Post 9updPg9JfqREK0Meps by rysiek@mastodon.social
(DIR) More posts by rysiek@mastodon.social
(DIR) Post #9uou5Z0i0hv0S5NA9I by rysiek@mastodon.social
2020-05-08T00:33:50Z
1 likes, 1 repeats
One last thing about #Keybase and I promise I'll shut up... for now.This is going to be an interesting test of how useful being FLOSS without being decentralized actually is.A lot of people will now leave Keybase. Will they find ways to re-use their code to set-up a better service? Or is their code so tightly bound to their centralized service that it's effectively useless?In other words, is being #FLOSS at all meaningful without being decentralized?šæ
(DIR) Post #9upUfVbjjgj8fo8Chc by wolf480pl@mstdn.io
2020-05-08T07:24:00Z
0 likes, 0 repeats
@rysiekIMO, the only innovative tging about keybase was binding the key to control of websites and socnet accounts. And that can be easily reimplemented from scratch I think.All the other features keybase implemented after that was an attempt.at EEE and turning their ecosystem into a walled garden
(DIR) Post #9upUs0IjRb15LICTB2 by loke@functional.cafe
2020-05-08T07:26:16Z
0 likes, 0 repeats
@wolf480pl @rysiek In that respect Keybase served a useful purpose. A somewhat generic way to tie identities on different sites together.Clearly a decentralised system to do that same thing is needed.
(DIR) Post #9updPg9JfqREK0Meps by rysiek@mastodon.social
2020-05-08T08:52:24Z
0 likes, 1 repeats
@loke @wolf480pl ask, and ye shall receive: https://metacode.biz/openpgp/proofs/cc @wiktor
(DIR) Post #9upe9q4f6bGWQMCLvU by wiktor@metacode.biz
2020-05-08T09:08:17.514Z
0 likes, 1 repeats
Ha, thanks for the mention Rysiek! This is how it looks rendered: https://metacode.biz/openpgp/key#0x6A957C9A9A9429F7Do note that this is *not* a service, this is rather a protocol thatās open for anyone to implement: https://github.com/wiktor-k/openpgp-proofs#openpgp-proofs (including verifying services, service operators, no need to ask for permission like "please add my Mastodon instance, Keybase").It also doesnāt depend on keyservers, I just used https://keys.openpgp.org/ because itās convenient in the render page. For the render page you can use your own domain as a key source (via Web Key Directory): https://metacode.biz/openpgp/key#sheogorath@shivering-isles.com but the protocol is agnostic to where the key lies, it can use direct OpenPGP keys you have on disk to display basic social info.See ya! š
(DIR) Post #9upegdbwSqrLKIP8YC by wolf480pl@mstdn.io
2020-05-08T09:16:16Z
0 likes, 0 repeats
@wiktor @rysiek @loke hm... so the socnet posts are not signed, but proof in the other direction is provided by key notation being part of selfsig? interesting
(DIR) Post #9uqBcdNuf1WDxBXbiy by wiktor@metacode.biz
2020-05-08T10:28:30.662Z
1 likes, 1 repeats
For me this only shows that FLOSS by itself is just one factor you have to consider when selecting a solution. (do note that Keybase was not entirely FLOSS because the server was closed source: https://github.com/keybase/client/issues/6374).Decentralization is good but also: one factor in the overall equation. But do remember that you can have a decentralized protocol thatās patent-encumbered. Better aim for specifications that follow good practices (like IETF process).You also want the project to be actively maintained, providing good UX, inclusive and supported by smart people.Achieving high points on all scales is incredibly hard thatās why we see all combinations of these factors. E.g. 1) Signal, that has reproducible builds and good clients with clever crypto but no regard for decentralization or 2) XMPP thatās IETF standard but has UX deficiencies on some platforms or 3) Matrix thatās āopen standardā (not IETF but rather controlled by single party) and a company that produces good clients.And what someone else said: check the money trail of the project. If itās a VC and āfreeā to use by anyone it should immediately raise a red flag (not necessarily evil but donāt rely critically on it).
