Stefano boosted

Paper describing GrimoireLab, finally published in @PeerJCompSci peerj.com/articles/cs-601/ With @sduenasd @_valcos_ @dizquierdo @acstw @sanacl @alpgarcia GrimoireLab is a software development analytics toolset, come & know how it can help you

Stefano boosted

"One of the reasons why getting full access to your device is really tempting for governments is the same reason it’s tempting for abusive partners and former partners: we carry tracking devices in our pockets." - EFF Director of Cybersecurity @evacide ted.com/talks/eva_galperin_wha

Stefano boosted
Privacy-wise, Matrix is worse than Slack for public rooms.

Don't hit respond yet, read further.

With this whole freenode mess, some of the online communities I'm part of moved to Matrix. Despite how much I personally love IRC (that's top-notch privacy-wise for public rooms), I have to admit the overall Matrix UX is order of magnitude better and more in line withthe 2021 standards. It lowers the barrier of entry, and I'm all in for that!

However, there's a *massive* catch: the read status. Every time you can see a message on a public room, Matrix will show your avatar next to the said message to materialize you "read" (at least saw) it,

There's currently no way to disable this feature, be it on synapse or dendrite. The read status gets broadcasted to *all the room participants*, including bots.

Some bots are autojoining all the big room as soon as your open them. It's not clear who operate them, they don't ask nobody's consent before joining. You can assume this presence data is actively getting stored and mined by them, it's trivial to do. I implemented such a POC in a couple of hours yesterday night (I obviously turned it off and deleted the data after showing it to some friends).

Back to my initial punch line: this situation is worse than it it is with Slack. At least, with Slack, my read status stays between me, Slack corp and the people they decide to share the data with. With Matrix, it's open bar, private data for everyone.

The Vector team seem not to care too much [1] and are not considering this situation as urgent.

We absolutely need a way to disable these read status on a per room (or space?) level. As free software devs, we should be able to protect our peers and users privacy. My presence status, be it on a public chat is definitely *not* a public data that should carelessly be shared.

[1] https://github.com/vector-im/element-web/issues/2527
Stefano boosted

RT @wireditalia
Filippo Sensi @nomfup (parlamentare) e Laura Carrer @lracrr (ricercatrice e giornalista) saranno ospiti nell'incontro "Tutto ciò che fa il mio volto"
Potrete seguirci in streaming sui nostri canali social e sul sito di Wired Italia #WNF21: nextfest2021.wired.it/topic/so

Stefano boosted
Stefano boosted

🌟 Feel free to follow @fedeproxy to keep in touch with the #fedeproxy forge federation project.

During today's meeting, there was a consensus on creating a mastodon account dedicated to #fedeproxy It is exclusively used to boost and never toots. The #fedeproxy community is horizontal and does not have, by definition, a spokesperson.

fedeproxy.eu/blog/2021/01/10/m

Stefano boosted

The #fedeproxy #forge federation project needs #diversity, from the start. Do you want to join?

Boost appreciated.

Stefano boosted

Test any website for third party cookies, ad-trackers, keyloggers and more themarkup.org/blacklight

Stefano boosted

Google's #FLoC will kill third-party cookies (yay) while monopolizing surveillance (boo). The web needs competition, but not competition to figure out how to spy on you. eff.org/deeplinks/2021/04/figh

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.