track.
    • Easily accessible via Drawer menu.

  • OsmAnd Live maps.
    In 2018 we've moved our implementation to Overpass and managed to achieve average delay 20 minutes after the improvements (90th percentile delay is less than 40 minutes). If we exclude all medium outages for 2-3 hours, which happens once a month, then average time between your edits and appearance on OsmAnd would be 10-15 minutes. So it gives a great tool to quickly verify changes on a spot. I've made a presentation at SOTM 2018 about it - https://youtu.be/ZHY0KE4IzWI

  • Travel - Wikivoyage.
    We've launched a new travel category based on open data https://www.wikivoyage.org/ project. There were already some improvements how to open GPX files in OsmAnd and select specific categories i.e. Eat / Accommodation / See. We went further and made all that data available offline with cached images. By downloading 300 MB, you can have all travel articles around the World and enjoy your trips. Of course, Wikivoyage data is linked to Wikipedia articles about specific places, so for a complete picture, you will need to download Wikipedia as well.

  • iOS Navigation, Ruler and other.
    We've finally made huge progress in our iOS version and managed to organize a small & stable development group. One of the primary important features was Navigation which is a full copy of Android version including navigation on GPX and all parameters and vehicle support. This also included a variety of widgets added to iOS with an advanced version of Ruler which works in 3D as well.

  • OsmAnd Telegram.
    It was a hard decision for us but we decided to go into a completely new area and make a product for active travelers OsmAnd Telegram. This is an online GPS tracker which allows you to share your location within a group of people and also see everybody on the map. Sharing your location is always linked with chat-messaging, so we decided to build on the most open social technology Telegram. We've put the OsmAnd API on a completely different level to support a complex application such as OsmAnd Telegram and we also plan to enhance that API, so more and more side-apps could enrich OsmAnd and make it easier to use for specific cases.

2019 resolutions

We knew our list up front and it was based on your emails and issues. We selected 5 most important directions for our small team of 9 people to make it happen.

  • Public Transport.
    This feature is almost ready and we planned it for 2018 release though we will need to polish it and do a proper beta test. OsmAnd already has all transport lines clickable which dramatically improved in 2018, so you can view and validate the public transport lines.

  • Place Reviews!
    This is probably the most important goal for 2019. We fully understand that we need to do something to fight for Open Reviews Data against Google, TripAdvisor who takes the data bound to its own products, rules and etc. It is time to make something like OpenStreetMap for Reviews and we've already found connections with other OSM app developers to build a unified platform. Obviously the data will be open for everybody and that is the only way to get enough reviews to rate the places.

  • Travel + Wikivoyage.
    We've got positive feedback for integrating with Wikivoyage data but it is very obvious we need to do more. We plan to let people contribute back to Wikivoyage more actively, so the open data will be more up to date. We also need to split it by regions to make the maps smaller and generate them every month. So, there are lots of small and very important features to make it useful :)

  • iOS improvements: OsmAnd Live, Quick Action, OSM Editing.
    2018 was decisive for iOS version and we've started to work hard on features to reduce the gap between Android / iPhone version. In 2019, we are planning to release the most requested features, and the good sign is that iOS audience is growing very fast, reacting to the changes we do. OsmAnd Live, OSM Editing and Quick Action are even a shorter list what we plan to achieve in 2019.

  • OpenGL-rendering (speed up rendering).
    This is a long-awaited feature and it is ready for iOS users but unfortunately, we didn't publish it for Android due to a big variety of devices on Android. It is available for public test as https://download.osmand.net/latest-night-build/OsmAnd-qt-arm-nightly.apk. Obviously, there are pros and cons: it is faster but more power consuming; it has 2.5D but not all layers are currently supported; it requires more resources for the same operations.

Happy New 2019 Year!

December 31, 2018 16:00

December 29, 2018

Gregor Santner

Markor v1.6 - DateTime dialog - Jekyll and KaTex improvements

Today marks the release of the Markor v1.6 update! The update is already available for download on Google Play and soon on F-Droid!

New TextAction: DateTime

Showcase 4

Insert date and/or time using the new action! You can freely pick date and time and choose in which format the information should be added. The current time is used when you press the “OK” button by default. (Note that you also can just insert the format, without date!)

  • Date only selects your country specific default format for Date
  • Time only selects your country specific default format for Time
  • Last used select the format you last inserted into text (=OK pressed)

Changelog

New features:

  • TextAction: Insert date/time
  • Add website title when sharing into Markor, if browser supports it
    • Website title + URL formatted in Markdown format if possible

Improved:

  • Automatically create ToDo/linkbox/QuickNote and parent folders when using respective launcher
  • KaTex/Math: Improve inline math
  • Close virtual keyboard after creating new file
  • Language selection: Load system’s most important language as system hint
  • Markdown + Jekyll: Replace with .. in representation
  • More padding at settings on older devices
  • Use the new file dialog for sharing into new documents
  • Filesystem dialog now shows images / textfiles only at respective file selection

Fixed:

  • New file dialog: Jekyll option on older devices
  • Title not updated when swiping

December 29, 2018 23:00

OsmAnd

Giveaway

Giveaway

Dec 29, 2018

We know that not everyone is able to purchase OsmAnd on Google Play / Amazon store or to purchase maps for OsmAnd on iTunes store due to various reasons, but many of you would still like to support the application by using it and spreading it around the world.

