Discussion | Update Software Criteria #1020
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1020
Loading…
Reference in New Issue
No description provided.
Delete Branch "patch-2"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The Issue: As privacytools.io has grown more criteria for products has been added,
For instance VPNs must be "outside the US, use encryption, accept Bitcoin, support OpenVPN and have a no logging policy."
The software criteria in the contributing guidelines has not updated with this.
What do you propose?
Basically the same, just renamed to "main" and added prioritize decentralization.
For instance, privacytools.io doesn't recommend
social media
it recommendsDecentralized Social Networks.
I also added source_code.md (if applicable) line(s).
Example: https://www.privacytools.io/classic/#ukusa
Basically the same as listed on the website.
Basically the same as listed on the website.
Hardware, sections aren't yet in use but there are many discussions for it.
Basically, it must work with any Linux-OS (+most BSD distros) and prioritize certified hardware.
Wasn't sure what privacytools.io stance on freedom is, but I assumed you follow the GNU Foundation.
Either way, basically all of the listed software is free software.
I also added must have a safe way to get stuff, users should be able to trust the connection.
I kinda added this one, but basically encryption should be verifiable.
Just kinda followed the website.
But what about____?
I take the belief that software can never be complete, feel free to throw ideas or debate my code.
Edits from maintainers are always welcome.
Edit: Edited main to add line for source_code.md.
Deploy preview for privacytools-io ready!
Built with commit
01cac41f35
https://deploy-preview-1020--privacytools-io.netlify.com
This is a large problem and I don't currently have the capability to discuss this much more than I added review comments.
Shouldn't this also include data portability?
Typo, "encryted". Would you require this ability out of the box or can it be opt-in? I think Debian still comes without
apt-transport-https
preinstalled and I have no idea on the deriatives.@ -24,0 +28,4 @@
- Prioritize Products by privacy respecting nationality.
### VPN
- Prioritize Products by privacy respecting nationality.
I think https://github.com/privacytoolsIO/privacytools.io/issues/914 should be discussed first.
@ -24,0 +41,4 @@
- Accessable Using Free Software (i.e IMAP)
### Hardware
- Must be [H-Node Class A](https://h-node.org/wiki/page/en/compatibility-classes) or Equivlant (if applicable)
I am not very familiar with this subject, #904.
@ -24,0 +44,4 @@
- Must be [H-Node Class A](https://h-node.org/wiki/page/en/compatibility-classes) or Equivlant (if applicable)
- Must prioritize hardware certifications like [RYF](https://ryf.fsf.org/), [OSHWA](https://certification.oshwa.org/), and OSI when avalible.
- Cannot lock users to a particular platform.
Aren't phones kind of doing that?
Yes. I will add this.
@Mikaela The key idea is that if one service becomes no longer private.
I made sure to state "easy" because, this was originally aimed at social services.
But services like Bitwarden which allow you to "easily" export data to other formats should also count.
@ -24,0 +44,4 @@
- Must be [H-Node Class A](https://h-node.org/wiki/page/en/compatibility-classes) or Equivlant (if applicable)
- Must prioritize hardware certifications like [RYF](https://ryf.fsf.org/), [OSHWA](https://certification.oshwa.org/), and OSI when avalible.
- Cannot lock users to a particular platform.
- Cannot lock users to a particular platform.
Most android phones now support Lineage OS.
Although, I personally recommend hardware with few non-free drivers like the ones sold by Technoethical.
Other upcoming manufacturers like Rufus Tech / ThinkPenguin, Purism, or Pine64
*
should*
also be compatible.Apple Phones in most cases can run forced security updates. We don't know what the future IPhone will look like. Will it be secure? Will it be private?
@Mikaela Thanks, I will fix the typo.
I believe Debian uses GPG encryption by default. If a mirror or something supports encryption, then it should be ok.
Although, you may want to consider adding a warning. The goal is that users will use encryption where possible.
TL;DR Opt-in would be compliant with the current wording.
For instance, I think PeaZip doesn't support HTTPS by default, you must use SourceForge.
No, Debian just signs updates with GPG by default, anyone can see what you are downloading and one argument against https protected updates is that from the package sizes it can be figured out what one is downloading. I still believe https should be used by default as there are those apt vulnerabilities coming out at times with http mirrors.
At the moment I am using https://onion.debian.org/ mirrors though.