The Free Software projects in question: Tor, Let's Encrypt, and F-Droid
I did not knew that Tor was getting funded by the american state. Thats giving me some spooky vibes.
One theory is that Tor was opened to the public by the United States Naval Research Laboratory only to create a crowd of users for their agents to hide in. You need a large enough anonymity set for these sorts of technologies to work.
More exactly by Defense and secret services
F me
Well, at least the one he used for thruth is safe (mastodon IIRC?)
Wait you guys were getting paid to work on open source?
the guy is literally a political front for techbros, it's not like he would do something else.
Those mf build their empires on the back of open source.
As far as Let's Encrypt goes, the easy way to solve that is self-signed SSL certificates and Tofu. Just make it stupid obvious if an SSL certificate changes on a site that you go to. Like, turn your browser into a giant red screen that says that the security of the website has changed and may be broken obvious. Maybe you could have search engines also index SSL certificates so you could see if Google and Bing and DuckDuckGo and whoever else all say that this website has the same SSL certificate that it has had for X amount of time and if the search engines start showing different results you get suspicious.
Edit: Using self-signed certificates and tofu fits better with the decentralized ethos of the original web anyway since you're not relying on some third-party authority to tell you what's safe and what's not.
i don't think this is a good idea. govs could just set up a big reverse proxy for lots of sites to serve them with their own certs, and you wouldn't know
Seems like no change from right now, because currently the certificate authorities are centralized entities, which could be pressured by governments to add their own certificates.
Never heard of tofu before (the software). What is it?
I had heard about DANE and how that would help in scaling back the need for big CAs but I could never grasp how one would do that. Do you know about it? I'm looking for someone to explain it to me.
Tofu stands for Trust on First Use. So basically, you would get an SSL certificate from the website the very first time you connected to it, instead of trusting a certificate authority. Then, if the SSL certificate changed, you would then be warned that the certificate had changed and would have to decide whether to trust the new certificate or not trust the new certificate. That's why I said perhaps search engines could index certificates and tell you how long the certificate has been active and you could check several engines quickly to determine whether each engine has the same certificate indexed for the same website and if they did not then you would know something might be up.
Delta Chat was one of the FOSS projects affected: https://chaos.social/@delta/114211300446944585
This is terrible news, anyone know of alternatives to let's encrypt?
they have more sponsors and won't go broke because of this
HTTP works pretty well, if you don't mind various governments spying on the traffic.
Make America great again
The solution to this is simple. A change to the MIT license to bar .gov projects to use the open source projects.
Trump needs that money for his big boy parade.
This is it... This is the last straw!!! I was ok with the destruction of free trade, I was ok with the genocide funding, I was ok with the bastardisation of the administrative branch, and I was absolutely okay with the racism!!! But this, THIS??? ABSOLUTELY UNACCEPTABLE!!! As a MAGA supporter, I cannot stand for this any longer! You should be dismantling the minorities, not my website!!!
/s
Well, tbh. If its my last time being president, I would also burn everything to show how the country sucks an is irrepairable.
