-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/15/2013 11:28 AM, carlo von lynX wrote: > On Fri, Nov 15, 2013 at 08:39:36AM +0100, Andreas Kuckartz wrote: >> BTW: As long as this discussion is taking place using a >> federated communication system I do not think that federation has >> become irrelevant. > > In fact relevant amounts of discussions are not taking place over > federated systems. I am super positive about abolishing these > mailing lists and email in general ASAP. > *** Until I can run GNUnet and share conversation with people from my Emacs, I don't see that happening. The majority of relevant discussion I'm having are happening via Tor+PSYC, Tor+IRC, and GPG+Email. RetroShare still is marginal, as is I2P.
I wish email--that is, the system of: SMTP+POP3/IMAP--would be amended or disappear, but first we need the GNS, and proper UIs that mimic plain conversation, because that is what people know and like. When talking about email, we should be careful distinguishing the underlying protocols, from the general usage habits. In the end, for the user, there's no difference between Email, Facebook, or What's App: it's all about conversations, and they will use 1) the system that brings them most closely to most of their contacts, 2) the system that offers the most straightforward interface, 3) eventually, the system that protect their privacy better. Obviously, that is a power law, and 3) is already in the long tail. Your mission, if you're willing to accept it, is to ramp it up to provide safety to users who only care about efficient, and maybe effective, if they have a personal reason to doubt they're a fish inside a net. >> That does not convince me to support such a proposal. It is >> spreading illusions in the European Parliament not educating >> people. > > i'm bored by the notorious incapacity of people to reach consensus > on just about anything. we will never fix the world if we don't > start. > *** Educating people is the long term, and probably a side-effect of bringing them working applications. Boredom, the consequence of delaying such endeavor. If someone sees something to be done, it's good that they try doing it. But they cannot expect anyone else to jump in, because that notoriously doesn't work. If people were moved by ethical purpose, Edward Snowden would not be a persecuted hero, he would be a casual citizen. We've started long ago to struggle and to try and fix the world. Maybe the world needs no fixing. Maybe each of us does. I'd rather keep the discussions about the Pirate Party to the Pirate Party. >> >> They _are_ used for private communications. And I am not aware of >> any reason why they can not be sufficiently improved regarding >> security and privacy. > > http://secushare.org/end2end - The web browser is designed to do > what the server tells it to. > *** Indeed, there's a discrepancy between the intended design of the browser, and its actual use. As there is between Email-before-firewalls, and email today. There are no right solutions: each solution that we can come up with will have flaws. Pursuing "the right design" does not disqualify trying to fix a sinking boat, for while the lifeboat is not ready, nobody leaves the shipwreck. > Privacy is about AT LEAST having end to end encryption, which > doesn't work if the UI is coming from the server. > *** Actually the expected design for Lorea 2.0, that Sembrestels is now exploring, consists in moving all the engine to the client side, and use the server as a store-and-forward agent. I believe that approach is gaining ground over a pure end-to-end approach that requires both ends being online at the same time. Some use a DHT, others dumb-servers. "Always on" is itself a problematic concept, both technically and privacy-wise. > to disable http and other surveillance technologies. > *** I fail to see how HTTP qualifies as a surveillance technology. HTTP is designed to make information sharing easier. I doubt sharing information can be considered a monopoly of surveillance freaks. >> >> There are several good reasons why the (vast) majority of users >> does not want to install software in addition to a web browser to >> be able to communicate with others. Alternatives or design >> requirements which do not take that into account will not lead to >> a different situation. > *** I agree with lynX on that one. There is a matter of perception here. People do not associate "browsing the web" with "downloading and installing software", because the software, unless it's cached on the client, usually is downloaded every time, which makes it inherently less secure than a proper software installation, and the reason why the LibreJS project exists in the first place: to warn the user and demonstrate that there's non-free software running there. One might argue that the browser works in a reduced scope in comparison to an actual software install, and thus cannot affect the system. I would argue that the security model here is not to attack the system, but to watch the user; the OS is not the target, the user is, and running non-free and stealth javascript inside a Web browser is sufficient to perform proper surveillance. The complexity of protecting the user from that surveillance is nicely illustrated by the Content-Security Policy: just try implementing it on your website, and see all your Web 2.0 applications break. You cannot use Google* or Amazon* or whatever third-party process without granting them access to a lot more than you actually intend to use--thus, you trust them. Then, if you're able to stick to the minimum, you can still work around CSP by choosing to proxy third-party contents "transparently" to your user, without their knowledge--thus, they trust you, the website operator, who is only an intermediate in the social interaction. == hk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJShkBPAAoJEEgGw2P8GJg9IBUP/iXe4wN6H+U5/dVM5PAforwv T5KJWuYq2mynoTnLML43HAktJiX0adEZjKhlSs/v9OlhTOTRumC81jYRaOWZUpPS YKyTfMJYHG/7rtMvVC9REWxZtEA1pQpSEsidOoM+BEzeqOhYB7bJkKDEr+1ZBpGm gIDwKMC8L0ZM8PpANZUrSEPG6Bpns/YJ4DDTRDVATENGaJE5hxQ/iHGKhkA4HexX ngg+LJPR1Q1Uqwij7C4q3jOVibEM18Ap1Vpunr6kmwSqtY/bvOpfN5pyyFQE8+Vz yo13u8hudzJm8FRu9VX2K7Q64gASA0MSYMwQfqMEXaIcs3VvMJFhD+1AC5TJcbb2 /iXIlwxepe0TxZe6iRfLDx/dEGI+WicJxxjWnWFAaXjBcaAyHguHWrDncHivhGWa tEChmZ1R7h2MWLHnyzYe5NO1KJE6GaKxPBJqE39/Hh4f5y8Q9lo+a/FA4ytxK54q 1rHRj7d0ym3WvYQ4u+a+Xg9KpnGkUe5E7dzFvjx5rdwy9Dq5/OS71dhZWcepvxR6 NIbORo4qXOjrkApuS6m5QDRvgAJBsSXCqaoRfffBQ34AQtwNfa1iYKBULLfQJdAc ts3jdJwsg0AQ84Clm+rIWank2tFJ3LNutKTghzqyhKFdkDHziPK+ert58KEpTEPL 0JWNkE3xdTTqpZ4H3j9X =D63S -----END PGP SIGNATURE-----
