SelfPrivacy Blog

• New Releases
• Version 0.12.0 Release
• Version 0.11.0 Release
• Version 0.10.0 Release
• Version 0.9.0 Release
• Version 0.8.0 Release
• Version 0.7.0 Release
• Version 0.6.0 Release
• Version 0.5.0 Release
• SelfPrivacy Blog
• The European Union must keep funding free software

New Releases

Version 0.12.0 Release

Highlights

• You can now change the settings of your services — this includes changing subdomains!
• Monitor your server’s CPU, Network and RAM usage with the stats from your server itself.
• You can now see the memory consumption of your services.
• Recovery process now allows you to skip the provider token during recovery.
• View system logs from the app, without SSH.
• Jobs statuses (such as server rebuilds) are now updated in real time.

Changelog

Features

• Enabled the following languages:

  • Japanese (#528)

• Monitoring: You can now view CPU, Network and RAM stats from the server (#532)

• Recovery: You can now skip the server provider token during recovery (#532, a step towards resolving #450)

• Recovery: Allow setting the provider token after the recovery (#532)

• Providers: You can now view the provider tokens status (#532)

• UI: Add a notification if the app doesn’t support the server API version (#531)

• Server: Server logs screen (#531, resolves #521)

• Services: Allow viewing service logs from the service screen (#532)

• Services: Service settings (#531)

• Update DNS records after actions that potentially require DNS changes (#531, resolves #523)

• Use Websockets to update server jobs status (#529, resolves #522)

• UI: Allow selecting text from Markdown articles (#524, resolves #470)

• Console: Obscure auth headers from console logs (#482)

• Jobs: Implement NixOS garbage collection job (#506)

• UI: List Tiles now have a circular border. (#482, resolves #463)

• Settings: Added language picker to the settings (#482, resolves #489)

• UI: Show the error screen when secret storage fails to load (#504)

• Console: Added an empty view when there are no logs in console yet. (#482, resolves #492)

• Backups: Show how much space a service uses on backup (#500, resolves #434)

• Installation: Add country names to installation process (#501, resolves #494)

• Console: Reworked app console. (#482)

• UI: Infobox draws itself in a single row if there is enough space. (#482)

• Services: You can now copy a link on the service page (#461, resolves #452)

• Services: You can now open the service screen by tapping the service disk usage card (#446)

• Installation: Remove the “I already have a server” button after starting the installation (#497, resolves #414)

Bug Fixes

• UI: Remove black bars on top of some pages (#531)
• UI: Fix missing server settings page title (#482, resolves #510)
• Docs: Update the manual on how to get token from the SSH (#509, resolves #471)
• Packaging: Flatpak builds didn’t work (#504)
• Devices: The new device key can now be selected and copied. (#482)
• UI: Fixed scrollbars on desktop builds. (#482)
• Backups: Filter disabled services from create backups screen (#499, resolves #433)
• UI: Add a subtitle for the “Jobs list” button (#462)
• Docs: Digital Ocean DNS used wrong manual

Translation contributions

• Polish

  • Thary (3)

• Ukrainian

  • TabithiS (39)

• Estonian

  • Dmitri B. (35)

• Japanese

  • shirahara (566)

• Kazakh

  • TabithiS (509)

• Russian

  • Thary (2)
  • NaiJi ✨ (10)
  • Inex Code (82)

• Belarusian

  • Thary (33)
  • misterfourtytwo (28)

Patch 0.12.1

Features

• Accessibility: Add screen reader descriptions for graphs (#554)
• Jobs: When Jobs websocket subscription disconnects, fall back to usual queries for two minutes (#550, resolves #542)
• Metrics: Implement disk usage metrics (#538)
• Developer settings: Add server info to developer settings (#560)

Bug fixes

• UI: Disk chart had too many horizontal grid lines (#560)
• UI: Progress bar used the same shade of gray regardless of user preferences (#560)
• UI: Onboarding views were getting out of safe area (#560)
• App console: When app logs are paused, on incoming queue overflow, the main buffer was cleaned up instead (#560)
• Installation wizard: Implement better error messaging for providers token check (#558, resolves #508)
• Server logs: Show server logs timestamps in a local timezone (#552, resolves #540)
• Backups: Backups encryption key couldn’t load (#551, resolves #543)
• Services: Make text gray for disabled service options (#549, resolves #544)
• Services: Do not show the service link for disabled services (#548, resolves #547)
• Jobs: Open the jobs screen when starting the system garbage collection (#560, resolves #541)

Translation contributions

• Russian

  • NaiJi ✨ (1)
  • Inex Code (70)

• Estonian

  • Dmitri B. (65)

Patch 0.12.2

Vulnerability disclosure

This release contains a fix for a security vulnerability. We recommend updating as soon as possible.

