kixik

cross-posted from: https://slrpnk.net/post/17370625

I've been a user of Librewolf for a about a year now, and it's always served me pretty well as a nice easy way to get a hardened Arkenfox Firefox.

However, recently I was curious why Librewolf wasn't recommended on PrivacyGuides, and took a look through their reasoning on their forum. That thread spans multiple years, and for the most part I thought their reasons for not including it were a bit unfair, especially after Librewolf started offering automatic updates.

But towards the end of that thread in October, a Privacy guide team member posted a link to the Arkenfox github issue tracker, where a Librewolf team member reveals how the project appeared to have lost steam after a critical member left, and they are struggling to keep it up to date with the latest Arkenfox updates, despite putting out new releases.

I'm not sure if those problems have been resolved since that time. One of the maintainers did mention they're still short staffed in this topic on taking over maintaining Mull.

After considering the arguments for and against in the PrivacyGuides thread, I think their conclusion for not recommending it was ultimately correct. Using Librewolf adds an additional layer of trust, not only to not be malicious (which I don't suspect they are) but to also be able to adequately fulfill what they set out to do reliably.

Another big part of them not recommending it was the existence of the Mullvad Browser, which I didn't realize was in fact a very well hardened version of Firefox (essentially the Tor browser without the Tor part), and is far more effective for private browsing compared to Librewolf or an Arkenfox'd firefox.

Ultimately you'll have to come to your own conclusion, but personally I'll be switching back to Firefox as my convenient daily browser full of addons, alongside the mullvad browser for (more) private browsing.

cross-posted from: https://lemmy.ml/post/22214348

Some weeks back apkupdater stopped being able to download/upgrade/install from apkpure, but now a days I see issues with apkmirror as well (I see way less apps when searching for them). There was an initial issue about not being able to install from apkpure, but it seems more than that.

Agreed there's aurora store, but to be honest, I pretty much prefer avoiding the Google Play store at all, and I haven't found an issue with apkpure.

There was apkgrabber, but it was not working since so long, and finally it got archived on github.

Is there some FLOSS app similar to apkupdater, other than aurora store?

Anyone experiencing issues with it? Issues are not meant to be status reports once filed, but it seems not many have even noticed about the referred issue.

Darn, and I just got Librewolf upgraded to 131.0, meaning needing to wait further for 131.0.2.

Is this total cookie protection something embedded, not requiring any user intervention? I know with librewolf we get the strict enhanced cookie protection mode, but I don't know if for this total protection there's something required, if not turned on by default...

Greetings !

Hello !

I'm wondering if there's some blogging mechanism which would allow some sort of unique digital signature (PGP perhaps) to prevent personification, but which allows non traceable and fully anonymous author. Not looking for blockchain like stuff (apart from the layer Monero adds, blockchains are totally transparent, traceable and non anonymous). Not looking for bigotry, attacking people or anything like that.

The idea is to be able to share ideas, even corporate related, without being afraid of retaliations whether at work, corporations or governments. Expressing something at pubic might bring unexpected consequences, particularly if not aligned by the corporation one works on if that's the case, or might provoke AI, bots, or paid/unpaid people looking around, to include anyone in a particular list, without even warning the writer about it.

So I was looking if such thing is possible, and if it exists. Social networks of course wouldn't be an option, they're not anonymous, and at contrary can be used to cross-reference and trace people.

If such solution doesn't exist, I'm wondering if something based on gnuNet might get close, although gnuNet is not meant to make users anonymous. Or perhaps something based on i2p.

Of course the digital signature should be used exclusively for the blog posting, and can't be associated to any real email, host, or whatever...

Feedback on the blog posts should also be allowed to anonymous people with their own unique digital signatures. But this is harder, since depending on the technology, not sure if moderation would be allowed, or even if it would make sense, in which case, no blog feedback should be allowed, though no feedback is really a down side for blog posts. Maybe allowing just the original post to remove feedback. Some other down side, but that's unavoidable, is the lack of non on thread feedback, meaning giving feedback through email or any other medium, since if that was available would make the writer non anonymous...

If such thing is not available, and eventually based on something like gnuNet or i2p, most probably clients would be needed to write blogs but another one that would offer some sort of RSS/atom functionality for the blog to be accessible from current RSS/atom readers.

Just wondering, as the reasons to move here are gone, can the community go back to lemmy.ml? There are quite some posts over lemmy.ml, so going back there would be useful I believe, and also moving the few posts here over there would be just great (perhaps not the comments)...

Just an honest question, not to provoke flame wars or anything like it...

Greetings !

Anyone aware of a conversations fork with support for unified push notifications? Or a similar xmpp android app with omemo (just the same as conversations' support) and unified push notifications support, available through the official f-droid repor or a f-droid repo if not available from the official ones?

BTW, I noticed [email protected] community was locked. Any particular reason for that?

Also, Converstions requests to set unrestricted use of battery, to use battery under background without restrictions. So it seems unified push notifications would help, though this github issue sort of indicates unified push notifications wouldn't help, so it just tells me there's no intention to include support for it on Conversations, but not that it wouldn't help save battery.

https://disroot.org provides several decentralized federated services, as email and xmpp, besides other cloud services as well... But not sure if asking here is right or not, but don't know anywhere to ask either...

Is it having a license issue, does anyone know about it? Any status updates?

Websites prove their identity via certificates. LibreWolf does not trust this site because it uses a certificate that is not valid for disroot.org. The certificate is only valid for p1lg502277.dc01.its.hpecorp.net.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

But also:

disroot.org has a security policy called HTTP Strict Transport Security (HSTS), which means that LibreWolf can only connect to it securely. You can’t add an exception to visit this site.

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

I also tested with ungoogled chromium and pretty similar thing...

Anyonea aware, and also about disroot saying on this?

Edit (sort of understood already, no issue with disroot at all): The issue only shows up under the office VPN. It seems like disroot is not recognizing the office's cert...

Edit: Solved. Yes it's the office replacing the original cert with its own, as someone suggested. Thanks to all.