Post 9wF0t8bAx31WZGQMkq by flub@mastodon.social
 (DIR) More posts by flub@mastodon.social
 (DIR) Post #9wDlTvQN6Rmfzxvkyu by sir@cmpwn.com
       2020-06-18T22:16:44Z
       
       4 likes, 9 repeats
       
       1. Are they open source to an extent that you're comfortable with? Do they ask you to run proprietary software on your devices? Is the code running on their servers open?2. If they claim to be open source, do they use an OSI-approved or FSF-approved software license? If not, they're misleading you.3. Is your personal data handled by such proprietary software? Do you ever transmit your personal data to their servers? Even if open source, they would be able to read and use this data however they wish and you wouldn't be able to tell - do you trust them to? What if they're compelled by law enforcement?4. Do the needs justify the personal data they are collecting about you? If not, why are they collecting it?5. If they claim to use encryption for the data which is transmitted to their server - question whether or not it's really private. Do they ever handle the unencrypted data? For example, if an email service claims to encrypt incoming emails, they have an opportunity to read the unencrypted email before they store it. Do they disclose these "gotcha"s, or do they make clear the limitations of their encryption? Is any encrypted information decrypted by software they control, like their web application, or a desktop application which is automatically updated without your consent? If so, they could decrypt it on your computer and transmit the decrypted data back to their servers.6. Are they responsible for any scarce resources, like an email address, phone number, and so on, which you wouldn't be able to take with you if you leave? Are there ways to provide the same functionality without scarcity, such as the use of your own domain? If so, why aren't they offering them? How important are these resources to your identity, will your friends be able to find you if you choose to stop using the service?7. How do they make money? What is their motivation for providing services to you? If their circumstances change, will their values change? How likely is change?
       
 (DIR) Post #9wDm7791SflndqVDJA by sir@cmpwn.com
       2020-06-18T22:23:56Z
       
       1 likes, 4 repeats
       
       Don't be taken advantage of because you didn't ask these questions! And, importantly, if you are taken advantage of - once you realize this, fight the urge to doublethink to protect your ego. Accept that you were bamboozled, and make sure none of your friends are swindled, too. Definitely don't double down and defend them as if they were an extension of your ego.
       
 (DIR) Post #9wDmaEV5Bwuoqxhon2 by qrsbrwn@totallylegit.site
       2020-06-18T22:29:58.115087Z
       
       0 likes, 1 repeats
       
       @sir we have all been there and most likely will be there again. In one way or another. Admitting that you have made a decision that you have since changed stance on is a sign of maturity and strength of character. No one comes out if the womb with all the knowledge in the world, we all have learning to do.
       
 (DIR) Post #9wDq2Yp3WmOBqtFOl6 by bhaugen@social.coop
       2020-06-18T23:07:23Z
       
       0 likes, 0 repeats
       
       @sir Thanks, bookmarked to send to several other people. With credit.
       
 (DIR) Post #9wDraDmINRHGNqZRNw by sir@cmpwn.com
       2020-06-18T23:25:09Z
       
       0 likes, 0 repeats
       
       And, important: above and beyond these criteria: if you are choosing something with an emphasis on privacy and security because your life and liberty will be staked on the decision: do your own, in depth research, and try to understand WHY one option is better than another, and don't take the advice of random strangers and people you don't trust. Aside from this meta-advice, of course.
       
 (DIR) Post #9wDsjtwD63kthVO6oy by roguetrick@mas.to
       2020-06-18T23:38:56Z
       
       0 likes, 1 repeats
       
       @sir Cognitive dissonance is very easy to resolve nowadays through bullshit sources. People do it with their health, I don't see them not doing it with their personal data.
       
 (DIR) Post #9wDvhfISrQ4tZkQFkm by jbauer@social.paritybit.ca
       2020-06-19T00:10:50Z
       
       0 likes, 0 repeats
       
       @sir Another point: Fact-check the claims that the service is making with regards to security and privacy. Is what they're saying based in reality? Are they using language like "we encrypt passwords" when they really mean "we hash passwords?" It could be a sign of technical incompetence and letting marketing take the reigns.
       
 (DIR) Post #9wEh5tgHjBMGz0cYPw by trisschen@tech.lgbt
       2020-06-19T09:01:54Z
       
       0 likes, 0 repeats
       
       @sir In addition to #2: Do they encourage you to use those rights, or do they intentionally make it as hard as possible?
       
 (DIR) Post #9wEtyNrgv455gUhhLs by rune@mastodon.nzoss.nz
       2020-06-19T11:25:02Z
       
       0 likes, 0 repeats
       
       @sir My absolute favorite check is pretty basic:"Could I run this on my own server and move my data over?"And that applies both to my personal and my work choices. I'm not sure I'll ever recover from the laughs I will have if one day my company is forced to move their applications off Azure and back on-premise... Considering how many proprietary solutions that have been integrated with boggles my mind.
       
 (DIR) Post #9wF0t8bAx31WZGQMkq by flub@mastodon.social
       2020-06-19T12:43:26Z
       
       0 likes, 0 repeats
       
       @sir a lot of at risk groups do not have the knowledge to sensibly do this.
       
 (DIR) Post #9wFXwhEVw0RvLC845Q by federico3@mastodon.social
       2020-06-19T18:54:02Z
       
       0 likes, 0 repeats
       
       @sir8. Is it federated? Can you move to a different service provider without losing your contacts, address/ID, history or other data or features? Are they in control of both service and clients? Can it easily become a walled garden in future?