Nostr notes by Tommaso Gagliardoni

BREAKING! Meshcore team splits over dispute over AI-generated ...

2026-04-24T03:47:18Z

BREAKING! Meshcore team splits over dispute over AI-generated code disclosure, and hostile trademark takeover.

Meshcore is an off-grid, decentralised mesh radio platform powered by low-cost and public access LoRa radio technology for reliable, long-range emergency text and embedded sensors communication. It can communicate across kilometres — no towers, no subscriptions, no single point of failure.

https://blog.meshcore.io/2026/04/23/the-split

#meshcore #meshtastic #lora #radio #opensource #foss #drama #privacy #security #selfsovereignty #ai #copyright #takeover

it is becoming increasingly clear how critical this observation ...

2026-01-28T14:42:47Z

In reply to nevent1q…4d3w
_________________________

it is becoming increasingly clear how critical this observation is. Considering Zooko's triangle ( https://en.wikipedia.org/wiki/Zooko%27s_triangle ), I am getting more and more convinced that anything that does not rely on a cryptographic identity is a waste of time in the long run. Yes, even Mastodon.

DNS -> Namecoin
Mastodon -> Nostr
Signal -> Jami/Briar/SimpleX/Etc

Yes, I know that many of these alternatives carry a questionable philosophical/cultural background. But, from the technological point of view, they are probably the way to go.

Commerzbank (one of the largest German banks) just banned ...

2026-01-07T08:47:00Z

Commerzbank (one of the largest German banks) just banned GrapheneOS:

> [> https://>; discuss.grapheneos.org/d/28440> -commerzbank-one-of-the-largest-german-banks-bans-grapheneos](https://discuss.grapheneos.org/d/28440-commerzbank-one-of-the-largest-german-banks-bans-grapheneos )

There is literally *zero* reason why banking apps shouldn't work on GrapheneOS, and yet so many European financial institutions prefer to rely on the security assurances of megacorporations controlled by a foreign country.

At least I hope that the current geopolitical madness will contribute to stopping this plague.

#google #android #aosp #grapheneos #lineageos #bigtech #enshittification #security #privacy #digitalsovereignty #usa #eu #europe #politics #germany #commerzbank

Here's another thing I didn't need today: "Digital ...

2025-11-11T09:07:20Z

Here's another thing I didn't need today: "Digital Omnibus". EU antitrust chief Henna Virkkunen will present to the EU Commission on November 19th a series of amendments to European data protection guardrails, which would substantially weaken GDPR and other privacy protections, and explicitly allow large AI companies unlimited access to the data of EU citizens and even to their digital devices. This is done in order to *"placate US industry"* (yes, seriously), and proposed through a stealthy "fast-track procedure", which we know of only because some media outlets obtained a leaked draft of the proposal.

https://gagliardoni.net/#20251111_digital_omnirape

"Digital Omnibus" is not a catchy term, we need something better. I propose "Digital Omnirape".

Here are some scary quotes:

> According to the plans, Google, Meta Platforms, OpenAI and other tech companies may be allowed to use Europeans' personal data to train their AI models based on legitimate interest. In addition, companies may be exempted from the ban on processing special categories of personal data [religious or political beliefs, ethnicity, sexual preferences, or health data].

> Companies can now remotely access personal data on your device for [...] "legitimate interest". Consequently, it would be a possible reading of the law that companies such as Google can use data from any Android apps to train it's [sic] Gemini AI.

> One massive change (on German demand) is to limit the use of data subject rights (like access to data, rectification or deletion) to "data protection purposes" only. Conversely, this means that if an employee uses an access request in a labor dispute over unpaid hours – for example, to obtain a record of the hours they have worked – the employer could reject it as "abusive". The same would be true for journalists or researchers.

#digitalomnibus #digitalomnirape #omnirape #eu #politics #gdpr #privacy #ai #google #meta #facebook #openai #ml #lobbying

just to be clear, I think OMEMO encryption is basically fine ...

2025-10-21T13:24:46Z

In reply to nevent1q…jfn4
_________________________

just to be clear, I think OMEMO encryption is basically fine enough, but not everyone is of the same opinion: https://soatok.blog/2024/08/04/against-xmppomemo/

Today's AWS debacle is the perfect example of the reason why ...

2025-10-20T21:17:01Z

Today's AWS debacle is the perfect example of the reason why in the last few years I started to be less enthusiastic about Signal, and more oriented to federated or even P2P solutions like XMPP and Jami. I wrote about it already:

https://gagliardoni.net/#im_battle_2025

Signal was down for few hours today, after an outage that affected AWS:

https://mastodon.world/@Mer__edith/115405436746725236

Let's ignore for a second the blind reliance on AWS or any other cloud provider. In a decentralized system, this would not have happened, or at least it would have not impacted so many users.