UnblvR discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.

While we believe the risk of exploitation is low, we recommend that you update the token on your original device:

1. Update the app to the latest version.
2. Go to the Devices screen at the “More” section.
3. Make sure that your device is named “Initial device”. If it’s not, do the steps on that initial device instead. If you don’t have access to that device anymore, revoke the access for that device by tapping it in the list below.
4. Tap on the “Initial device”. The app will ask you if you want to refresh the token. Tap “Confirm”.

Only the token of the initial device might be vulnerable. Tokens of other devices and backups encryption key are generated by your server with a secure random number generator.

Servers created with this version and newer will not be vulnerable to this.

We would like to thank UnblvR for the responsible disclosure of the vulnerability.

Features

• Allow refreshing device token for Server API (#565)
• Upgrade Flutter to 3.24.0 (#562)

Bug fixes

• i18l: Resolve word puzzles (#566)
• Use the cryptographically secure random number generator (#565)
• Remove hardcode for recovery support articles (#563, resolves #251)
• Volume resize function didn’t work due to logical error

Translation contributions

• Estonian

  • Dmitri B. (9)

• German

  • Philipp Weiermann (23)

• Russian

  • Inex Code (24)

Version 0.11.0 Release

Changelog

Features

• Enabled the following languages:

  • Arabic
  • Estonian
  • Kazakh
  • Chinese (Simplified)

• Server management: Add ssh settings (#477)

• UI: Server settings is now a separate screen (#477)

• UI: The new About page now contains links to our support channels (#464, resolves #339 and #170)

• Jobs: Now you can track the result of jobs, and the progress of the server rebuilds and upgrades (#440, resolves #254)

• UI: On iOS, use the Curpentino bottom navbar (#483)

• UI: Use Curpentino widgets where possible on iOS (#483)

• Jobs: Block starting client-side jobs when the server is rebuilding or moving a service (#477)

• UI: On the bottom bar, show all labels, not only the selected one (#458, resolves #454)

• UI: Move provider card titles to the top row (#449, resolves #448)

• Unified management of API connection to the server: the app should be now more reactive to changes (#440)

• UI: Onboarding page now looks better on big screens (#444)

Bug Fixes

• UI: Card titles no longer overflow on small screens (#483, resolves #476)
• DNS: Detect the situation when we have faulty link-local IPv6 records (#473)
• DNS: Do not include faulty link-local DNS records in the list of found records (#475)
• UI: Fix the empty server confirmation screen during recovery (#474)
• UI: Fix the misleading value of “Do not verify TLS” (#468)
• Jobs: When you return the server settings value back, the job to change the setting is deleted (#440, resolves #166)
• Jobs: When removing all completed jobs, optimistically delete them in UI first (#440, resolves #277)

Other

• Binds migration screen is now in Developer settings, as it is no longer needed on API 3.0, but might still be helpful for stuck servers.
• Remove the server deletion function (#484)

Translation contributions

• Kazakh

  • TabithiS (133)

• Chinese (Simplified)

  • Nil (545)

• Polish

  • TabithiS (52)

• Russian

  • Inex Code (43)

• Hebrew

  • Yaron (17)

• Estonian

  • Dmitri B. (536)

• Thai

  • Inex Code (2)

• German

  • Inex Code (14)
    • Based on anonymous suggestions

• Ukrainian

  • Nagibator Nagibuchiy (18)
  • TabithiS (26)
  • Meko (93)

• Arabic

  • Deem Alosili (656)

Version 0.10.0 Release

Changelog

Features

• Server installation: New NixOS version is used during server setup (#415)
  • It is also possible to set a root SSH key during server setup. This feature can be activated in developer settings.
• DNS management: DNS records creation dynamically gets desired records from the server now (#424, resolves #265)
• UI: Add the button to copy password on the new user creation screen (#409, resolves #299)
• UI: Add animation to the recovery key screen (#410, resolves #164)
• Backups: Bucket name now includes the date of creation (#403, resolves #263)
• UI: Snapshots List page now shows the button to open the Jobs sheet (#396, resolves #290)
• Server installation: Implement better domain ownership check during installation (#394, resolves #389)
• UI: Implement flexible precision formatting for prices (#387)

