Subj : Re: SSH on BBSes
To   : Spectre
From : boraxman
Date : Tue Apr 05 2022 22:48:53

-=> Spectre wrote to boraxman <=-

 bo> I think you are missing the nuance here.  You are equating any information
 bo> which could be accessed by the public as equal, but they are not.  I could
 bo> befriend you on Facebook, and get your information, I could dig around and
 bo> get your address, I can find a lot of things about you.

 Sp> Then surely that would be public information. But you won't find any,
 Sp> because there's none out there on me.

That is becoming harder and harder to do as more and more is happening online. 
I don't know about where you work, but where I work they post things in social
media all the time.  They might take a photo, and you won't know where it is
posted, and you may be tagged.  This is increasingly becoming the "new normal",
where people are just posting, and opting out will in the near future, mean
opting out of social events.

 bo> What you are missing is that the subtle differences of access make a BIG
 bo> difference.  It makes a big difference for automated systems, web
 bo> crawlers, AI, etc.  It makes a big difference if a web search indexes it
 bo> or not.  I get that someone, if they knew I posted here, could create an
 bo> account and extract the data, but Google will not do that, neither would
 bo> any other crawler which is trying to profile.

 Sp> That's simply by obscurity, or the lack of perceived value in the
 Sp> minimal data that is available here.  If there was perceived value it'd
 Sp> be mined as relentlessly as anywhere else.

I know for a fact that Facebook built up a profile on me, before I even created
an account.  It must have used data from other peoples phones, so clearly it
was worth their time to do so.  Your data is valuable, for marketing, and there
are companies which collate and collect this.

They're not collecting from fsxNet, I think, but that it beside the point.

 bo> Wrong, demonstrably so.  We have encryption which allows people to ferry
 bo> data from one network node to another.  Again, to use an analogy, it is
 bo> the difference between sending a message through the post on a postcard,
 bo> or in an envelope.

 Sp> Sure we have encryption, but it'll only be safe for so long.. for
 Sp> arguments sake WPA2 is already compromised.. yet we all still use
 Sp> wifi.. the longer its in use the further it will become compromised
 Sp> though.

 Sp> The postcard analogy is bad too, you're describing wildly different
 Sp> types of data. Anything posted to a BBS cannot by nature be defined as
 Sp> something in a envelope.  Anyone with the will can read it, and some
 Sp> them will make it available to those that don't.


And there will be new encryption methods.  Again, locks are 100% effective
either, but it would be silly to argue they don't keep people out, so don't
bother with them.

The postcard analogy was meant to highlight that the accessibility of
information over a carrier service (whether post or TCP/IP) differs depending
on where it is sent, and how it is packaged.

 bo> The fact there are 'public' servers ferrying the data is irrelevant.  We
 bo> can choose privacy by means of encryption, where only the intended
 bo> recipients can make sense of the message.

 Sp> But thats not the data you're putting out there on a BBS, faceplant or
 Sp> any other public service is it? To me you appear to be confusing public
 Sp> carriage encrypted or otherwise, with a public medium being the service
 Sp> offered.

I'm challenging the notion that there is only a binary, public and private.  We
have different levels of public, and we see this all the time.  It could be
accessible only to the company, or selected people, or to subscribers, or it
could be open.

There is merit to the argument that you can't expect information put 'out
there' to remain confidential, but the argument isn't that it must be perfect
containment.  The argument is about degree and methods of access.  It isn't
about making an othernet perfectly secret, but lessening the number of 'casual
eyes', which is something which has merit.

 bo> People do this ALL the time.  People access their bank accounts over the
 bo> Internet, surely you are not suggesting this is "public" information, are
 bo> you?

 Sp> Its at risk during transit encrypted or otherwise.  However it is
 Sp> essentially private between the said service and the user, otherwise
 Sp> its value is not there.  But to equate that with data put on a public
 Sp> service, thats a completely different kettle of fish.

But a BBS doesn't have to be public.  I have one, it is not public, in that you
can't get further than sign up unless I approve the account.  If I dont' want
you on, you won't get on.

You seem to misunderstand my argument.  It isn't denying that people can create
accounts, I am arguing there is VALUE in BBS's which aren't overly public. 
This is something the technology can easily do, to provide an alternative.

You're simply stating "as is" without thinking "what could be".

 bo> No excuse for those who know better to set a better example.  I don't care
 bo> for your defeatist attitude at all.

 Sp> Realistic attitude perhaps?  I still find your idea naive.

It's simply a statement that a particular 'semi-private' level of group
communication can easily be done, and would be desired by some.

Some people lack imagination.
 
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A47 2021/12/24 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.