Yes, I am a cryptographer myself, I know that Signal's encryption is the best. But encryption is not everything. Availability issues, geopolitical troubles, risk of enshittification, limitations on users' freedom to use and control the software lead to a lack of trust, even in a supersecure solution. And I say that with honest admiration for the folks at Signal, who are doing a great job.

May they prove me wrong over and over again.

#signal #im #aws #amazon #privacy #security #digitalsovereignty #selfhosting #fediverse #federation #p2p #enshittification #xmpp #jami #politics #opensource #freesoftware #libre

Some big news regarding mobile OSes: First, Graphene OS has ...

2025-10-15T09:45:29Z

Some big news regarding mobile OSes:

First, Graphene OS has confirmed a partnership with a large OEM to bring support to non-Pixel devices (Snapdragon SoC):

https://piunikaweb.com/2025/10/13/grapheneos-ending-pixel-exclusivity-new-oem/

This is good news, but IMHO it only delays the unavoidable demise of free AOSP-based projects since Google is now finally pulling the rug.

Second, the FSF announced Librephone, an initiative to bring real freedom to mobile devices:

https://www.fsf.org/news/librephone-project

This is also good, but it must be taken in the right perspective: Librephone, as far as I understand it, is *not* a new mobile OS, but rather an initiative to open-source existing proprietary firmware blobs. AOSP-based open source OSes like Lineage, Graphene, and even /e/OS, will hopefully benefit from this initiative, by being able to replace binary blobs with open-source firmware. But they still remain AOSP-based solutions, and therefore bound to the Google ecosystem.

There are two problems here that really need to be addressed.

The first one is political. Legislators and citizens must come to acknowledge that a democratic society where the full mobile ecosystem is in the hands of a corporate duopoly is *not acceptable*.

The second one is technological: AOSP is not a fully free OS, it's a trojan horse, a trap set by Google years ago that is springing right now. We need to move away from Android and embrace full GNU/Linux solutions, or even something completely new, at this point I don't even care. I've heard good opinions of Postmarket OS. Any feedbacks here?

Say what you want about Richard Stallman, but he saw this coming.

#android #aosp #google #lineageos #grapheneos #eos #postmarketos #libre #foss #floss #opensource #privacy #security #surveillance

Stop calling it "sideloading". Call it ...

2025-10-13T18:34:18Z

Stop calling it "sideloading". Call it "installing" instead, as it should be.

If you're "installing" from the Play Store, call it "Googleloading" instead.

Word choice is important. Make the legislators understand what's going on here.

#google #android #aosp #politics #enshittification #surveillance #sideloading #control #antitrust #monopoly #privacy #digitalsovereignty

We have to stop the Google/Apple mobile duopoly. And we have to ...

2025-09-29T11:42:52Z

We have to stop the Google/Apple mobile duopoly. And we have to stop the marching enshittification of society. More concretely, we have to fight back against Google's attempt to lock-down the whole Android ecosystem.

https://f-droid.org/2025/09/29/google-developer-registration-decree.html

This is something that any sane regulatory body should forbid.

#google #apple #android #aosp #fdroid #privacy #security #enshittification #surveillance #mobile #politics

LinkedIn now enables "use my data for AI training" by ...

2025-09-21T08:42:13Z

LinkedIn now enables "use my data for AI training" by default. You have to go to Settings & Privacy -> Data Privacy to turn it off.

Opt-in by default should be illegal.

#linkedin #ai #privacy #ml #gdpr #eu

This made me chuckle. #debian #humor #ipv6 #y2k38 #hackernews ...

2025-07-28T13:58:12Z

This made me chuckle.

#debian #humor #ipv6 #y2k38 #hackernews

I understand your point, I don't necessarily agree but ...

2025-07-26T14:13:10Z

In reply to nevent1q…sk86
_________________________

I understand your point, I don't necessarily agree but it's clear that you put a lot of thought behind your stance, and I don't think it makes sense to argue about something very minor compared to the broader vision :)

On a related line, in the past I have thought a bit on how an implementation of "proper" Shufflecake PD would look like on mobile, but admittedly it seems hard, or at least so far I don't have good ideas. Let's keep this conversation open, our main focus for now is a fully hidden desktop OS (because we think it's more achievable), but yeah, a mobile version would be my personal wet dream. In the meantime, if you have already some ideas, or have started some thought work around it, please let us know, we'd be happy to collaborate at some point!

yes, I know how it looks like, in fact I tried it on a ...

2025-07-26T13:54:48Z

In reply to nevent1q…yz6c
_________________________

yes, I know how it looks like, in fact I tried it on a "semiclean device for testing" :)

But I can imagine many possible scenarios where I would rather accept the risk that a competent adversary spots the deception attempt, rather than having to wipe my device (maybe because I know for sure that the adversary is not competent, or because the data I have on the device are so low-risk that I'd rather not go through the hassle of wiping the phone, or for whatever other reason).