Bug Fixes

• UI: Domain name no longer overflows the screen (#422, resolves #408)
• UI: Fix overflow of the filled buttons
• Hetzner: Filter away ARM architecture from available servers (#404, resolves #402)
• UI: Add refresh indicator on the ‘Devices’ screen (#398, resolves #258 and #163)
• GraphQL API: Force DateTime to UTC when timezone naive (#386, resolves #385)

Other

• Updated the copyright year (#417)
  • Happy new year!
• Upgrade to Flutter 3.16.1
• Rename the Recovery flow button to prevent user confusion (#399, resolves #346)
• GraphQL API: Remove and replace deprecated mutations (#423, resolves #418)

Translation contributions

• French

  • smtg (12)

• Spanish

  • NaiJi ✨ (35)

• German

  • Marvin F (23)
  • User 1234 (30)

• Hebrew

  • Yaron (578)

• Russian

  • def (4)
  • NaiJi ✨ (9)
  • Inex Code (10)

Version 0.9.0 Release

Changelog

Features

• New backups implementation (#228, #274, #324, #325, #326, #331, #332)
• DeSEC as a DNS provider (#211)
• DigitalOcean as a DNS provider (#213)
• Support drawer and basic support documentation logic unit (#203)
• Automatic day/night theme (#203)
• New router and adaptive layouts (#203)
• New Material 3 animation curves (#203)
• Add jobs button to the app bar of more screens (#203)
• Refreshed UI of modal sheets (#228)
• Support for XDG_DATA_HOME storage path on Linux for app data (#240)
• Accept-Language header for the server API (#243, resolves #205)
• Visible providers names during server recovery (#264, resolves #249)
• Volume and IPv4 cost added to overall monthly cost of the server (#270, resolves #115)
• Support for autofocus on text fields for keyboard displaying (#294, resolves #292)
• New dialogue to choose a domain if user DNS token provides access to several (#330, resolves #328)
• New app log console (#203)

Bug Fixes

• Fix opening URLs from the app (#213)
• Fix parsing of RAM size with DigitalOcean (#200, resolves #199)
• Devices and Recovery Key cubits couldn’t initialize right after server installation (#203)
• Fix BottomBar showing incorrect animation when navigating from sibling routes (#203)
• PopUpDialogs couldn’t find the context. (#203)
• Update recovery flow to use new support drawer (#203)
• Improve installation failure dialogues (#213)
• Privacy policy link pointed at wrong domain (#207)
• Remove price lists for DNS (#211)
• Implement better domain id check on DNS restoration (#211)
• Add forced JSON content type to REST APIs (#212)
• Remove unneded DNS check depending on CLOUDFLARE (#212)
• Add background for dialogue pop ups and move them to root navigator (#233, resolves #231)
• Make currency be properly shown again via shortcode (#234, related to #223)
• Add proper server type value loading (#236, resolves #215)
• Implement proper load functions for DNS and Server providers (#237, resolves #220)
• Prevent moving a service if volume is null for some reason (#245)
• Replace hard reset from server provider with direct server reboot (#269, resolves #266)
• Normalize Hetzner CPU usage percentage by cached amount of cores (#272, resolves #156)
• Change broken validations string for superuser SSH (#276)
• Don’t let service migration to start if the same volume was picked (#297, resolves #289)
• Wrap DNS check in catch to avoid runtime crash (#322)
• Implement Backblaze bucket restoration on server recovery (#324)

Refactor

• Migrate to Flutter 3.10 and Dart 3.0
• Migrate to AutoRouter v6 (#203)
• Get rid of BrandText and restructure the buttons (#203)
• Remove brand alert dialogs and bottom sheet (#203)
• Remove unused UI components (#203)
• Remove BrandCards (#203)
• Allow changing values for TLS settings
• Replace String shortcode with Currency class (#226)
• Rearrange Server Provider interface (#227)
• Remove unused service state getters (#228)
• Remove unused utils, add duration formatter (#228)
• Move rest api methods according to their business logic files positions (#235, partially resolves #217 and #219)
• Make flag getter a part of server provider location object (#238, resolves #222)

