@rpw You need to manually export / import your follows, blocks, mutes etc. and set up your profile the same way. It supports merging them instead of replacing them.

You can automatically move your followers via the migration feature. It takes a while and you can follow the progress since they get moved over by each non-dead instance rather than copied. It's on the account page in settings:

https://infosec.exchange/auth/edit

@canacar @rene_mobile

I think Google should be able to consistently update upstream code and should be able to integrate important updates within weeks in the worst case, not half a year or more.

If the Linux kernel fixes a remote code execution bug, they should have a release out for Pixels within a week not months. It literally takes them months to fix those issues while Chrome would do it in days. There are RCE bugs from October in the Linux kernel currently unfixed on Pixels. They'll eventually cherry-pick the patches or update to a new stable kernel.org release as part of a quarterly release with the patches. It's not included in QPR1 (December).

They also shouldn't need people to specifically report to them that a Mali driver release, Linux kernel release, SQLite release, etc. fixes vulnerabilities and they need to update it.

Also, Android's highly flawed security bulletin system isn't a valid excuse for Pixels having only monthly releases and taking 60+ days to get anything released even with extreme severity. Their testing process is completely broken because all they can do if they find serious issues in a new release is choose between releasing it anyway or missing the month's release...

@dalias I think it would be feasible to have the apps excluded from that if they didn't recommend any instances with adult content. However, for usability / onboarding reasons, both apps guide users through making an account on a normal instance where adult content is allowed behind content warnings which they won't consider good enough. They would only potentially accept it if the default instance disallowed it completely.

I think what they do for review is joining whatever instance the app guides them to and looking for adult content, which is easily available and not moderated beyond requiring content warnings, so it has to be adult only. If the app didn't recommend any instance at all, they'd expect to be given credentials or instructions, and then it would probably be possible to avoid the adult only rating. It would still always be a risk they'd force it back.

There's no real logic to justify their different treatment of web browsers. It's just a special case because it's not expected for them to keep children away from web browsers but for other apps it gets treated as their responsibility. It's just their way of doing what's expected from them in the easiest, laziest possible way. Having any nuance is way beyond their flawed review systems.

@dalias

Mastodon and Matrix clients are marked as adult-only on the Google Play Store and Apple App Store because they can be used to reach adult content and don't qualify for the web browser exception. It's entirely possible they'll crack down on these apps more in the future.

https://play.google.com/store/apps/details?id=org.joinmastodon.android
https://apps.apple.com/us/app/mastodon-for-iphone-and-ipad/id1571998974

https://play.google.com/store/apps/details?id=im.vector.app
https://apps.apple.com/us/app/element-messenger/id1083446067

If they were more aware of what kinds of instances existed and that they could be easily reached through the apps, they might have already banned the apps.

@rene_mobile It won't really do much good if the vendors including Google don't ship the patches.

Google is 6 releases behind on the ARM Mali driver on Pixels and ARM does source code dumps so it would be extremely hard to backport individual changes.

It's not the only code that's not being kept properly updated. Pixel 6 is on Linux 5.10.107 and that's up to 5.10.155 upstream. It's strange to do all this work on finding vulnerabilities, hardening and making updates easier with Generic Kernel Images, etc. but then patches don't get shipped.

There's little follow through on the boring work on keeping things updated, only improving the infrastructure to do it, but then not taking advantage of it.