OsmAnd team decided to do a small present for our subscribers during this Christmas. And we started our True Giveaway based on Bitcoin. A little bit technical information: the number of promocodes is limited and each round 1 participant is selected for 1 promocode based on random number. The source of random is the latest available Bitcoin Block hash. More information you can read and find out on our website.

Christmas - our first giveaway

During this Christmas weekend we started our first giveaway and we sent a special letter for our subscribers. At the end of the letter there was a special button to uniquely identify user with participant id.

At first time we gave away 75 promocodes for OsmAnd+. At the last round there were 322 participants, so 25% were winners.

Each hour (round) the winner was selected by latest available Bitcoin Block, so our giveaway is totally transparent and also respects privacy.

We were very surprised with your activity and engagement, so we decided to do on a regular basis. Also we plan to give away OsmAnd+, OsmAnd iOS and other paid plugins. Right now you can only subsribe for a giveaway at the Download screen in OsmAnd Android but we plan to enable subscription soon on the main page

Subscribe and Good luck!

We love you, our users!

December 29, 2018 18:00

Adguard

The Year 2018 in AdGuard

The Year 2018 in AdGuard

Only few days left before the next year dawns on us, and traditionally this is the best time to draw a line, look back and recall what was done in the last 12 months (and what was not). Of course, we won't go over every single update for every AdGuard product, but instead let's have a look at the most important milestones, without concern for chronological order.

Honestly, we completed way less projects than we aimed for, but made up for it by laying the foundation for many exciting stuff that will go in full swing in the next year. So keep an eye on our announcements — there are quite a few big hitters coming soon! Ok, without further ado:

CoreLibs

Arguably, this can be called THE change of 2018. For the uninitiated: CoreLibs is a new cross-platform filtering engine that will power AdGuard products across all platforms for the foreseeable future. In detail it was described in the respective Blog article, feel free to go there and freshen your memory. The takeaway is, with it filtering has become faster and better.

The Year 2018 in AdGuard

CoreLibs filtering Engine explained

Some of AdGuard products already reap the benefits of CoreLibs, other will follow soon. For example, after the introduction of CL AdGuard for Android v2.12 became three times faster! AdGuard for Mac users can enjoy CoreLibs only in Nightly update channel yet (more about Nightly just in a minute), and AdGuard for Windows users are the least lucky in that regard. We didn't manage to release AG for Windows v7.0 this year even as a beta, but the wait will be well worth it when it finally hits the release in 2019!

The Year 2018 in AdGuard

With CoreLibs, AG for Android works 3 times more effectively

What else to say about CoreLibs? It plays a perfect role in our new course on privacy protection. With its help we will be able to implement a Stealth Mode to all AdGuard products. Stealth Mode is already familiar to AdGuard for Windows users, it is a special module dedicated solely for privacy protection. A more than welcome addition, considering all the privacy breaches trends of 2018.

From the ad blocking perspective, CoreLibs is also very useful. Some ad providers put a lot of effort to circumvent the ad blockers, and have a reasonable success at it. CL will ensure AdGuard has an upper hand in this eternal fight once again.

Nightly builds

What are Nightly builds? They are the most recent, often even raw versions of AdGuard. Nightly to beta channel is what beta is to release channel. An extremely useful thing, a sort of a symbiosis between testers and developers. Testers get an exclusive access to new features before anyone else even hears about it, and developers get sweet sweet feedback. Everyone is happy, and even regular AdGuard users benefit from it: in the end, they get a more stable product with less bugs.

The Year 2018 in AdGuard

Want this neat little label too? Switch to Nightly!

If you think this is your thing and you want to join the ranks of Nightly testers, head here.

AdGuard for iOS

For our iOS product the year kicked off with great news: the release of AdGuard Pro for iOS v2.0.

The app was redesigned, not without some controversy, of course, but most users found this change pleasant. What everyone agreed on is that the app received a huge boost to ad blocking and privacy protection potential. New "Privacy settings" module and DNSCrypt support made this a reality. These and other, less flashy changes, made AdGuard Pro for iOS one of the most desirable apps for iOS users. We had some far-reaching plans, too.

The Year 2018 in AdGuard

You better be a fan of dark themes in apps!