Translation contributions

• Ukrainian

  • FoxMeste (3)
  • Mithras (31)

• Latvian

  • Not Telling Lol (183)

• German

  • Mithras (41)
  • FoxMeste (213)

• Thai

  • FoxMeste (77)

• Polish

  • Mithras (41)
  • Thary (43)
  • FoxMeste (163)

• Slovenian

  • Mithras (212)

• Czech

  • NaiJi ✨ (2)
  • Mithras (109)
  • FoxMeste (308)

• Russian

  • FoxMeste (4)
  • Revertron (8)
  • NaiJi ✨ (23)
  • Mithras (54)
  • Inex Code (59)

• Slovak

  • Mithras (29)
  • Revertron (396)

• Macedonian

  • FoxMeste (7)

• Belarusian

  • Thary (1)
  • FoxMeste (3)
  • Mithras (47)

• French

  • Côme (211)

• Spanish

  • FoxMeste (7)

• Azerbaijani

  • Mithras (28)
  • Ortibexon (403)

Patch 0.9.1

Bug Fixes

• Fix volume resizing on Digital Ocean (#368, resolves #367)
• Disable the storage card while volume information is being fetched (#369, resolves #317)

Features

• Add copy-to-clipboard for email on user page (#329, resolves #287)
• Add support for ECDSA SSH keys (#362, resolves #319)
• Implement confirmation modal for the volume resize (#372, resolves #308)

Other changes

• Move service descriptions above login info for service cards (#342, resolves #341)
• Add measure units to ‘Extending volume’ page (#344, resolves #301)
• Make users to be ordered properly on users page (#343, resolves #340)
• Move service card name to its icon row (#352, resolves #350)
• Reorganize placeholders for empty pages (#359, resolves #348)
• Remove redundant zone id cache for Cloudflare (#371)

Version 0.8.0 Release

Changes

Server setup:

• Added support for Digital Ocean as server provider
• You can now choose server region
• You can now choose server tier
• Server installation UI has been refreshed
• Fields now have more specific error messages

Common UI:

• New app bar used in most of the screens

Services:

• Services are now sorted by their status

Server settings:

• Timezone search screen now has a search bar
• Fixed job creation when switching the setting multiple times
• Server destruction now works

Jobs:

• Jobs panel now should take slightly less space

Auth:

• Recovery key page can now be reloaded by dragging down

Logging:

• Log console now has a limit of 500 lines
• GraphQL API requests are now logged in the console
• Networks errors are better handled

For developers:

• App now only uses GraphQL API to communicate with the server. All REST API calls have been removed.
• Server can now be deployed with staging ACME certificates
• Language assets have been reorganized

Translations:

• Added translation for Ukrainian
• Also activated unfinished translations for German, French, Spanish, Czech, Polish, Thai

Version 0.7.0 Release

Changes:

• Monitor disk space usage, move services between volumes, expand server capacity.
• New redesigned server details screen.
• User management screens were redesigned too, and you are able to reset users’ passwords now.
• Automatic update settings and server’s timezone can be changed now.
• Initial support for SelfPrivacy API 2.0, powered by GraphQL.
• User list synchronization bugs are fixed.
• App is now able to track some types of the long-running jobs which are performed on the server itself.
• Basic support for the new API’s service management.
• Backups screen is temporarily removed, until we fix it.
• Minor UI changes.
• Minor bug fixes, architectural changes.

Migration to the new disk management system

We’ve introduced a new system to control where your services’ data is stored, but an initial migration is needed. Without it, you won’t be able to move services between volumes.

We highly encourage you to manually back up your data from the server before migrating.

To use the new disk management features properly you have to perform the migration. Go to the “More” tab and tap on the “Start migration” button. This migration is also known as “binds migration” in our internals, and you may see this term if you encounter an error related to this system. If you do, please report it to us, and we will help.

Our own F-Droid repo, nightly builds and desktops

From now on, our app also deployed on our own F-Droid repository, allowing you to get our builds faster.

https://fdroid.selfprivacy.org

This repository contains two apps: SelfPrivacy and SelfPrivacy Nightly. The first one contains release builds, and the second one is for development builds. They may contain bugs, but will allow you to test our new features before release. All three Android builds (Official F-Droid, our own F-Droid and Nightly) are independent and can be installed simultaneously.

