Re: [GNU/consensus] [wiki] Call for Participation

[carlo von lynX]

On Tue, Jul 01, 2014 at 02:28:09PM -0300, hellekin wrote:
> *** Dear Carlo, that is exactly the kind of conversation I want to see.

Dear h'kin, I'm always up for that...

> The public ledger certainly presents a strong case for the replacement
> of opaque banks operated by banksters. To reiterate: I do not believe in
> one technology to rule them all, but in a diversity of technologies that
> work together to each do what they do best.

Yes okay, but it may be a bit of a case of token ring vs ethernet
or VHS vs betamax...

> *** There is always the bootstrapping issue that should be done in
> person. We tend to bootstrap conversations online on the assumption that
> we can recognize the other party. We all do it.

Yes, but with the new tech you can't even get started without the
bootstrap, and if you cheat.. well.. we can make it harder for you
to cheat.. by insisting on having those QR codes *printed* ...
and then there is the social method.. I am very optimistic that
this issue will be more solved than most imagine.

> an SSH config ALONG WITH THE SERVER'S FINGERPRINT? So there's room for

SSH isn't a good example for usability of the procedure, just that
you can't downgrade it to unencrypted while SSL, PGP and OTR can all
fail to unencrypted.

> Then, this bootstrapping issue is not solving the human factor (or "Sabu
> hijodeputtitude"), or the James Bond factor (NSA implanting hardware
> bugs into your favorite keyboard), etc. I don't want to reduce the
> usability issue to "broken-Internet tech" nor to out-of-band, XKCD 538
> style security.

Your keyboard can only leak what YOU type. And that is just one person.
Single persons are not within scope for YBTI. We are about mass
surveillance. About hijodeputtitude and 538 I'm too lazy to search
the net to see what you mean. Is it the one about girl at the party?

> Instead, I want to compile the state of the art in crypto usability, and
> put both cryptographers and UX designers together to make it usable
> across society. One such initiative was Sean O'Neil's PureNoise
> cryptographic proxy service. Which is now going to be GNUnet: everything
> going out the computer goes through encrypted channels to their
> destination, and that's automated. But this does not remove the initial
> question "how do I ensure it's the right recipient, the right key,
> correct encryption.", etc.

I think this is solved stuff, we just need to get it implemented.

> > We need a law that impedes making money on the fact that people
> > socialize. If you want to make money, you have to sell actual
> > goods, like beer in a pub.
> >
> *** Ah! Well, I wasn't actually thinking in those terms. The idea is
> more about the trade offs we go through to enjoy proper sociability
> online. What are they, and what price are we ready to pay to follow
> through? If we can identify them, we're likely to make better design
> decisions to automate conversation flows that will actually interest
> people who, for now, think their ability to belong to a group is worth
> the risk of seeing one's drunken picture end up in a meme factory.

I think we can deliver a platform that ensures only the right people
get the stuff, then you are still capable of leaking your friends'
pictures to facebook or 4chan and the question is if it will have
social consequences for you.

> But the identity in the Indie Web is an URL. It's unlikely that people
> want to swap a readable thing with an unreadable one. On the other hand,
> if the domain is a zkey, then it also matches whatever funky alias you
> want to make for your friends.

And if the nickname you are asking for is sufficiently unusual you
will have the same nickname.gnu for all people that had the pleasure
of meeting you. So you can still print it on a t-shirt.

> So yes, a .onion could be used, and if that becomes a standard, etc.
> This brings a new issue: if you're running a Tor hidden service at home,
> will you relay as well? If you do, will your relay slow down the whole

No, hidden services are not supposed to relay AFAIK.

> network? All considerations need to belong to a larger scope, because
> end-users will not be able to make the technical decisions to optimize
> the network setup. Bittorrent does pretty well on that account, right?

.onion is probably not the last word on public-key based
website routing.

> > Other than that this isn't really a problem that needs
> > fixing. The web is broken, we can improve the browsers
> > and Tor, but the servers are not the problem. And the
> > fundamental idea behind the indie web that says that you
> > are free if you are exposing your privacy yourself rather
> > letting others do it for you, is fallacious.
> >
> **** Yes, I agree with that. Besides, it's a solution if everybody can
> actually be a PEER on the Web, and not one of thousands of customers of

A peer of what? Using unencrypted or at best NSA-compatible encrypted
web servers peering with some other NSA-friendly virtual server? Is
this such a great big LEAP forward from being on Faceboogle?

> a virtual appliance on a giant commercial "cloud" service. That would
> basically replace the centrality of Facebook with the cloudiness of
> CIAmazon. Not so good. But, on the other hand, if people can use their
> devices to run their own service as a peer, then the centralized
> emotional control of Facebook [0] is already a step away. That is
> already better than what we have now.

If they can run their own devices in a public-key routed network,
then indie-web technology isn't exactly a genius invention, in
particular as it is usually not suitable for running on home pcs
or androids. There are simpler ways to share services then, as
Retroshare or I2P have shown. How many onion sites use large
wordpress/drupal/ruby/php/nodejs instances with client side js
dependencies and google includes? Who really needs that?

> So, again, it's a matter of trade-offs, and looking at things honestly
> and thoroughly. When Secushare can do what the Indie Web can do, how to
> make the switch? Etc.

Switch? As always on the Internet. People figure out how it works,
find out it is cool, start using it and start forgetting about the
old stuff.

> *** I appreciate your perspective, and you attention. Conversation is
> critical because there are trends, running like furious torrents down
> the mountains, growing into rivers, and stabilizing in the ocean. The
> Internet itself is this ocean, and dances with the land--our physical
> world, that sustains the digital ocean, and increasingly gets shaped by
> it. As I see it, GNUnet is a key infrastructure of this digital ocean.

In Idol terms, Mesh for fantasy.

:)