Everything changed when the fire nation attacked. Apple announced changes to its policy regarding AppStore applications, which effectively banned any ad blockers that work outside of Safari. Free AdGuard for iOS app was not affected by it, but that couldn't be said about AdGuard Pro. It remained in the AppStore, but it was made clear to us that no updates were possible unless we remove the very functionality that makes AdGuard Pro what it is. Not a pleasant spot to be in, and we decided to discontinue the development of the Pro app for the indefinite period of time.

The Year 2018 in AdGuard

Apple bans ad blockers, 2018, colorized

As of now, the app still works, although it could have been so much better by now if not for the Apple's ridiculous stance on ad blockers. Meanwhile, most of our freed up efforts were aimed at the development of Safari Content Blocker, but we also have some thoughts about possible ways to further evolve AdGuard Pro. Stay tuned, we still have some fight left in us.

Goodbye, Amazon

This one's short and simple: Amazon went the same way Google and Apple did and basically banned system-wide ad blockers. We didn't have much choice but to leave the platform. Thankfully, Android users have more freedom when it comes to sideloading, so feel free to download the standalone version of AdGuard for Android.

AdGuard Home and DNS

Once the "holy trinity" of Google, Apple and Amazon decided that they know better what users can and what they can't do, it was only logical to provide some tools that would allow users to stay independent in their ad blocking preferences. And towards the end of the year we threw a one-two punch of AdGuard Home and AdGuard DNS releases. A quick reminder what are those beasts and what to do with them:

The Year 2018 in AdGuard

Roughly, this is how AdGuard DNS works

AdGuard DNS has been around since forever, it is a very easy, if not a little crude, way to block ads on virtually anything. PC, cell phone, smart TV, you name it. However, we hesitated to officially announce it, as so much needed to be polished. Finally, the time had come, and today AdGuard DNS is not only a solid way to block ads, but also a cutting-edge privacy protection tool.

The Year 2018 in AdGuard

AdGuard Home web dashboard

AdGuard Home, on the other hand, is where you want to be if you need total control over all devices in your home, work or any other network. Granted, it is currently not an easy task to get it going for an average user. But the efforts spent are worth it: AdGuard Home combines the simplicity and effectiveness of the DNS approach with multiple customization options. You can manage the entire network's traffic from an intuitive web dashboard, accessible at any time from any device, including your smartphone. Funny detail: we wanted to add even more stuff before the release, but simply couldn't wait any longer, so we labeled it v0.9 as opposed to the full-fledged v1.0 that will come shortly :)

Both AdGuard DNS and AdGuard Home are only gaining steam, expect them to reach new heights in the next year!

Safari

And then the fire nation attacked again. No kidding! They put a spoke in ad blockers' wheel once more, you have to hand it to them for the sheer stubbornness. This time the victims chosen were the Safari extensions users. Long story short, only apps from the AppStore are allowed starting with Safari 12 (which is already mandatory on Mojave OS). Any extensions downloaded from the web are not supported anymore, and even extensions from the official Extensions Gallery are deprecated.

The Year 2018 in AdGuard

Yeah, right, "slow down web browsing". That's why.

What's the big deal, you may ask? Well, de-facto "extensions" from AppStore are apps, and they are severely restricted in capabilities compared to old ones. But don't despond, we responded quickly by developing a new product: AdGuard for Safari. It is available in AppStore, and despite all difficulties we managed to make it almost just as capable as the old Safari extension used to be.

The Year 2018 in AdGuard

AdGuard for Safari

People tried it and received it well: AdGuard for Safari is currently holding a place in top10 in its category and top100 overall among all AppStore extensions. We, in our turn, don't rest on our laurels, but rather keep working hard and improve it. In 2019 we promise to make AdGuard for Safari as good, if not better, than its predecessor used to be.

AdGuard research lab

Ok, we don't have a research lab. That didn't stop us from discovering several real threats to users' privacy and online safety over the course of 2018! Maybe you even read about some of them in articles on other websites and industry-related blogs. Just some of the most prominent:

Stealing:

We analyzed top1000 Google Play apps (350+ mln total downloads) and found out that:

  • almost half of them have permissions to extract your phone number and track phone calls
  • 1 in 5 apps collects information about your email address
  • more than 20% can read your contacts
  • just under 10% read your text messages
  • most of the apps send this data over plain HTTP, exposing it to any intermediate third-party

There's many more shocking details in the full article.

Cryptojacking:

Our anti-cryptojacking script allowed us to discover that half of the top cryptojacking domains actually belong to popular video hosting services. We were even able to identify 11 malicious Chrome extensions with total weekly user count just under 37,000.

Privacy:

Certainly, the most noticeable researches were on the topic of online privacy. Without going into details:

  • We analyzed the top 2500 Google Play apps to discover that 41% of them collect data and send it to Facebook.
The Year 2018 in AdGuard

Key insights on our FB research

  • A massive spyware campaign was revealed. Chrome extensions with 400k+ total users and Android apps with 1mln+ installs steal users' data, all run by a single shady company.
  • Perhaps, the biggest find of ours was the "Big Star Labs" spyware campaign. We uncovered that several Android and iOS apps, Chrome and Firefox extensions with total number of users more than 11 million, were practically stealing users' data.