Anyway, that's just my 2C. I know you are busy with other higher priority things, but please, please consider adding this in the future. Thanks!

I'm the admin of the Shufflecake Mastodon profile, but ...

2025-07-26T13:36:43Z

In reply to nevent1q…4dem
_________________________

I'm the admin of the Shufflecake Mastodon profile, but chiming in as personal statement. Yes, you are absolutely right that plausible deniability cannot be reached properly at the user level, I think many users who requested the feature of decoy PIN are aware of that and that was never in question. But here the request is to provide this kind of "poor man's" PD along the normal duress PIN, i.e. one PIN to wipe the device, one PIN to try to fool the adversary. Because, sure, one possible threat is Cellebrite extraction, but another possible threat is the thug gang forcing you to unlock your banking app at knife point, or maybe something entirely different that neither you nor I can predict. Why not leave the choice to the user? Thanks.

ETHZ and EPFL announced the release of a Large Language Model ...

2025-07-11T21:07:35Z

ETHZ and EPFL announced the release of a Large Language Model (LLM) developed on public infrastructure: Trained on the “Alps” supercomputer at the Swiss National Supercomputing Centre (CSCS) in 8B and 70B parameters configurations, using open-source training data, respecting web crawling opt-outs during data acquisition, and natively fluent in over 1000 languages. Quoting: "The model will be fully open: source code and weights will be publicly available, and the training data will be transparent and reproducible".

I don't know how good it's going to be, but if true for me this is the real definition of "open-source" in AI (not the ridiculous, corporate-promiscuous definition by the Open Source Initiative).

https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html

#AI #LLM #ETH #EPFL #switzerland #eu #sovereignty #digitalsovereignty #opensource #osi #openwashing #privacy #gdpr

In a move that surprises absolutely noone, GitHub now requires ...

2025-05-14T07:16:47Z

In a move that surprises absolutely noone, GitHub now requires users to login in order to browse public repositories (including open source projects). After a few (~10) requests, you get blocked (I can confirm). In order to fight AI scrapers, I guess.

So, GitHub decided to blanket-limit access to open source projects as a defense against the very scourge that they(r parent company) unleashed on the world.

I won't be hypocrite: it's a bit embarrassing, but undeniably satisfying to say "told you so". I moved away from GitHub long ago and I moved all my stuff to Codeberg instead. And so happy I did!

Next step: radicle.xyz maybe?

https://github.com/orgs/community/discussions/159123

#github #microsoft #openai #codeberg #ai #ml #llm #enshittification #foss #floss #opensource #radicle

I have been thinking for a while about the issue of anonymity in ...

2025-05-03T23:35:14Z

I have been thinking for a while about the issue of anonymity in Web3 (and, more in general, anonymous transactions). The growing realization of the damage caused by decentralized financial technologies is nagging my cypherpunk self, who has been at war for a lifetime against invasive tracking, manipulative marketing, and surveillance capitalism. I collected my thoughts here: https://gagliardoni.net/#20250427_privacy_compliance

Spoiler alert: I'm not endorsing backdoors, but I think some middleground solution must be found.

#horizenlabs #crypto #cryptography #privacy #compliance #aml #kyc #anonymity #web3 #gnutaler #bitcoin #monero #zcash #tornadocash

Can someone share any number about how Black Hat (and DEF CON) ...

2025-03-31T19:31:48Z

Can someone share any number about how Black Hat (and DEF CON) negotiates the instructor's share for Trainings? On the website:

https://www.blackhat.com/call-for-training.html

Is written:

"Payment is negotiated directly with each individual Trainer."

So, say that I propose a course for 1000 USD / student and I get 20 students registered and paying. What share of those 20'000 USD does BH/DC offer me usually?

#blackhat #bh #defcon #cybersecurity #BlackHatTrainings #askingforafriend

I've finally set up two users account on Graphene OS in such ...

2025-01-10T11:20:46Z

I've finally set up two users account on Graphene OS in such a way that I get full isolation between a private, FOSS-only main user, and a Google-infested, work-only user, so I don't have to carry two phones with me. It works pretty well. Yay!

Two problems left:

1. Contactless payments not working. Oh well, I've always used cash. But the *reasons* [https://discuss.grapheneos.org/d/475-wallet-google-pay] why they are not working is concerning. I dare to say that an antitrust investigation here is sorely needed. How did we arrive at the point that we allowed a monstrous duopoly to control such a basic piece of tech?

2. Need a way to make and receive phone calls and SMS via VOIP with a virtual mobile Swiss number on the work account. Any idea?

#foss #grapheneos #android #google #apple #voip #privacy #cypherpunk