3. Dec 2016 15:06 by b...@broadley.org: > On 12/02/2016 03:46 PM, T. Mark wrote: >> Thanks for your erudite observations, Bill.. I agree with almost all of >> them. >> That is indeed a bit troubling that Keybase unnecessarily grabs your >> private >> key.. I should've paid better attention & noticed that myself. Looks like >> I'll >> continue to not really use it (never connected any mobile devices like most >> people do btw.. that thought creeped me out straight away.) It's an >> interesting >> idea though, & lots of cool nerds there, > > Indeed, especially the FUSE based filesystem. > >> I'll definitely take your enthusiasm for Signal into consideration along >> with >> all the various opinions. > > It's a hard line. Would federation be cool? Definitely. Do federated > standards slow down innovation, definitely. See SMTP, XMPP, or HTTP, all of > which have been very slow to change. None of which bake in e2e, and all of > which have a huge variety of clients that will break if you tried to force > e2e. > Not to mention large communities that will split into change nothing and > change > everything communities and battle over changes, and ask for committees that > will > decide anything at a glacial pace. Even after the standards committe decides > then software developers will implement suggested changes willy nilly... > leaving > a bunch of half functional clients that you can't trust to do encryption > right. > > Thus the difference between signal and any of the old school federated > protocols. > > I continue to procrastinate in finding these posts by "Moxie" et al.. just haven't much spare time. Hopefully that can change. > See why Moxie isn't excited about Joe Randoms distributing hacked signal > clients > and pointing at whisper systems servers? > >> Where I think you're a bit mistaken is wrt Google Hangouts-- I recall >> reading > > I didn't the mention the word hangout. I mentioned GCM (google cloud > messaging). It was a major complaint of the blog post, but seems to miss that > it leaks no message, no meta data, can't tell who you are walking to etc. > >> a post by a developer on a Goog forum decrying the fact that Google Voice >> traffic goes over unencrypted (even though the gmail connection spawning it >> is >> https) .. and sure enough, when I run Firefox from the command line & fire >> up >> the Voice Plug-in, it's blurting out stuff all over the place, including my >> gmail address as far as I can tell. Haven't had the desire to do video (and >> actually find the push to use Hangouts instead of the old Voice to be quite >> annoying) so I have no observations about that. > > Sorry for presuming Hangouts. I don't have service hooked up to my Androids-- no desire to enrich rip-off Wireless Companies nor be triangulated by dirtboxes nor really a pressing need to be online or in-contact all the time. I suppose I could run Android on my laptop & goof around with apps when online, but haven't got 'round to it. > I didn't mention hangouts. I mentioned GCM which is not hangouts. > >> But I've never trusted that >> megacorporation much, for a variety of reasons, and I must admit I find >> questionable your further assertion that "Google does NOT know who you are >> talking to, or what you are saying .." I mean, if the rest of Hangouts is > > I was speaking specifically about signal's use of GCM, not some broad ranging > comment about google. I trust google to be relatively transparent. They > admit > to tracking your habits, showing you ads, reading your gmail, etc. etc. It's > what you "pay" for free services. If you don't like it, don't use their > services. > > Android is pretty secure, and pretty good about being transparent. But if you > let it, it will track your position, your email, your commuting routes, your > receipts, your contacts, your routes, etc. However you can totally use > android, > say no, use IMAP, XMPP, some google cal equivalent, and even install your own > app store if you want. > >> anything like Voice, they absolutely try to know. Voice automatically tries >> to >> convert all your speech-recognize all your voicemails, presenting a >> usually-iffy >> text of them (and there's no way to turn that off that I could find.) This >> is >> consistent with their "free" business model-- free doesnt mean Free As In >> Freedom, to quote stallman.org.. our eyeballs (& vocal chords & probably >> camera-gleaned biometrics) are absolutely The Product-- Goog is an advert >> monster, after all. If I had the patience to read legalese, I'm sure I could >> provide passages from their ToS that'd leave no question about this. > > I don't deny that google collects tons of info if you let it. If you don't > like > it use something else. > >> While I'm ragging on them, it might be worth noting that I heard some >> definite >> discontent on one or more of the Linux podcasts I consume about Android >> tending >> more & more toward pushing a proprietary silo sort of environment on >> hardwaremakers & consumers. They basically bemoan the increasing >> disappearance >> of AOSP options ( >> https://en.wikipedia.org/wiki/Android_(operating_system)#Open-source_community>> >> ).. > > Yeah, the #1 problem is google play services (GPS), which many apps depend on, > but isn't open source. However the API to GPS is documented, but it would be > challenging to keep up with google. > > For sure-- I balk whenever someone directs me to The Play Store to get an app.. never felt comfortable Registering My Device with them which is required to gain access. F-Droid is nice, but not adopted widely enough as yet. I eventually found org.aclu.mobile.justice.ca* on one of the 3rd party sites that hosts .apk's, though, so now I guess I can livestream questionable incidents if I happen to be in a free hotspot. (Maybe someone going to the EFF event can ask if they can ask ACLU to get hip to F-Droid? But I wont get my hopes up-- just saw where ACLU did a live q&a on F*book Video.. (don't get me started!)) Thanks again for your technical analyses though-- definitely helpful. -- https://medium.com/@linuxusergroup
_______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