Fake ad blockers:

When choosing an ad blocker, be careful. The worst enemy is the one who disguises himself as a friend. We found out about several fake ad blocking extensions (20mln+ total installs) that were taking control of your browser and did harmful things. Thankfully, after our reports Google took all of them down, but who knows if there are more.

Plans for 2019

As always, plans are plenty. Just to name few:

  • New major updates for AdGuard for Windows, Mac and Android — all with new design, better performance and more options.

  • New AdGuard for iOS. Better than before! Also, we already mentioned we have thoughts about AdGuard Pro too.

  • As promised, AdGuard Home will finally reach v1.0. One of the main goals — make it more easily configurable and understandable for casual users.

  • CoreLibs, CoreLibs everywhere! Thanks to it, the development cycle for all our products will become shorter because we need to make changes to three separate products no more. Expect more frequent updates!

  • Some special features that we would like to keep secret for now. This way their announcement and release will be all the more exciting!

Acknowledgements

Throughout the year, we received help from several different sources. But most of all, we owe all of the above to you — our user. Not only AdGuard wouldn't make any sense without its users, but we were blessed with an awesome community that actively takes part in life of AdGuard. We want to thank you all: beta- and nightly-testers, contributors to our open-source projects, translators and localization moderators, reviewers and everyone in general who with their constant support inspired us to make AdGuard better. We appreciate your help and hope to see you by our side again in the next year.

And this pretty much wraps up 2018. No matter if you stayed with us for the entire year, or joined along the way, we hope you will spend many more years with AdGuard! Happy New Year!

by Vasily Bagirov at December 29, 2018 17:57

This Week in F-Droid

TWIF 36: F-Droid at 35C3 and ZDF

This Week In F-Droid 36, Week 52, 2018 Feed

In this edition: Second part of @Izzy’s article series is available, Privacy-focused article at ZDF, F-Droid does 35C3 and F-Droid 1.5 released. There are 3 new and 90 updated apps.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Second part of @Izzy’s article series on F-Droid is available

For those who have been waiting, part 2 of @Izzy’s F-Droid series is now online: F-Droid for advanced users and developers. (In English. German version coming soon.)

Article on F-Droid at ZDF

ZDF published an article (in German) for helping their readers to protect their privacy on Android by introducing them to F-Droid and 10 of its apps: https://www.zdf.de/nachrichten/heute/zehn-freundliche-android-apps-100.html

Torsten @Grote was interviewed for this article, and because not all information made it into ZDF’s articles, he has published the full transcript on his blog.

Meanwhile, Mike Kuketz reminds us that although this article is very nice, ZDF’s media app only exists in the Play Store, and doesn’t function at all without Google Play services.

(ZDF is Germany’s second public TV broadcaster.)

F-Droid at 35C3

We had an amazing meetup at the first day of 35C3. The developers of K-9 Mail, Tusky, Offi, NewPipe and Conversations were all there (and probably a few more)! Thank you all for coming.

New apps

  • Trime: Chinese ime with rime input method engine.
  • OOS Firmware Extractor: Extract firmware from official oneplus roms.
  • VLC: VLC Media player returns to the main repository! VLC has been very difficult to build, so although we could occasionally update it, these updates went straight to the archive. We now feel we have the build process under control enough that we can keep it up-to-date in the main repository.

Updated apps

In total, 90 apps were updated this week. Here are the highlights:

  • F-Droid F-Droid 1.5 is out! This version brings improvements and bug fixes for “Nearby Swap”, updated translations, support for swapping via SD cards, UX and language cleanup of App Details, and support for (ROM/OEM/vendor)-added repositories by means of additional_repos.xml.

    This version won’t be suggested for automatic install yet, but if you are willing to deal with bugs and want to help test, you can expand the “Versions” tab and install it manually.

  • DuckDuckGo Privacy Browser was updated from 5.13.0 to 5.15.1, bringing in an anonymous survey capability, new settings to automatically clear your tabs and data, and under-the-hood improvements to enhance the data clearing process.

  • Riot.im and miniVector updated from 0.8.18 to 0.8.20, finally enabling Lazy Loading by default (faster and uses less memory), and now with full RTL support, the ability to crop your profile picture before sending, ability to hide the status area for more room on your screen, better handling of missing parameters in slash commands, support for specifying kick and ban messages, GDPR consent integrated into the registration flow, and many smaller improvements and bugfixes.

