Oh no, wouldn’t anyone think of the billion dollar companies? The Chinese are stealing the models that they have spent so much effort on getting all the training data. What a shame.

Protons mobile app doesn’t have an independent push notification service. If you’re not using Google play, you will not get push notifications.

Not the end of the world, but may be a deal breaker for some.

For what. Thats a lot of effort for a small userbase. And most importantly a userbase that doesn’t see Google ads. Custom hardware is expensive and doesn’t provide much additional data for most users and provides unprofitable data for degoogled phones.

Google doesnt spy on us just because they are evil. They spy on us to sell more expensive targeted ads.

The anonymous credential signature scheme that is planned to be used is BBS#, I don’t know how it handles revocation.

Additionally, BBS# proposes a solution for device-binding from ECDSA-signatures, relying on re-randomization of ECDSA signatures and public keys. Furthermore, a trust model for BBS# that covers revocation and proof of validity is defined in [BBT2025].

[BBT2025]: Trust Model : Securing digital identity with advanced cryptographic algorithms, available at https://github.com/Orange-OpenSource/BBS-SHARP-doc-eudi-wallet , 2025

https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/blob/main/docs/technical-specifications/ts4-zkp.md

I haven’t found where in that source the implementation of revocation is discussed.

Edit: https://github.com/Orange-OpenSource/BBS-SHARP-doc-eudi-wallet/blob/main/Trust-model-privacy-on-attestation-presentation.md#14-attestation-revocation

Seems like no ways of enabling privacy preserving revocation with bbs# are known jet. This means that arithmetic circuit based proofs would be the only way to enable revocation. And as they can prove any statement in NP with ZK, the fact that they can prove that a revocation id is not part of a given list is obvious. https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/blob/main/docs/technical-specifications/ts4-zkp.md#22-proofs-for-arithmetic-circuits-programmable-zkps

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/main-51.pdf As crescent by Microsoft is one of the considered implemations, this paper is probably the most relevant work on revocation of anonymous credentials.

The reason why it works is a bit complicated, but basically the trick is that the signatures are not immutable. Given a valid signature, it is possible to create a new valid signature over the same content that is not linkable to the original one. This means that it is still possible to derive, what authority signed the document, but the authority cannot know in which transaction it has signed that specific document.

I wanted to get in contact with a researcher that didn’t have a public university mail and instead linked to his LinkedIn. I wasnt able to see his contact info unless logging in and I couldn’t contact him without paying LinkedIn, so I didn’t contact him…

Great networking platform /s

And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.

Actually, no on the fly communication with the issuer is required for selective disclose. You just need a signed document with individually salted hashes of different properties and you can create a zero knowledge proof non-interactively. Zero knowledge meaning that truely nothing but the disclosed property (age > 18, County == DE, or whatever) is communicated to anyone.

Theres a lot of other cool stuff that can be done with zero knowledge digital identity wallets. You could for example hash your pubkey together with the service providers pk and disclose that as a per service ID, but not reveal your pk. This allows linkability within one service (as a login method for example) while preventing cross service linkability.

I think it really doesn’t matter if a reaction video used the youtube player or vlc with ytdl. If its transformative content its fine, if its a re-upload with a facecam in the corner then not. Technology isn’t the problem here.

Soweit ich weiß hilft Snowflake nicht, um die Internet sperren zu umgehen, da es sich eben nicht um DNS sperren, sondern um blockieren von routing allgemein handelt.

Snowflake hilft aber Leuten, die einen Weg gefunden haben, diese Sperren zu umgehen, ihre Identität zu schützen.

Starlink wird zum Beispiel genutzt, wobei das wohl auch versucht wird zu verhindern durch jamming.

Im not a big fan of meta and WhatsApp, but these claims are a bit much. Any employee gets access to messages through a well documented internal process? “No separate decryption step is required” , so the WhatsApp CLIENT is not doing any actual e2e encryption and no attempt at reverse engineering or traffic analysis has ever seen that this is the case?

Where can one see, what these whistleblowers have actually published? I would expect to see this “simple process” and how that interface actually works… And I would expect any journalist to request some proof (show me the last message i sent to Alice) before trusting an anonymous whistleblower making such an extraordinary claim.

From what I heard so far, that anonymous whistleblower could be a troll or an ex-employee who just wants to cause some trouble for meta.

We should not trust anything blindly, even if it fits with our view of the world. Meta is an evil company, but as long as there is no indication for these specific allegations to be true, we should treat them as unfounded allegations.

Well maybe Europe can become the center of science again.

I don’t think that googles mail Client supports pgp. And if you use a client you trust with Google mail, the content of your mail is encrypted.

They will still use metadata to track who you are talking to and about what. The Mail subject is metadata and therefore not encrypted.

So to keep your conversations private, dont use gmail, and probably don’t use mail at all, use something build with encryption in mind.

Its main “security” feature is that they are uncooperative towards most governments. If a government makes a legally binding request to signal, they recieve IP, Account creation date and other unavoidable stuff and signal is transparent about that. If telegram gets that request, they probably ignore it, but maybe they don’t and there is no way to know as a user.

Also telegram is the platform of drug dealers, nazis and conspiracy theorists. So even if it had e2e by default, I would still prefer using another platform.

As long as they celebrate voluntary chat contol as a victory and shut up about it, I’m fine with that.

But they will always return to wanting more eventually.

GrapheneOS is popular with degoogling, but that’s not its primary goal. If there is a tradeoff between independence from Google and security, they will always choose to increase security.

GrapheneOS is also probably the only custom rom that cooperates with Google to get access to vulnerabilities and patches before the embargo is lifted.

If you want to be completely independent from Google, GrapheneOS is not what you’re looking for. Its it’s a security focused os that also has some degoogling features, not the other way around.

Proof by intimidation

Have you tried turning him off and on again?

But always at night, so boot time isn’t too relevant.

Powertoys has a plaintext paste

Three years ago I made an issue on their feedback page because the android app doesn’t really work on degoogled phones, it requires gms for notifications. Still not fixed.

Nice privacy focused App that can’t fully be used if you take privacy seriously.