guile-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diversification [ branched from Re: conflicts in the gnu project now


From: Zelphir Kaltstahl
Subject: Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile]
Date: Wed, 23 Oct 2019 02:57:03 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 10/23/19 1:24 AM, Chris Vine wrote:
> On Tue, 22 Oct 2019 21:23:32 +0200
> Zelphir Kaltstahl <address@hidden> wrote:
> [snip]
>> The reason however, why I have only ever used Riot with one person is,
>> surprise surprise, that most people are not willing to sacrifice the
>> tiniest bit of comfort, for enhanced security. This one person I used it
>> with tried to get 2 more people on board, who were even less tech-savy
>> and whom I did not have the chance of helping directly, to get things
>> set up and so we remained 1-on-1 on Riot.IM.
>>
>> Let me explain further:
>>
>> To verify another person's device, one has to exchange information via a
>> second trusted channel. That information is a sequence of icons being
>> shown. If they are the same, that the other person sends you via the
>> second trusted channel, you can reasonably assume, that the device you
>> are communicating with is under their control.
>>
>> When it comes to the step of exchanging information about what icons are
>> displayed, most people will close the app and say "it's too
>> complicated", because they do not understand it ("Huh? How strange! Why
>> I have to do that? Are icons secure?") or do not want to do anything in
>> order to have security. They are not willing to invest as much as 5min
>> of effort, to have encrypted chat. What makes matters worse is, that
>> when you use Riot.IM in the browser, it might happen, that every time
>> you log in, the other person has to re-verify your device. Guess what
>> people will do when facing that workflow …
> This is a public mailing list, and any replacement of it is going to be
> a mailing-list-alike.  Why do they (or chats) need to be encrypted or
> have the sender verified?  No one should be posting sensitive personal
> information here so I don't understand the point of it.  Lack of
> understanding of (or disagreement with) the purpose may be what is
> holding your idea back. If you want to set up private mailing lists or
> chat servers, fair enough, but that's not what this is.
>
> Discord seems a reasonably popular chat medium with a bridge to IRC and
> discourse seems reasonably popular as a web based mailing-list-ish
> medium with a somewhat more vibey feel than traditional mailing lists.
>
Hi!

My example was about private conversation and a friend. So you are
right, that the example does not quite match the mailing list example.
Maybe we should clear up the question what kind of communication would
happen over such a new channel first, before making any decisions.

In Riot you will notice, that you see warning, when the devices are not
verified. That confuses users. Not sure what you can do about it in
terms of making settings default, as I have not used Riot in a public
communication scenario.

You did not address the other point I raised though: Dependency on a
third party server (and all the implications, when/if it gets hacked
again). Same goes for Discord. It would not be under our control whether
the server is running. In case of Discord: While we only need a mail
client for posting on a mailing list, using Discord requires to use a
bloated Electron app. When you start Discord and log in, the first thing
that happens is, that your CPU fan starts rotating, because of Discord
showing ads with videos. Do we really want to let people go through this
to interact with the rest of us?

There is also the problem of non-searchable content. You cannot, as far
as I know, search in a search engine through Discord or Riot messages.
If content by tendency of "quickly solving the problem in chat" moves to
non-searchable medium, it will mean, that searching in search engines
does not benefit from those solutions.

Another problem are the company policies of Discord. Not exactly a place
where you'd expect free software to happen.

However, like I said, I personally would be willing to try it, for sure!
Some communities already actively use Discord (Pharo community for example).

Best regards,

Zelphir




reply via email to

[Prev in Thread] Current Thread [Next in Thread]