#Tag
๐จ 3.5 billion users: Entire WhatsApp directory publicly accessible
Source: https://www.theregister.com/2025/11/19/whatsapp_enumeration_flaw/
Here are our best #WhatsApp alternatives: https://tuta.com/blog/best-whatsapp-alternatives-privacy
Conclusion: Choose #Signal
This week in #FDroid (TWIF) is brought to you by SSSE3:
* Polish app guide? Fennec has great translations
* #ArcaneChat #DeltaChat w/ better onboarding
* #Kotatsu stopped development
* #Luanti #Minetest now on #OpenCollective
* #Notesnook caught up
* Anoher big #OSMAnd release
* #Session Messenger vs screenshots
* Repomaker at #DroidCon #Kampala
+ 15 new apps
& 197 updates
- 2 archived
And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html
This week in #FDroid (TWIF) is brought to you by SSSE3:
* Polish app guide? Fennec has great translations
* #ArcaneChat #DeltaChat w/ better onboarding
* #Kotatsu stopped development
* #Luanti #Minetest now on #OpenCollective
* #Notesnook caught up
* Anoher big #OSMAnd release
* #Session Messenger vs screenshots
* Repomaker at #DroidCon #Kampala
+ 15 new apps
& 197 updates
- 2 archived
And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html
There's a more secure alternative to texting via your phone's native messaging app. Signal is a free app that employs end-to-end encryption and we have a step-by-step guide to help you learn how to use it. https://ssd.eff.org/module/how-to-use-signal
1
It supports #surveillance
https://www.counterpunch.org/2025/03/07/the-revolution-will-not-be-signaled/
2
#SignalApp is #Trump friendly
https://therecord.media/signal-no-longer-cooperating-with-ukraine
3
It collects your #Metadata like #WhatsApp
https://primal.net/e/note14hf9d3fkkhrsygkyzz8snuwyukckd4yqx0cq62z35cwp53a20a8suw457j
4
Everyone can spy you
https://heise.de/-10515774
Check:
https://SecureMessagingApps.com
rate
๐ฉ=3
๐จ=1
๐ฅ=0
=
86 #Threema = Winner
81 #SimpleXChat
80 #Signal
77 #Session
68 #Wire
56 #Element / #Matrix
37 #Apple #iMessage
32 #WhatsApp
27 #Telegram
26 #FB Messenger
Added ๐จ๐ฃ๐๐๐ง๐ ๐ฎ [UPDATE 2] to ๐๐ฟ๐ฒ๐ฒ๐๐ฆ๐ ๐๐ฒ๐๐ธ๐๐ผ๐ฝ - ๐ฃ๐ฎ๐ฟ๐ ๐ฎ๐ณ - ๐๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป - ๐ก๐ฒ๐๐ณ๐น๐ถ๐ ๐ฆ๐ถ๐ด๐ป๐ฎ๐น ๐ง๐ฒ๐น๐ฒ๐ด๐ฟ๐ฎ๐บ [FreeBSD Desktop - Part 27 - Configuration - Netflix Signal Telegram] article.
#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld
Added ๐จ๐ฃ๐๐๐ง๐ ๐ฎ [UPDATE 2] to ๐๐ฟ๐ฒ๐ฒ๐๐ฆ๐ ๐๐ฒ๐๐ธ๐๐ผ๐ฝ - ๐ฃ๐ฎ๐ฟ๐ ๐ฎ๐ณ - ๐๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป - ๐ก๐ฒ๐๐ณ๐น๐ถ๐ ๐ฆ๐ถ๐ด๐ป๐ฎ๐น ๐ง๐ฒ๐น๐ฒ๐ด๐ฟ๐ฎ๐บ [FreeBSD Desktop - Part 27 - Configuration - Netflix Signal Telegram] article.
#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld
First step towards implementing #JWT in #swad done, just committed a good 1000 LOC and now my #poser lib can do #JSON ๐
https://github.com/Zirias/poser/commit/7f1772e85c869d544f8a12099ed6545e163dc163
@Tutanota
๐ด๐ ๐๐ ๐ฝ๐๐๐, ๐
๐พ๐ฟ๐ ๐๐ ๐๐๐๐๐:
#DeepL; #VivaldiWebmail #Calendar; #Brave_Search/ #DuckDuckGo_Search; #ProtonPass; #Session; #VivaldiBrowser; #OnlyOffice; #Aurora_Store/ #FDroid; #e_OS (๐ฃ๐ค๐ฉ ๐ฎ๐๐ฉ); #Ente_Photo; #Logseq; #Heliboard; #ProtonMail/ #VivaldiWebmail/ #TutaMail; #MiroTalk_SFU; #Ente_Auth; #ProtonDrive/ #filen_io; #LibreTube; #OsmAnd
I now decided I'll at least aim for some middle grounds: Rework #swad so it only needs a (server-side) #session once a user is #authenticated!
This does have some implications, e.g. passing a redirect argument to the authentication endpoint won't work any more. But experimentation shows a workaround would be to use an "internal redirect" to the login endpoint in #nginx.
We'll see where I end up. Having sessions only for authenticated users should reduce the need for server-side RAM significantly, so I hope ๐
More #poser improvements:
* Use arc4random() if available, avoids excessive syscalls just to get high-quality random data
* Add a "resolver" to do #reverse#DNS lookups in a batch, remove the reverse lookup stuff from the connection which was often useless anyways, when a short-lived connection was deleted before resolving could finish ๐
As a result, #swad can now reliably log requests with reverse lookups enabled ๐ฅณ
About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.
I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift#PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.
Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.
arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.
A space for Bonfire maintainers and contributors to communicate
