So much needless negativity. Not all features need to be for you.
But, given some users’ sensitivity to this, these types of features will always be optional for use by people who want them.
I would welcome a local model with good integration, I have use for it.
Tldr:
To balance AOSP’s open nature with its product development strategy, Google maintains two primary Android branches: the public AOSP branch and its internal development branch. The AOSP branch is accessible to anyone, while Google’s internal branch is restricted to companies with a Google Mobile Services (GMS)licensing agreement.
Beginning next week, all Android development will occur within Google’s internal branches, and the source code for changes will only be released when Google publishes a new branch containing those changes. As this is already the practice for most Android component changes, Google is simply consolidating its development efforts into a single branch.
Thanks for the detailed write up!
They just used the self reported labels on Apple‘s Appstore for this “study”, who knows what a company “forgot” to put in there.
Ah sry, i just read through the bug report to get a grasp of the timeline.
It has been fixed for a while for new installs, bit I agree, there should have been some kind of notification, that manual intervention is required. It was even mentioned in the bug report, so I don’t know why the dev neglected to implement the notification
It‘s coming along in Thunderbird, they continuously mention it in their monthly development blog.
Exchange Web Services support in Rust
November saw an increase in the number of team members contributing to the project and to the number of features shipped! Users on our Daily release channel can help to test newly-released features such as copy and move messages from EWS to another protocol, marking a message as read/unread, and local storage functionality. Keep track of feature delivery here.
If you aren’t already using Daily or Beta, please consider downloading to get early access to new features and fixes, and to help us uncover issues early.
On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.
This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.
If you don’t get a solution here I would recommend asking on bazzites discord or forum. There are more helpful people with more insights into immutable there. If it can‘t be solved without layering they might even be open to having it included in the image by default.
Great to see progress! Why is it behind their official github releases though? Latest version is 2024.10.2 and not 2024.09.0. It is four releases, meaning more than a month, behind.
Great news!
Seems like people in the comments are misunderstaning the point entirely. This protocol is about import and export from password managers and not about having them synced between devices. It would prevent a lock in effect. This is a great development!
FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default.
Your arguments don’t really make sense in the context of you asking for Threema instead, even if you acknowledge that it isn’t optimal.
[Signal] already showed that they’d like to keep the ecosystem locked down by not allowing 3rd party clients
Neither does Threema, it is a closed eco system? And in fact there is Molly, a hardened Signal fork for Android
At some point they will need a way to pay for their datacenters, […] i can see the pestering for donations getting much worse in the future.
Threema is a paid app though. So you consider an app asking for donations worse than a paid one? I agree though that their financials aren’t the best, since they seem to be living off a loan, but thats even more an argument to donate.
This is hilarious and sad at the same time.
You continue to misunderstand the word “misinformation”. It is incorrect information spread without intent. A mistake made that leads to incorrect information spreading, falls into that category. Especially as it is in the starting point of the discussion, where sources should have been provided.
The need to feel victimized and a little bit of paranoia is strong in you, you should talk to someone about that. I am guessing that is caused by the lies and disinformation spread by your political party of choice. (I am only mentioning politics, because you brought it up with the feds conspiracy theory)
If you went and looked at my account history, you would see that there are a few comments in german and my account is registered on a german server and coincidentally I am German. So much for your fed theory.
My criticism has been nothing but constructive. I implore you for the future to do research using credible sources and to cite them, before making claims that could have a big impact. That goes for discussions on lemmy and as well in real life, when you are discussing or forming an opinion on an important topic.
I hope you get the help you need!
Oh sorry about that! Somehow missed that. Still weird by OP to claim systems are insecure just because vulnerabilities are discovered. That‘s the case for every system out there. Vulnerabilities are discovered and fixed. And mobile operating systems typically have stricter security features and permission management than Desktop OS.
Misinformation is the inadvertent spread of false information without intent to harm, while disinformation is false information designed to mislead others and is deliberately spread with the intent to confuse fact and fiction. Source
This is more than a simple mistake and I am right to call it misinformation. I appreciate that you seem open to discussion about you being wrong. Nevertheless your post is still not edited to correct the proven wrong statements. You can use strikethrough so no context is lost, like I did in the comment you are replying to, where I was wrong.
You made a post with huge claims, basically saying that signal is unsecure and messages can be read by the goverment. This is such a big claim that it should have been researched by you beforehand and you should have provided sources. You don’t get to hide behind “discussions” because in a discussion you actually provide sources if you make claims. Especially if you are trying to start one, to give the readers a chance to read up on the topic.
You “getting a detail wrong“ has a huge impact. Some people will stumble upon this post, read that signal is supposedly insecure and might believe it and even spread that. It hurts the adoption of a secure encrypted messenger. It is not a small detail, but the foundation of your whole post.
And I am mostly right, I just seem to have been wrong on the detail about Signal push notifications. […] This comes from the DOJ senator Wyden saying these corporations can secretly share this data with governments and can include the unencrypted text which is displayed in the notification.
No, you are mostly wrong about the claims you make! Again your post made the connection to signal. Push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you’re talking to. Source
“spreading misinformation” is a phrase mostly used by feds when they see something they consider to be “wrong think” or not “politically correct”. They use this anti-misinformation campaign to support their censorship and mass surveillance system.
I don‘t appreciate you, trying to frame my correction of your blatant misinformation as trying to censor you. Don‘t try to play the victim.
Thanks for pointing that out to me, I wasn‘t aware of that.
You are just spreading misinformation! Cite your sources!
There is a strategy used, which allows the government to find out who an account belongs to. They ask the push providers (Apple/Google) for data on the push token from e.g. a messaging app. This way they associate the account from an app with an identity.
Nothing there about message content. It is still safely E2EE.
I don’t know how it works in your country, but in mine, phone numbers are already associated with identities, so nothing gained as the gov can just ask signal for the phone number of an account, instead of having to ask signal and the push provider to get the identity. (Edit: apparently it’s hashed, so there seems to be a use for this.)
Signal isn’t about Anonymity but Privacy. There is a difference.
If you have another vulnerability cite it!
Agreed, Cryptomator is what you are looking for