You can also try out our experimental desktop builds, available for Linux as Flatpak, Windows and macOS. https://git.selfprivacy.org/kherel/selfprivacy.org.app/releases/tag/0.7.0 Please keep in mind that we cannot guarantee that the app will launch on your distro, and that we have not adapted our UI for desktops yet.

Version 0.6.0 Release

Changes:

• Added support for server access from SelfPrivacy apps installed on several devices.
• You can now create recovery token to regain the access to the server if you lose your device or the app’s data.
• You can now connect to an existing server, instead of creating a new one.
• Initial support for Material Design 3 (Material You).
• App now uses your system colors on Android 12 (Material You), Windows 10 (accent color) and Linux (GTK colors). While SelfPrivacy works ok on desktops, we won’t officially release desktop versions until we refactor our UI to support big screens.
• Minor bug fixes.

Version 0.5.0 Release

Changes:

• DKIM key is now deployed to DNS during server setup.
• Step 1 of server setup (DNS checks) is now faster.
• New DNS management screen: checks current records and lets recreate them if something is wrong.
• User creation and deletion is now more responsive.
• User list is now synchronized with the server.
• New SSH key management screen. SSH keys can now be uploaded for any user, including root.
• Root SSH key generation is removed, you can now upload your own keys.

SelfPrivacy Blog

The European Union must keep funding free software

The SelfPrivacy project was granted NGI funding via NLnet. Other FOSS related projects also benefit from NGI funding. This funding is now at risk for future projects.

Initially publishead by petites singularités. English translation provided by OW2.

Open Letter to the European Commission.

Since 2020, Next Generation Internet (NGI) programmes, part of European Commission’s Horizon programme, fund free software in Europe using a cascade funding mechanism (see for example NLnet’s calls). This year, according to the Horizon Europe working draft detailing funding programmes for 2025, we notice that Next Generation Internet is not mentioned any more as part of Cluster 4.

NGI programmes have shown their strength and importance to supporting the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.

Previous Cluster 4 allocated 27 million euros to:

• “Human centric Internet aligned with values and principles commonly shared in Europe” ;
• “A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life” ;
• “A structured ecosystem of talented contributors driving the creation of new internet commons and the evolution of existing internet commons”.

In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organisations managing these European funding consortia.

NGI contributes to a vast ecosystem, as most of its budget is allocated to fund third parties by the means of open calls, to structure commons that cover the whole Internet scope - from hardware to application, operating systems, digital identities or data traffic supervision. This third-party funding is not renewed in the current program, leaving many projects short on resources for research and innovation in Europe.

Moreover, NGI allows exchanges and collaborations across all the Euro zone countries as well as “widening countries” 1, currently both a success and an ongoing progress, likewise the Erasmus programme before us. NGI also contributes to opening and supporting longer relationships than strict project funding does. It encourages implementing projects funded as pilots, backing collaboration, identification and reuse of common elements across projects, interoperability in identification systems and beyond, and setting up development models that mix diverse scales and types of European funding schemes.

While the USA, China or Russia deploy huge public and private resources to develop software and infrastructure that massively capture private consumer data, the EU can’t afford this renunciation. Free and open source software, as supported by NGI since 2020, is by design the opposite of potential vectors for foreign interference. It lets us keep our data local and favors a community-wide economy and know-how, while allowing an international collaboration. This is all the more essential in the current geopolitical context: the challenge of technological sovereignty is central, and free software allows addressing it while acting for peace and sovereignty in the digital world as a whole.

*1 As defined by Horizon Europe, widening Member States are Bulgaria, Croatia, Cyprus, the Czech Republic, Estonia, Greece, Hungary, Latvia, Lituania, Malta, Poland, Portugal, Romania, Slovakia and Slovenia. Widening associated countries (under condition of an association agreement) include Albania, Armenia, Bosnia, Feroe Islands, Georgia, Kosovo, Moldavia, Montenegro, Morocco, North Macedonia, Serbia, Tunisia, Turkey and Ukraine. Widening overseas regions are : Guadeloupe, French Guyana, Martinique, Reunion Island, Mayotte, Saint-Martin, The Azores, Madeira, the Canary Islands.