(DIR) Post #9uqYRQhJmvwoMkFBdw by rysiek@mastodon.social
2020-05-08T12:26:21Z
0 likes, 0 repeats
@wiktor totally, this.
(DIR) Post #9uqYRQv8xX0T3ciEC0 by shellkr@mstdn.io
2020-05-08T19:41:02Z
0 likes, 0 repeats
@rysiek @wiktor One of the reasons I do not like Snap packages... the snapcraft server is still closed, right?
(DIR) Post #9urimBmhcifatWGBFI by nikolal@social.privacytools.io
2020-05-09T09:11:33Z
0 likes, 0 repeats
@rysiekImo yes, look at Signal. I will put trust to service with centralized servers if everything is open source in their code. In that case they are providing you their service and ease of not setting and maintaining things yourself, because not everyone has technical skills to do it. Centralised services are not evil if every bit of their code is open to the public.
(DIR) Post #9urpe5sOPDCjvu0aBc by rysiek@mastodon.social
2020-05-09T10:28:31Z
0 likes, 0 repeats
@nikolal I disagree.The reason I disagree is the same reason why a techie with time on their hands and a server would still not run their own Signal server and roll out their own Signal client: that would be useless, because people who are on Signal are locked up in the walled garden.So, if Signal does something abusive, dumb, or malicious, the code being open will not help is. We will still only have a binary choice of "use it or drop it".
(DIR) Post #9urqOQKigCM6hRLl4a by loziniak@quitter.pl
2020-05-09T10:36:41Z
0 likes, 0 repeats
@nikolal @rysiek What proof do we have that Signal actually runs the code from repos on their servers?
(DIR) Post #9urqcVKusIEaGr9k5A by rysiek@mastodon.social
2020-05-09T10:30:34Z
0 likes, 0 repeats
@nikolal now, I wouldn't use the word, "evil" here, since it's unnecessarily emotionally charged. Problematic? Yes. Red flag? Yes.They're not just "providing you their service and ease of not setting and maintaining things yourself", they are actively making it effectively impossible for you to maintain things yourself.It's a fine line, but an important one.
(DIR) Post #9urqcVZ61ZZoypn4BU by rysiek@mastodon.social
2020-05-09T10:32:30Z
0 likes, 0 repeats
@nikolal that being said, I will continue to use Signal, simply because it currently offers the most reasonable (to me, in my specific circumstances) trade-off between Doing Things Right, and being popular enough to be useful day-to-day.I would still love #Briar to take off, big time. In fact, I should play with Briar again.
(DIR) Post #9urqcVkRLOePY167rk by nikolal@social.privacytools.io
2020-05-09T10:39:26Z
0 likes, 0 repeats
@rysiek I think that main problem is ease of usage, no end user (eg my grandma) should even know what encryption is but she should be able to easily install and use apps. Briar with grandma? Maybe if I come and set it up for her. Briar with friends in foreign country? No go. I support decentralized services but fact is that they are not user friendly, and average user uses Whatsapp and doesn't know what decentralization is.
(DIR) Post #9urqstW2kAp9taAyTw by rysiek@mastodon.social
2020-05-09T10:42:24Z
0 likes, 0 repeats
@nikolal have you tried briar? Set-up is pretty simple. The bigger problem is lack of client implementations (no desktop client, no client for iOS), and no store-and-forward (although last time I checked work was being done on that).
(DIR) Post #9urqukpA1vRnWB0MkK by nikolal@social.privacytools.io
2020-05-09T10:42:45Z
0 likes, 0 repeats
@loziniakFor what other service can you say that they run code they represent to you? They can tweak it on their servers however they want to do something you can't see when using it. No service can guarantee you that, Signal included @rysiek
(DIR) Post #9urrDxEU7UmVVK0OQq by rysiek@mastodon.social
2020-05-09T10:46:12Z
0 likes, 0 repeats
@nikolal the "decentralized or user-friendly" false dichotomy is the new version of "encrypted or user-friendly" false dichotomy, which in turn is a newer version of the "FLOSS or user-friendly" false dichotomy.The reason why decentralized projects (or encrypted communication projects; or FLOSS projects) tend to have worse usability is two-fold:1. it is more difficult to implement (but not impossible!)2. it's harder to get resources for that (VCs do not want to fund such commie ideas!).
