‼️ Comunità XMPP:
📢 Annuncio: Eventi mensili in italiano sulla messaggistica XMPP! 🇮🇹
Trovate il video dell'XMPP Happy Hour di aprile nel canale Peertube https://video.xmpp-it.net/c/happyhour
della comunità italiana degli utenti XMPP: https://www.xmpp-it.net/
🌟 Unisciti a noi per partecipare alle discussioni, e incontrare altri appassionati di XMPP. 🚀
Freedom requires no-lock in, which is why we self host domains, don't we? Rather than building on somebody else's domain. Oh, you use Gmail. Still?! 🤦♂️
Our desire for ease in a difficult world is what betrays us.
So freedom requires we make the following easy to obtain:
Prof. David Erdos has shared his latest (excellent) research “showing i) little UK GDPR enforcement, ii) worrying gap with formal law expectations & iii) limited accountability for this.”
A less polite version would be: the 🇬🇧 government has demonstrated how a law on the books it dislikes (the General Data Protection Regulation) can be undermined by the appointment of supine or actively hostile Information Commissioners. (As prime minister, Margaret Thatcher was against its predecessor Data Protection Directive from the start; not much has changed.)
I hope the European Commission is not going down the same route with the Digital Markets Act’s Art. 7 (on NIICS interoperability), which it was hostile to from start (early 2020) to finish (enforcement). Legislators learned from the GDPR that it is too easy for national regulators to be deliberately undermined by governments looking to attract technology firm investment (see also: Ireland and Luxembourg). The Commission therefore has a central enforcement role. So I’m especially disappointed by the flimsiness of its finally-published decision not to designate iMessage as a DMA gatekeeper NIICS. It hardly justifies the “exceptional” non-designation decision (Art. 3(5)), or “manifestly call[s] into question” the quantitative tests it meets [1]. I wonder if Meta now feels slightly foolish to have obeyed that provision in (somewhat) good faith 🫠
I still remember the jaw-dropping moment the new 🇬🇧 Information Commissioner in 2009 told a law conference (just about his first public appearance) he didn’t think data protection law should apply to the private sector. (He previously ran the advertising “self-regulatory” Advertising Standards Authority.) It’s fortunate indeed for GDPR enforcement it contains rights of private action, so effectively taken up by Max Schrems. Meanwhile, the Commission’s lack of legal action to force some member states to properly implement the legislation, enchantment with mass surveillance/data retention, and some of its adequacy decisions, are much less impressive than the Court of Justice’s judgments on Schrems’ two cases.
I was reminded last week talking to a BigTech competitor these much smaller firms have to be extremely cautious about upsetting a company they may rely on for key resources, and the Commission has spent most of its time preparing for DMA enforcement talking to those two groups. So perhaps Schrems’ None of Your Business, or something similar, will have to take up the rights of the individuals the legislation is ultimately supposed to help 🤷🏻♂️ Fortunately the DMA also contains rights of private action, as well as the ability of organisations to take representative actions (thanks to campaigning by consumer and digital rights groups in its final stages). As with the Schrems I and II cases, these apparently small issues can ultimately have enormous global impact [2].
[1] Where does the DMA talk about the relative intensity of use of one core platform service versus another? This provides two of three reasons for the decision! Who cares if iMessage for Business is lightly used, given it’s likely iMessage itself is used by many microbusinesses, very few of whom I imagine were part of the “corporate users of iPhone to whom the Commission reached out during the market investigation”? Really, the EC didn’t even bother with a large-scale survey, and/or demand data from Apple?
I also heard from an impeccable source Apple threatened to withdraw iMessage from the EU if it had been DMA-designated. The EC should not be rewarding such blackmail, even if it was highly likely to be a bluff.
[2] For now, we might have to rely on technology and philanthropy to improve messenger interoperability, such as this great project: a cross-platform, memory-safe OpenMLS library to enable interoperable, end-to-end encrypted messaging (E2EE) in multiple clients, combining “Matrix’s decentralized and federated infrastructure with Signal’s low metadata footprint.” 🎯
What’s happening with TikTok in the US is a strong reminder about the vulnerability of centralized platforms to censorship and surveillance. The Open Technology Fund notes Signal “provides a high level of metadata protection, but is centralized and thus easily censored. In addition, Signal cannot efficiently provide E2EE for large-group communications.” I hope Signal will move in this direction over time, as well as towards interoperability with other platforms implementing its own protocol (with metadata guarantees) as well as the IETF’s open Messaging Layer Security standard.
Very worthwhile read on the fallacy, yes fallacy of "if you're not paying, you are the product".
@pluralistic argues that this implies you have some power from paying because you can stop.
But the reality is different: if you are locked in you won't stop so your payments have no leverage. So we can't make companies behave by paying for services.
The key is freedom from lock in, #interoperability and #privacy. That's what would help, not being able to pay for privacy.
I’m the current editor of the Vision for W3C and helped get it across the line this year to reach #w3cAB (W3C Advisory Board @ab) consensus to publish as an official Group Note, the first official Note that the AB (Advisory Board) has ever published.
I’m very proud of this milestone, as I and a few others including many on the AB¹, have been working on it for a few years in various forms, and with the broader W3C Vision TF² (Task Force) for the past year.
W3C also recently announced the Vision for W3C in their news feed:
One of the key goals of this document was to capture the spirit of why we are at #W3C and our shared values & principles we use to guide our work & decisions at W3C.