  • Nextcloud updated to 3.4.1 with the following changes:
    • hide download when creating share links
    • direct editing files with Collabora Server 4.0
    • sort deleted files by deletion date by default
    • setedit notes on shares
    • search inside of text files
    • actions on notifications
    • remember last path on upload
    • share file to Talk room
    • show local size in “on device” view
    • SSO add request header for deck app
    • various bug fixes
  • Mysplash was updated from 3.4.1 to 3.4.5, now with an app downloader, select downloader option, auto night mode, and various smaller changes and bug fixes.

  • Featured Conversations & Quicksy updated: Just a point release since TWIF 34, but 2.3.10+fcr has some nice improvements:
    • Synchronize group chat join/leaves across multiple clients
    • Fixed sending PGP encrypted messages from quick reply
    • Try to guess initial location in ShareLocation based on SIM card
    • Show a warning snackbar before joining anon-non-private room (maybe you don’t want your JID to be public)
    • Show accept button to confirm SASL downgrade (e.g. server reconfigured)

    …but the big news is that thanks to the work of Alex Palaistras, the minimum required Android version was lowered to Android 4.1. Previously, users who didn’t have Android 4.4 (or newer) and users of Jolla/Blackberry devices with limited Android compatibility were stuck on Conversations 1.23.8, or needed to switch to Conversations Legacy. With this change, they can get up to date with the latest Conversations (and Quicksy) versions. That being said, be sure to read the whole changelog between 1.23.x and 2.3.10, so you don’t get surprised by the new stuff (removed swipe, removed OTR, and so on and so forth).

  • Mastalab was updated from 1.41.2 to 1.50.3:
    • The timeline jump bug (fetch more/scroll down) was finally found and fixed!
    • New language: Norwegian
    • Better management of live notifications
    • Allow quickly switching between accounts
    • Open profiles faster
    • Fix for missing custom fields on some profiles
    • Miscellaneous layout improvements and bug fixes

    Meanwhile 1.61 is already out and expected in F-Droid soon, so keep your eyes peeled for Pixelfed compatibility and fully customizable tag timelines.

  • KISS launcher is a lightning-fast search-based launcher for your apps, contacts and settings. In this update from 3.5.2 to 3.6.1, the icon loading system has been revamped and should be faster. There were also small improvements to custom search engines, and the option to add SMS senders to history was removed to comply with Play Store policy.

  • Fennec F-Droid was updated to 64.0.1, with faster and more responsive scrolling. There are performance fixes for users with installed password manager apps, and the loading indicator uses less CPU and power. From now on, files saved to the downloads folder will no longer be deleted on uninstalling Fennec. Files downloaded before this update will still be deleted: to safeguard them, move them to a different folder.

  • Transdroid is a bittorrent client manager, supporting all popular clients such as µTorrent, Transmission, rTorrent and many others. This update brings us from 2.5.10 to 2.5.14 and includes fixes for Deluge adapter file uploads, several edge case crashes, background service crashes, even more fixes, and if you hadn’t noticed, a fix so it builds on F-Droid again. The defunct barcode scanner was removed, support for Android 9 plaintext (non-TLS) was added, qBittorrent set location is now supported and sizes in GB are shown in 2 decimal places.

And that’s it for this year! Best wishes, and see you in 2019!

Tips and Feedback

Do you have important app updates we should write about? Send in your tips via Mastodon! Send them to @fdroidorg@mastodon.technology and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via #fdroid:f-droid.org or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.

by Coffee at December 29, 2018 00:00

December 28, 2018

Adguard

Follow AdGuard into the New Year!

Follow AdGuard into the New Year!

Traditionally we celebrate Christmas and New Year's with our users, and we love every minute of it. This year AdGuard has prepared a festive giveaway and a holiday sale on any and every license we have in our arsenal.
And, before getting into the details, we would like to wish you a very happy new year: may your dreams come true in 2019! Thank you for your continuous support and for staying with us! <3

Follow AdGuard into the New Year!

30% sale on everything

We decided not to discriminate: the sale applies to EVERYTHING. And anything.
Right this moment you can:

  • Buy any AdGuard license key (for your own usage or for your friends and family);
  • Extend your existing license key (=add another year to its curent validity period) or make it a lifetime key;
  • Upgrade your key: add more devices under AdGuard's protective umbrella.
GET THE OFFER

Holiday Giveaway

This year we've got 5 tablets for you to win:

Follow AdGuard into the New Year!

Prizes: Apple iPad (2018)

Terms and how to participate

  1. Any user with a purchased and active (by promotion's end) AdGuard license key can participate.
  2. If you have several keys you can fill in the form several times (separate form for each key) to increase your chances of winning :) A key for several devices (e.g: Premium 3+3) is considered as 1 key = 1 entry.
  3. Please, don't enter expired keys, keys that you haven't purchased (bonus or beta licenses), keys to other programs or random sets of characters; don't fill in the form several times with the same key — such entries won't be allowed to participate in the giveaway.
  4. The keys that participate in the giveaway are not subject to refund.
Fill the form to participate

You can join the giveaway through January 9, 2019. On January 10, we will randomly select and announce the winners in our blog.

