No audit, no 2FA, no transparency report, limited servers, proprietary clients. There are better options.

It’s definitely not something a regular user should panic over. But it’s a huge deal since a lot of high security, sensitive targets also rely on the same library.

While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

Both. The cryptographic library in question is also used in other cryptographic applications too, so it’s a huge mess.

https://publiccode.eu/en/

Mattermost is only source-available due to their dual licensing.

Try FreeTube.

Instance blocking only hides communities from that instance, but not users.

You are correct, I somehow got confused… It was v1.2.0 release, I updated my original post. The release didn’t even mention the license change. https://github.com/eythaann/Seelen-UI/releases/tag/v1.2.0

It’s another fake open source license. While source code is public under the license, you can’t modify or republish so if the project decides to sell you are fucked.

v1.2.0 release changed the license from MIT to PolyForm Strict License 1.0.0 which removes ability to re-publish and make changes to the project. In the day when fake open source projects sell out daily, it’s a good sign to avoid this project.

Not entirely about free music, but you might find Bandwagon interesting https://lemmy.zip/post/20835272

EU has a similar program called Horizon Europe, which spent around €95.5 billion so far. Though it’s broader in scope, not limited to just software, but includes various open source research too.

It’s listed as a honorable mention in the article.

I think it more comes down to it not being Discord than people liking it.

Element X (Matrix client). Basically anything that offers F-Droid or open source release will have builds without built-in notifications. Play Store/App Store builds requires using native notification systems.

It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.

But I’m not an author. That would be @nateb@mastodon.thenewoil.org.

Spoofing just changes the displayed called/sender ID, not the actual number. They would still need real numbers for each account. And they block a lot of VoIP numbers, like most services these days. And getting carrier SIMs or e-SIMs is a not that easy.

No mandatory 2FA as far as I know.

It’s there for a reason. You can’t easily create a spam waves if you need a phone number to create an account. And they added usernames now, so you don’t need to share your phone number with people you want to talk to. It’s just there to create an account and can be hidden after that.

There is Session, that uses UUIDs for names with no phone number requirement, which is basically a fork of Signal with decentralized Loki on top of it.

Not all of them work, and most require some details to create.

That might work in most places, but there are countries that only sell pre-paid cards with ID registration.