Re: [GNU/consensus] [SocialSwarm-D] Map of Projects / Sessions at 30C3

[hellekin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/15/2013 11:28 AM, carlo von lynX wrote:
> On Fri, Nov 15, 2013 at 08:39:36AM +0100, Andreas Kuckartz wrote:
>> BTW: As long as this discussion is taking place using a
>> federated communication system I do not think that federation has
>> become irrelevant.
> 
> In fact relevant amounts of discussions are not taking place over
> federated systems. I am super positive about abolishing these
> mailing lists and email in general ASAP.
> 
*** Until I can run GNUnet and share conversation with people from my
Emacs, I don't see that happening.  The majority of relevant
discussion I'm having are happening via Tor+PSYC, Tor+IRC, and
GPG+Email.  RetroShare still is marginal, as is I2P.

I wish email--that is, the system of: SMTP+POP3/IMAP--would be amended
or disappear, but first we need the GNS, and proper UIs that mimic
plain conversation, because that is what people know and like.  When
talking about email, we should be careful distinguishing the
underlying protocols, from the general usage habits.

In the end, for the user, there's no difference between Email,
Facebook, or What's App: it's all about conversations, and they will
use 1) the system that brings them most closely to most of their
contacts, 2) the system that offers the most straightforward
interface, 3) eventually, the system that protect their privacy better.

Obviously, that is a power law, and 3) is already in the long tail.
Your mission, if you're willing to accept it, is to ramp it up to
provide safety to users who only care about efficient, and maybe
effective, if they have a personal reason to doubt they're a fish
inside a net.

>> That does not convince me to support such a proposal. It is
>> spreading illusions in the European Parliament not educating
>> people.
> 
> i'm bored by the notorious incapacity of people to reach consensus 
> on just about anything. we will never fix the world if we don't
> start.
> 
*** Educating people is the long term, and probably a side-effect of
bringing them working applications.  Boredom, the consequence of
delaying such endeavor.  If someone sees something to be done, it's
good that they try doing it.  But they cannot expect anyone else to
jump in, because that notoriously doesn't work.  If people were moved
by ethical purpose, Edward Snowden would not be a persecuted hero, he
would be a casual citizen.  We've started long ago to struggle and to
try and fix the world.  Maybe the world needs no fixing.  Maybe each
of us does.

I'd rather keep the discussions about the Pirate Party to the Pirate
Party.

>> 
>> They _are_ used for private communications. And I am not aware of
>> any reason why they can not be sufficiently improved regarding
>> security and privacy.
> 
> http://secushare.org/end2end - The web browser is designed to do
> what the server tells it to.
> 
*** Indeed, there's a discrepancy between the intended design of the
browser, and its actual use.  As there is between
Email-before-firewalls, and email today.  There are no right
solutions: each solution that we can come up with will have flaws.

Pursuing "the right design" does not disqualify trying to fix a
sinking boat, for while the lifeboat is not ready, nobody leaves the
shipwreck.

> Privacy is about AT LEAST having end to end encryption, which
> doesn't work if the UI is coming from the server.
> 
*** Actually the expected design for Lorea 2.0, that Sembrestels is
now exploring, consists in moving all the engine to the client side,
and use the server as a store-and-forward agent.  I believe that
approach is gaining ground over a pure end-to-end approach that
requires both ends being online at the same time.  Some use a DHT,
others dumb-servers.  "Always on" is itself a problematic concept,
both technically and privacy-wise.

> to disable http and other surveillance technologies.
> 
*** I fail to see how HTTP qualifies as a surveillance technology.
HTTP is designed to make information sharing easier.  I doubt sharing
information can be considered a monopoly of surveillance freaks.

>> 
>> There are several good reasons why the (vast) majority of users
>> does not want to install software in addition to a web browser to
>> be able to communicate with others. Alternatives or design
>> requirements which do not take that into account will not lead to
>> a different situation.
> 
*** I agree with lynX on that one.  There is a matter of perception
here.  People do not associate "browsing the web" with "downloading
and installing software", because the software, unless it's cached on
the client, usually is downloaded every time, which makes it
inherently less secure than a proper software installation, and the
reason why the LibreJS project exists in the first place: to warn the
user and demonstrate that there's non-free software running there.

One might argue that the browser works in a reduced scope in
comparison to an actual software install, and thus cannot affect the
system.  I would argue that the security model here is not to attack
the system, but to watch the user; the OS is not the target, the user
is, and running non-free and stealth javascript inside a Web browser
is sufficient to perform proper surveillance.

The complexity of protecting the user from that surveillance is nicely
illustrated by the Content-Security Policy: just try implementing it
on your website, and see all your Web 2.0 applications break. You
cannot use Google* or Amazon* or whatever third-party process without
granting them access to a lot more than you actually intend to
use--thus, you trust them.  Then, if you're able to stick to the
minimum, you can still work around CSP by choosing to proxy
third-party contents "transparently" to your user, without their
knowledge--thus, they trust you, the website operator, who is only an
intermediate in the social interaction.

==
hk

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJShkBPAAoJEEgGw2P8GJg9IBUP/iXe4wN6H+U5/dVM5PAforwv
T5KJWuYq2mynoTnLML43HAktJiX0adEZjKhlSs/v9OlhTOTRumC81jYRaOWZUpPS
YKyTfMJYHG/7rtMvVC9REWxZtEA1pQpSEsidOoM+BEzeqOhYB7bJkKDEr+1ZBpGm
gIDwKMC8L0ZM8PpANZUrSEPG6Bpns/YJ4DDTRDVATENGaJE5hxQ/iHGKhkA4HexX
ngg+LJPR1Q1Uqwij7C4q3jOVibEM18Ap1Vpunr6kmwSqtY/bvOpfN5pyyFQE8+Vz
yo13u8hudzJm8FRu9VX2K7Q64gASA0MSYMwQfqMEXaIcs3VvMJFhD+1AC5TJcbb2
/iXIlwxepe0TxZe6iRfLDx/dEGI+WicJxxjWnWFAaXjBcaAyHguHWrDncHivhGWa
tEChmZ1R7h2MWLHnyzYe5NO1KJE6GaKxPBJqE39/Hh4f5y8Q9lo+a/FA4ytxK54q
1rHRj7d0ym3WvYQ4u+a+Xg9KpnGkUe5E7dzFvjx5rdwy9Dq5/OS71dhZWcepvxR6
NIbORo4qXOjrkApuS6m5QDRvgAJBsSXCqaoRfffBQ34AQtwNfa1iYKBULLfQJdAc
ts3jdJwsg0AQ84Clm+rIWank2tFJ3LNutKTghzqyhKFdkDHziPK+ert58KEpTEPL
0JWNkE3xdTTqpZ4H3j9X
=D63S
-----END PGP SIGNATURE-----