Good luck!

UPD Jan 10, 2019: Winners

Well, well, well, here comes the long-awaited moment - winner announcement. These 5 lucky users will start the 2019 year with a new iPad:

  • 2492 Shawn Ch.
  • 1729 Marcus Zi.
  • 1028 Hiroaki Ko.
  • 2826 Vrizas Ch.
  • 338 Boris MA.
Follow AdGuard into the New Year!

Congratulations! We will contact you soon for further details on the delivery of the prize. And we must say, this is so flattering that among the winners there are those who joined us quite recently, and users who have been with us for a looong time ;)

More about the giveaway
All users could participate with the purchased and active AdGuard key could participate. As usual, we chose the winners randomly, all fair and square!
To validate this, you can see the selection process in the video below (by finding yourself in the list).

Please note, that we have excluded those who entered incorrect/not purchased/expired AdGuard key. But if you didn't find yourself in the video and think that there was a mistake, please email us at pr@adguard.com.

Thank you all for participating! We really enjoy our glorious tradition, and this is definitely not our last giveaway. So don't be upset, join the draw next time, and maybe you will be one of the lucky winners <3

by Anna Martynova at December 28, 2018 09:24

Privacy Browser

Privacy Browser 2.15.1

Privacy Browser 2.15.1 has been released. It is an emergency bug fix release that resolves a crash when opening a secondary activity on some devices.

Beginning with Privacy Browser 2.15, the drawer header padding is adjusted for phones with notches. The adjustment is calculated based on the height of the status bar every time the drawer moves (opens or closes). It turns out that on certain devices this creates a race condition where the new padding is applied to the header after the activity has been moved to the background and a new activity (like Settings, Guide, or About) has launched, causing a null object reference that crashes Privacy Browser. In my testing, this happens on certain devices running Android 5.0 and 5.1 (API 21 and 22) but not others, leading me to think the race condition might be caused by a combination of the OS settings and hardware speed.

The solution is to check that the views are not null before applying the new padding.

by Soren Stoutner at December 28, 2018 04:25

December 27, 2018

Privacy Browser

GeckoView

From time to time I receive suggestions from people that I change Privacy Browser to use Mozilla’s GeckoView instead of Android’s WebView to render pages. Instead of responding to each of these communications individually, I thought it helpful to write a general post covering this subject and explaining why I am not now considering doing so (although I am always open to it in the future if it becomes in the best interest of Privacy Browser to do so).

First, a little bit of background is necessary. The Android Open Source Project contains a standard system library called WebView that renders HTML content. It is programmatically similar to TextView, ImageView, EditText, or any of the other standard views that are included in Android. Many apps that users might not realize use this library to handle complex layouts. If WebView is removed from Android a large number of apps will crash unexpectedly.

In the open source world, there are two large pedigrees of code for rendering HTML content: WebKit (and its forks) and Gecko. Gecko is the engine developed by Mozilla and used in Firefox. Years ago, when Apple decided to make Safari they looked around at the existing code bases. They could have used Gecko, but they decided to fork KHTML and KJS (developed for KDE on Linux and used in Konqueror) and formed WebKit. When Google decided to get into the browser world they also build on WebKit instead of Gecko. Eventually they forked WebKit and created Blink. Opera used to have their own engine, but they eventually dropped it to use Blink (through a customized version of Chromium ). Edge recently did the same thing.

Android’s WebView was originally based on WebKit, but it switched to Blink beginning with Android 4.4 (KitKat, API 19). Originally, WebView was only updated with Android releases. But beginning with Android 5.0 (Lollipop, API 21), Google refactored the code so that WebView could be updated via an APK through the Play Store. Beginning with Android 7.0 (Nougat, API 24), Google allows different apps to provide the WebView library. Because the current WebView is built from the same code base as Chromium, by default the Chrome package provides Android’s WebView (if it is installed). Otherwise, the Android System WebView package provides it.

WebView is limited in the privacy controls it exposes to developers. For example, it isn’t possible to enable some JavaScript commands and disable others. It isn’t possible to disable WebRTC while JavaScript is enabled. It isn’t possible for some tabs to proxy through Orbot while other’s don’t. It isn’t possible to customize the CSS of a website without having JavaScript enabled. It isn’t possible to customize the user agent on resource requests. And it isn’t possible to spoof a large majority of fingerprinting information, like screen size, the system font list, and the canvas hash. Because of this, in the 4.x series of Privacy Browser I intend to create a rolling fork of WebView called Privacy WebView. This rolling fork will be composed of a set of minimally invasive patch files that add additional privacy controls without breaking API compatibility for existing commands. These patches will be rebased with each release of WebView. It is an ambitions project, and it will be quite time consuming, but it has a number of advantages.