If you work with any groups at W3C, anything from a Community Group (CG) to a Working Group (WG), I highly recommend you read this document from start to finish.
See what resonates with you, if there is anything that doesn’t sound right to you, or if you see anything missing that you feel exemplifies the best of what W3C is, please file an issue or a suggestion:
Check that list to see if your concerns or suggestions are already captured, and if so, add an upvote or comment accordingly.
Our goal is to eventually publish this document as an official W3C Statement, with the consensus of the entire #w3cAC (W3C Advisory Committee).
One key aspect which the Vision touches on but perhaps too briefly is what I see as the fundamental purpose of why we do the work we do at W3C, which in my opinion is:
To create & facilitate user-first interoperable standards that improve the web for humanity
“Interoperability: We verify the fitness of our specifications through open test suites and actual implementation experience, because we believe the purpose of standards is to enable independent interoperable implementations.”
These are both excellent, and yet, I think we can do better, with adding some sort of explicit statement between those two about that “We will” create & facilitate user-first interoperable standards that improve the web for humanity.
In the coming weeks I’ll be reflecting how we (the VisionTF) can incorporate that sort of imperative “We will” statement about interoperable standards into the Vision for W3C, as well as working with the AB and W3C Team on defining a succinct updated mission & purpose for W3C based on that sort of input and more.
In a related effort, I have also been leading the AB’s “3Is Priority Project³” (Interoperability and the Role of Independent Implementations), which is a pretty big project to define and clarify what each of those three Is mean, with respect to each other and Incubation, which is its own Priority Project⁴.
As part of the 3Is project, the first “I” I’ve been focusing on has unsurprisingly been “Interoperable”. As with other #OpenAB projects, our work on understanding interoperability, its aspects, and defining what do we mean by interoperable is published and iterated on the W3C’s public wiki:
This is still a work in progress, however it’s sufficiently structured to take a look if interoperability is something you care about or have opinions about.
In particular, if you know of definitions of interoperable or interoperability that resonate and make sense to you, or articles or blog posts about interoperability that explore various aspects, I am gathering such references so we can make sure the W3C’s definition of interoperable is both well-stated, and clearly reflects a broader industry understanding of interoperability.
#EU#DMA#WhatsApp#Cybersecurity#Interoperability#Encryption: "Europe’s DMA mandates that interoperability should not weaken security and privacy: “The level of security—including end-to-end encryption where applicable—that the gatekeeper provides to its own end-users shall be preserved across the interoperable services.”
This was always going to be a near impossibility. End-to-end encryption with endpoint assurance clearly only works where the two “ends” can actually be assured, which means—realistically—they are the same. Two WhatsApp or iMessage or Signal apps. DMA envisages a world where Signal messages might be sent to WhatApp users. And that so-called interoperability, by its very nature, breaks that model.
As EFF warned back in 2022, “requiring interoperability without unacceptable tradeoffs in security or privacy is a very high hurdle, one that might turn out to be insurmountable.”
Does anyone know what #Friendica is missing to correctly generate post link previews on remote systems? #OpenGraph#Interoperability
When a Friendica post is linked on any social network, it is never possible to preview it (unlike what happens with Mastodon or Pleroma: perhaps does it depend on the absence of open graph tags?) · Issue #13959 · friendica/friendica
Oh yeah, and btw, thanks to #XMPP I deleted my Matrix account and got rid of Element and Signal on my phone !! 😎
Couldn't be happier nor more satisfied !! 😁🌈😁
#20Initiatives - Building strong supervision of Justice and Home Affairs Interoperability Framework
With the new framework for #interoperability, #EDPS is preparing for effective enforcement to protect the rights of non-EU citizens travelling to EU https://europa.eu/!xKNmTw#EDPSXX
News from the machine room: the pure #rust end-to-end encryption engine, "rpgp", saw quite some work and a new release in recent weeks and now @hko released a higher level "rpgpie" interface for application developers ( see https://fosstodon.org/@hko/111997998005869515 ) which also powers running the IETF #OpenPGP#interoperability test suite quite successfully .... Delta Chat's security-audited encryption engine is in fact used from several other projects and in other contexts these days and we are happy about it!
I don't like the use of the word "fight" here, but this is a good overview of the issues and what's at stake.
Money quote: "Soon, Meta’s Threads app plans to become interoperable with ActivityPub networks like Mastodon. Flipboard and #Automattic, owner of #WordPressDotCom and #tumblr are also betting on ActivityPub."
The US government makes a $42 million bet on 5G Open RAN (O-RAN) cell networks
The US government has committed $42 million to further the development of the 5G Open RAN (O-RAN) standard that would allow wireless providers to mix and match cellular hardware and software, opening up a bigger market for third-party equipment that’s cheaper ...continues
We are positively overwhelmed with the outpouring of support 🚀
People are responding to our call for help! We've also had a number of smaller organizations show up and begin the process of becoming supporting members.
This is encouraging progress, though we still have a lot of work to do to hit our fundraising goals.
WhatsApp shared first details on how they will comply with the #DMA. We are critical of the Signal protocol, as there has never been a complete specification that allows others to implement the protocol securely. This has been one of the main reasons to develop MLS. We co-initiated the MIMI working group to build a protocol around MLS to enable #interoperability between different messengers in a secure and privacy preserving way.