Overview of all pages with the tag #Tracking the Trackers, such as: Scanning apps, off the record| Guardian Project
Overview of all pages with the tag #Open Source, such as: 7ASecurity Completes Security Audit of Círculo| Guardian Project
Overview of all pages with the tag #Nlnet, such as: The Search for Ethical Apps: Let's start with governments| Guardian Project
Overview of all pages with the tag #Ngi0 Pet, such as: New Data Sources: API Key Identifiers and BroadcastReceiver Declarations| Guardian Project
Overview of all pages with the tag #Security, such as: IOCipher 1.0 community reboot| Guardian Project
Overview of all pages with the tag #Distribution, such as: Distribution in Depth: Mirrors as a Source of Resiliency| Guardian Project
Overview of all pages with the tag #Debian, such as: Debian over HTTPS| Guardian Project
Update: now you can do this with Tor Onion Services Many software update systems use code signing to ensure that only the correct software is downloaded and installed, and to prevent the code from being altered. This is an effective way to prevent the code from being modified, and because of that, software update systems often use plain, unencrypted HTTP connections for downloading code updates. That means that the metadata of what packages a machine has installed is available in plain text f...| Guardian Project
Overview of all pages with the tag #Android, such as: IOCipher 1.0 community reboot| Guardian Project
Overview of all pages with the tag #Tor, such as: Arti, next-gen Tor on mobile| Guardian Project
Overview of all pages with the tag #Privacy, such as: 7ASecurity Completes Security Audit of Círculo| Guardian Project
Overview of all pages with the tag #Metadata, such as: DEfO - Developing ECH for OpenSSL (round two)| Guardian Project
Overview of all pages with the tag #Fdroid, such as: A Look Back at 2024: F-Droid's Progress and What’s Coming in 2025| Guardian Project
Overview of all pages with the tag #F Droid, such as: A Look Back at 2024: F-Droid's Progress and What’s Coming in 2025| Guardian Project
Overview of all pages with the tag #Bazaar, such as: Building a Signing Server| Guardian Project
Debian’s package manager apt has a time-tested method of securely providing packages from the network built on OpenPGP signatures. Even though this signing method works well for verifying the indexes and package files, there are new threats that have become relevant as man-in-the-middle attacks and data mining become ever easier. Since 2013, apt developers have supported encrypted transport methods HTTPS and Tor Onion Service. We have been recommending their use since 2013.| Guardian Project
There is a new vulnerability in Debian’s apt that allows anything that can Man-in-the-Middle (MITM) your traffic to get root on your Debian/Ubuntu/etc boxes. Using encrypted connections for downloading updates, like HTTPS or Tor Onion Services, reduces this vulnerability to requiring root on the mirror server in order to exploit it. That is a drastic reduction in exposure. We have been pushing for this since 2014, and Debian, mirror operators, and others in the ecosystem have taken some big...| Guardian Project