  1. It is a lot simpler than creating an entirely new rendering engine.
  2. It will be API backwards compatible with Google’s WebView, which means that custom ROM developers can use it as a drop in replacement.

Some people have suggested I consider using Bromite SystemWebView or GeckoView instead. Those who like GeckoView are usually primarily attracted to the idea of removing as much Google as they can from their lives. Although I am generally in favor of that idea, I do not feel that GeckoView is a good fit for Privacy Browser for the following reasons.

  1. GeckoView is not API compatible with WebView. This means a significant portion of Privacy Browser’s code would have to be rewritten (there are a lot of little bugs in getting a rendering engine to work correctly with things like domain settings). Not that I am opposed to refactoring code, but there has to be a significant benefit at the end of the tunnel to make it worth it.
  2. GeckoView does not expose a significantly greater portion of the privacy settings I need than Android’s WebView. As such, I would still be stuck creating a rolling fork of GeckoView with the same level of time commitment.
  3. Because GeckoView is not API compatible with WebView, a custom fork could not function as a drop-in replacement for Android’s WebView. Although this is not an absolute necessity, it is one of the nice things I am trying to accomplish with Privacy WebView.
  4. I don’t trust Mozilla much more than I trust Google. As a long time user of Firefox since the days it was called Phoenix, I have watched them go downhill and consistently make decisions that are not in the best privacy interests of their users. For example, if they really cared about user privacy they would incorporate their blocklists from Firefox Focus into the main Firefox product and apply them to all websites. But they won’t do this because they make hundreds of millions of dollars every years through their search contracts, and the search companies are not going to pay them that type of money if the tracking of users’ searches are blocked.
  5. I have significant concerns about Mozilla’s commitment to the Android ecosystem. If I rebase Privacy Browser on GeckoView, and down the road they decide it isn’t in their strategic interests to maintain it, I’ll be up the proverbial creek without the proverbial paddle.

As I mentioned at the top of this post, I am open to changing my mind about GeckoView (or any future rendering engine). But it doesn’t currently look like a good match for Privacy Browser.

by Soren Stoutner at December 27, 2018 23:11

Removal of Google’s Ad Consent Library

Privacy Browser 2.15 features the removal of Google’s Ad Consent library from the free flavor. This was added in Privacy Browser 2.10 to comply with the GDPR. It was never included in the standard flavor.

The Ad Consent library performed two functions. The first of which was to determine if a user was located in Europe. If so, an ad consent dialog was displayed. If the user was not located in Europe, ad consent is not legally required so the dialog was skipped and the ads were loaded.

The second function was to specify users as under-age, which causes all ads to be non-personalized and not include “remarketing”. I am not certain what Google means by that, but they do include this partial explanation on their website: “TFUA disables requests to third-party ad technology providers, such as ad measurement pixels and third-party ad servers”.

Without the ad consent library, it is only possible to set ads to be non-personalized. All app ads in Privacy Browser Free are set to be non-personalized. Note that Google has a fairly personalized definition of non-personalized.

Google considers ads to be personalized when they are based on previously collected or historical data to determine or influence ad selection, including a user’s previous search queries, activity, visits to sites or apps, demographic information, or location. Specifically, this would include, for example: demographic targeting, interest category targeting, remarketing, targeting Customer Match lists, and targeting audience lists uploaded in DoubleClick Bid Manager or Campaign Manager.

Non-personalized ads are ads that are not based on a user’s past behavior. They are targeted using contextual information, including coarse (such as city-level) geo-targeting based on current location, and content on the current site or app or current query terms. Google disallows all personalized targeting, including demographic targeting and user list targeting.

This explanation is written for webpage ads as well as app ads. Google does not have access to the URL that is being visited in Privacy Browser (they better not, anyway). But the advertisers do know that Privacy Browser Free is making the request, and they know things like city-level location.

With the removal of the Ad Consent library, all users of Privacy Browser Free will be shown the ad consent dialog. This complies with the GDPR and doesn’t require that Google attempt to determine if a user is in Europe every time the app launches (although they will do so anyway when they load an ad).

This removes the ability to specify users as under age. The irony of using a tracking library to specify that a user does not want to be tracked is not lost on me. Some may consider it futile to remove one Google library when Privacy Browser Free is still using Google’s Firebase Ads library to display ads and is built using Google’s Android suite of libraries and build tools to run on Android. Ultimately, my decision was made based on a desire to minimize my exposure to Google’s libraries beyond the standard Android toolchain. I would eventually like to replace the Firebase Ads library, but I will only do so when I find an ad network that I can independently verify takes user privacy seriously.

