Good to see: Mullvad had Cure53 audit the security of their infrastructure.
“The security awareness and overall security posture should be regarded as rather good, as expected Cure53 were not able to discover any Personally-Identifiable-Information attached to Mullvad's end-users.”
Proton's blog posts   don't state details on the filter lists being used, only that it's a "massive database of sites known to host malware, spyware, or any other malicious software."
But it looks like they mentioned on Reddit , "We have both public and proprietary lists that we maintain." 😕
Added several more interesting encrypted DNS providers I recently learned about to https://encrypted-dns.party for Apple devices:
- https://ahadns.com (previously pi-dns)
Signal team needs to address this.
“Signal should warn users who are likely using insecure IME apps”
Interesting new search engine I learned about: Okeano.
"We spend 80% of our profit to purchase as many river interceptors we can and deploy them to polluting rivers around the world."
"...we don't know who you are and it's impossible to tie your searches to you."
"Currently we support domain blocklisting and !waves (similar to DDG bangs)." - https://news.ycombinator.com/item?id=25715921
All v3 Onion Addresses Down After Attack On The Tor Network
Learned of another self-hostable, privacy-focused front end similar to Teddit called Libreddit.
Source code: https://github.com/spikecodes/libreddit
Differences as of now are:
- Libreddit mirrors Reddit’s redesign while Teddit mirrors the old.
- Libreddit is written in Rust while Teddit is in Node.js.
TIL about HTTPS4All, an open-source “HTTPS-Everywhere” app for iOS Safari.
Neat! Open-source iOS/iPadOS 14+ app for easily configuring an encrypted DNS profile.
There’s also https://github.com/fyr77/dns-mobileconfig for generating a custom, shareable profile and my own project, https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs, for some pre-made, shareable profiles.
Good to see! Standard Notes recently completed security audits for cryptography (Trail of Bits) and penetration testing (Cure53).
Oh hello, if you have a #NintendoSwitch and got the latest update, there’s now 2 places where Google Analytics is enabled by default where you need to opt out.
Very cool -- https://teddit.net is a new privacy-friendly Reddit frontend, similar to Invidious / YouTube, Bibliogram / Instagram, and Nitter / Twitter.
Source code: https://codeberg.org/teddit/teddit
- All requests go through the backend, client never talks to Reddit
- Lightweight (teddit frontpage: ~30 HTTP requests with ~270 KB of data downloaded vs. Reddit frontpage: ~190 requests with ~24 MB)
New security audit of Threema by Cure53.
“...despite dedicating sixteen days to the security-centered investigations and reaching the expected coverage, three members of the Cure53 team could only spot seven minor weaknesses on the scope. The absence of vulnerabilities and the generally low severity scores contribute to the positive verdict reached about the security standing of the Threema mobile applications during this October 2020 assessment.”
Whoa, this will be convenient!
"We plan to add support for using a GrapheneOS release of microG this way. In the longer term, we also plan to offer a more minimal compatibility layer implemented by pretending that Google services are offline. Both will be options you can choose to install in a specific profile."
Just discovered RSS-Bridge; really helpful, open-source project.
For instance Mozilla doesn't provide a feed for their security advisories page (https://www.mozilla.org/en-US/security/advisories/) but rss-bridge does (https://github.com/RSS-Bridge/rss-bridge/blob/master/bridges/MozillaSecurityBridge.php) 👍🏼
anarchist, privacy advocate, & software developer • he/they • Black Lives Matter • ACAB • #nobot
Single-user instance on https://masto.host. 👋🏼
Personal instance of nitrohorse (nitrohorse.com).