(DIR) Post #9urrILXhg5lw3h5a9Q by nikolal@social.privacytools.io
2020-05-09T10:47:01Z
0 likes, 0 repeats
@rysiek Yes, I have and I love principle behind it. But there is that "get your friends on it" and they don't want to hear about it when I say that we need to exchange identities by scanning each others QR codes. They don't even know what identities are. You see problem now what centralized service like Signal solves easily? I would love for everyone to use Briar but that is simply not even close to being reality
(DIR) Post #9urrOZpnSDbE7aWTwW by nikolal@social.privacytools.io
2020-05-09T10:48:08Z
0 likes, 0 repeats
@rysiek Yes, I agree. I like how people are calling FOSS projects communism, lol
(DIR) Post #9urrfqM3HlAyHTqLlw by rysiek@mastodon.social
2020-05-09T10:51:15Z
0 likes, 0 repeats
@nikolal the "get your friends on it" part becomes harder with every service one got their friends on already. Like Keybase. One should choose wisely, is what I'm saying. š
(DIR) Post #9ursC8huaQDOT1T4nA by rysiek@mastodon.social
2020-05-09T10:49:37Z
0 likes, 0 repeats
@nikolal importantly, it is not *inherent*. That is, you *can* have decentralized, FLOSS, encrypted projects with a great UI/UX, if resources can be found for that.Constantly floating the red herring of decentralized/encrypted/FLOSS projects offering a worse user experience is a great way of preserving the status quo.Instead, we should be focusing on making sure people know there are projects that will not get you zoombombed with porn on a call with your boss, so that theyu get funded.
(DIR) Post #9ursC9KuFRPIPxiDZY by nikolal@social.privacytools.io
2020-05-09T10:57:05Z
0 likes, 0 repeats
@rysiek My point is: Centralized -> cool if everything is open sourced and you have option to host it but not wanting to because you lack resources or technical skillsDecentralized -> Even better but there is problem of getting end users to use it, because everyone wants 'plug and play' experience and don't want to break their brains of choosing servers they want to use
(DIR) Post #9ursKBlj5UlOHM5fW4 by nikolal@social.privacytools.io
2020-05-09T10:58:32Z
0 likes, 0 repeats
@rysiek I've switched 30+ of my friends/family on Signal becase they were using Facebook messenger for communication, I think I've done good deed
(DIR) Post #9urteFfyN1MU8uWuwK by rysiek@mastodon.social
2020-05-09T11:13:22Z
0 likes, 0 repeats
@nikolal totally! same here. :)
(DIR) Post #9us0lrK1V8WMbcq01Y by loziniak@quitter.pl
2020-05-09T12:30:29Z
0 likes, 0 repeats
@nikolal @rysiek Self-hosting can do that, as well as peer-to-peer.
(DIR) Post #9usTlvEDsHLXONVUHo by nikolal@social.privacytools.io
2020-05-09T17:58:09Z
0 likes, 0 repeats
@loziniakNot everyone wants/know how to self host, and I think they don't need to. End user doesn't need to know anything about how its done behind the courtain@rysiek
(DIR) Post #9uscRp1a87Dlwm5Iiu by rysiek@mastodon.social
2020-05-09T19:35:19Z
0 likes, 0 repeats
@nikolal @loziniak but that's a false dichotomy: you don't need to self-host as long as the software *is* self-hostable and usable across instances. that way the user doesn't need to self-host, but the fact that some people do means that it's harder for the original project to do crazy bad stuff.