Beginning with Privacy Browser Free 2.15, all users will be show the following ad consent dialog when they launch the app for the first time.

by Soren Stoutner at December 27, 2018 21:11

December 24, 2018

Torsten Grote

Interview zu F-Droid mit ZDF Heute

Der Onlineauftritt von ZDF heute hat zwei Artikel zu F-Droid veröffentlicht. Im Vorfeld gab es dazu ein Interview mit mir. Da es nicht das ganze Interview in die Artikel geschafft hat, veröffentliche ich es hier der Vollständigkeit und Transparenz halber.

 

Was unterscheidet F-Droid vom Play-Store?

F-Droid ist wie der Play-Store ein Ort, um neue Apps zu bekommen. Allerdings sind bei F-Droid ausnahmslos alle Apps sogenannte Freie Software. Das bedeutet kurz gesagt, dass man sie frei verwenden, verstehen, verbessern und verbreiten darf. So ist für jede Version jeder App auch der Quelltext offen verfügbar (Open Source).

Was ist der Vorteil von F-Droid-Apps aus Nutzersicht?

Die Verfügbarkeit des Quelltextes jeder App verhindert es, dass sich Spionagefunktionen in der App verbergen. Sollten solche bereits im Quelltext des Entwicklers vorhanden sein, dann werden sie von F-Droid entfernt. Im Play Store hat der überwiegende Teil aller Apps meist sogar mehrere Spionagefunktionen mit denen das Verhalten der Nutzer überwacht und ausgewertet wird.

Darüber hinaus finden sich bei F-Droid auch einige kostenlose Apps, die bei Google Play Geld kosten würden.

Wieviel Apps gibt es zur Zeit auf F-Droid?

Aktuell (Dezember 2018) werden 1707 verschiedene Apps von F-Droid aktiv verteilt. Im Archiv finden sich noch mehr, diese Apps sind aber meist veraltet und nicht zur Installation empfohlen.

Wie sieht der Überprüfungsprozess einer App aus? Wenn die App Werbung, proprietäre Elemente oder Tracking enthält, verweist F-Droid in der Profilseite der App auf F-Droid extra darauf?

Eine neue App wird mit einem sogenannten Pull Request hinzugefügt. Dieser wird dann von einer oder mehreren Personen gesichtet und die App einer groben Prüfung unterzogen. Da es sich hierbei um Ehrenamtliche handelt, kann der Code der Apps dabei nicht vollständig auditiert werden. Es gibt allerdings automatische Tools die Tracker und Schadsoftware im Quelltext entdecken können und bei der Prüfung unterstützen. Bisher gab es keinen Fall von Schadsoftware in F-Droid.

Proprietäre, also unfreie Bestandteile der App sind grundsätzlich nicht erlaubt. Werbung ist nicht verboten, wird aber meist mit unfreier Software umgesetzt und ließe sich sowieso leicht entfernen. Deswegen gibt es bei F-Droid’s Apps keine Werbung.

Sollte eine App unerwünschtes Verhalten aufweisen oder unfreie Netzwerkdienste wie z.B. Twitter benötigen, dann weist F-Droid darauf hin.

Warum ist die „normale“ Firefox-Android-App nicht auf F-Droid, sondern nur Firefox Klar? Und wieso zwar Telegram und Kontalk auf F-Droid sind, aber nicht Signal?

Es gab mit Firefox in der Vergangenheit immer wieder Probleme mit den Markenrechten, deswegen haben viele freie Projekte es unter anderem Namen verbreitet. Hintergrund: https://lwn.net/Articles/676799/

Firefox ist daher aktuell unter dem Codenamen Fennec zu finden.

Mit den Entwicklern von Signal gab es schon vor vielen Jahren Streit um die Aufnahme von Signal in F-Droid. Die Entwickler wollen nicht in F-Droid sein und die Verbreitung der App komplett selbst kontrollieren. Außerdem ist Signal aktuell keine Freie Software, weil es eine Komponente von Google enthält, die unfrei ist.

Wenn ich es richtig verstanden habe, gibt es Apps, deren F-Droid-Version im Vergleich mit der Play-Store-Version datenschutzfreundlicher sind, weil die App-Betreiber sie für F-Droid „bereinigt“ haben, oder? Kannst du ein Beispiel einer App nennen, bei der es so ist?

Apps in F-Droid die normalerweise Google Analytics verwenden, um das Nutzerverhalten auszuwerten, finden sich hier.

Das ist z.B. die Ubuntu One Files app.

Eine andere Tracking library ist Admob (jetzt ebenfalls von Google). Die
apps dazu sind hier.

Kannst du sagen, wieviele Leute zur Zeit im Kern-Team von F-Droid sind und wieviel in der aktiven Community?

Das lässt sich schwer sagen, aber folgende Zahlen erlauben eine Annäherung:

Auf Gitlab sind 28 Entwickler*innen in der F-Droid Gruppe.

Im Community-Forum sind aktuell 2314 Benutzer registriert.

by Torsten at December 24, 2018 13:46