I just want to express how much I appreciate Meredith Whittaker. She helped organize the Google walkouts, She's been working on AI safety since at least 2016, She advised Lina Khan at the FTC, and new she's out here advocating for preserving E2EE. A lot of people online give her flak for her opinions, but she's been consistently very loud and occasionally influential.
She's done some cool uncontroversial tech work too (like helping start M-Lab), but her advocacy is what is most interesting to me. I don't agree with all of her positions, but I like that there are still people in the tech world who are willing to take strong and sometimes radical stances on moral issues against the current of capitalism. I feel like she's the closest thing we have to an rms-type figure today.
I'm wondering if this proposal is enforced, and you opt out, how would it be known whether you're sending someone a URL? How would a URL even be distinguished from other text when you have opted out?
I suppose you could detect some patterns, and it definitely wouldn't be clickable. But is the text google.com considered a URL for example? I guess it isn't?
(yeah I know, it's a stupid law anyway, but just wondering)
If you 'opt out', service providers can prevent you from sending anything under these new rules. You might not even be able to reach out to support to complain without consenting to your messages being scanned.
I would argue that comment implies that something might be alllowed, but not everything. There is potential to restrict any kind of data.
To identify that you are sending something restricted, they need to scan.
> Sure there is: You can opt out from being on the Internet.
Not going to argue with that. But yeah, you can't crash the car if you don't drive it. If you never live, you can't die.
After losing my phone and not having a way to recover a lot of data, I've come to the realization that I don't want end to end encryption. I just want a responsible entity to store all my data in a secure way, and they'd only make money from what I'd pay them. If I lose everything, I still want access to my data, even if a proof of identity costs me.
Of course incentive systems make that very hard in today's corporate world, but I can still wish for my ideal world.
This is not just idealistic - it's bordering on naive. Tech companies have proven, repeatedly, over decades, that they are not responsible with our data.
And even if they are at one point in time, there's no guarantee that this behavior will continue. The rush to scan everything into AI is a prime example.
And are users more responsible with their data? I'm not saying to trust companies, I'm merely saying that it's a harder challenge to put the burden on users doing everything correctly than on the products being built with more ethics in mind.
Yes, and the solution in my view is to put an end to the sale of data from millions of users.
In the anarcho-capitalist mindset the only solutions are technological, but we also have governments (even if they have gotten useless regarding tech issues). But we could enforce something like having any company that has more than 1 million users to have one executive on board that's a government employee tasked with overseeing its operation. I wouldn't want something like this, it's just an example, but I'd at least expect some better discourse than putting the burden on the consumer, and basically abandoning 90% of the population that can't handle managing their own tech stack.
When doctors are found prescribing medication with severe side-effects, we don't say "just learn to medicate yourself". We still learn how to medicate ourselves, but we also ask for less corruption in the system.
No, the key is also on a piece of paper somewhere safe. On a piece of metal if you care so much, see crypto wallet keys.
This helps against everything except a valid search warrant from your government. If you don't do outright illegal stuff, and don't live under an authoritarian regime, it should be fine. (If you do both, you have bigger problems.)
A server backup is useless if you can’t decrypt it and it’s very easy to accidentally lose the keys for end-to-end decryption. I too have lost my Signal history by migrating to a new phone incorrectly.
The two are not related. Signal has no proper backup and restore, otherwise you could have restored.mulziple times over. It's one of the things that piss me off about signal. Just give me a fucking Backup that I can restore on android and iPhone and desktop alike!
They are related: even if Signal had a backup, you’d have to have some way to recover the key when you lose your device. For example, Matrix does offer backups but you need a key to decrypt the backup if you lose access to all your verified devices.
Without some easy to use out-of-band key backup solution, an E2EE server backup is no backup at all.
But it’s not related to this story. Nobody prevents you from using services that do not operate like signal (and esp with desktop it is now very easy to backup your messages)
Just use those. This is just about whether sth like signal should be allowed to exist.
I too wish that encryption wasn't necessary, and people could just be nice to each other (or, in grown-up speak, incentives between literally every person and group were always perfectly aligned).
Until somebody figures out a non-dystopian way to achieve that, I'll stick with end-to-end encryption, though.
If you want to opt out of that, I can't stop you – I bet you'll be able to find an entity that will take both your money and your encryption keys. I just don't want that to become the default, or even only, way of doing things.
But Signal doesn't want that, and most people are too cowardly to trust anyone other than the people who absolutely must make a profit running such a system.
Federation doesn't help at all if your host is untrustworthy. This is a question of having strong data privacy rules baked into law and also a good compliance regime. In fact, federation can make things a lot worse since federation makes it a lot harder to reason about who is transmitting and storing your data.
But need I go into the little rant about how signal controlling the clients and the network means you have to take it on trust?
However the point of federation is that you can find someone you trust. - and you get to control data residency, all those weird hard to comply with laws become super easy if your uncle hosts a family chat server that federates with others; or your ISP, or your favourite local library.
Hosting a family chat server is a fair amount of work, I wouldn't call it super-easy. I would prefer that the hosting for my server has at least half a dozen people for whom it's their full-time job. I don't think one person can really keep such a thing secure and reliable to the standards that I would prefer.
and, c’mon, people do harder things in the interest of family.
Maintaining a home is a shitload of work, but we dont live in a prison so that we can avoid the effort of cleaning and cooking.
The skills to run a federated matrix instance, for example, can be had in less time than it takes to learn how to BBQ without starting a fire or poisoning someone. Yet we choose to do that, we even consider transferal of those skills to be a bonding experience.
There are a lot of different layers here. Sure, it's not hard at all to set up a federated matrix instance. Doing it so it's as secure as keeping something in a locked house though, that's actually a pretty tricky skill. I'll grant that it's not necessarily harder than safe cooking, but it's a lot easier to find someone who can teach you safe cooking.
Now, another layer is that while I have a healthy distrust of corporations like Apple or Facebook, I actually think that it's virtually impossible to match the level of security they provide. And it's not a prison, it's a nice, clean cafeteria, with pretty good food which is practically free. The food could be better but I would much rather spend my time making home cooked meals than securing a server.
In truth: I’d rather someone else cook my meals, seriously.
I’m a terrible cook, however what is happening is that everyone has decided they they’re a terrible cook and the planet has become completely dependent on fast-food restaurant chains.
“But its where my friends are, they would never join me in a steak restaurant, it’s unfamiliar and theres no parking”.
We forgot how to make home-cooked meals, its learned helplessness, for decades.
It’s going to be painful if we start now. It’s going to be even more painful if we start a decade from now.
Well, you see even there I think you'd think differently if people lived in the same general area as you and you could conceivably walk passed their door.
And the delivery service in question was, slow, arbitrarily changing their rules and governed in a foreign country that had a bad reputation for dragnet surveillance.
This is not about trust. Its about ease of use and not wanting to learn to do anything complicated. Like using encryption or something more complicated than a Facebook feed.
Try taking to normal people. They will find their pitchforks if you mention encryption and privacy.
She's done some cool uncontroversial tech work too (like helping start M-Lab), but her advocacy is what is most interesting to me. I don't agree with all of her positions, but I like that there are still people in the tech world who are willing to take strong and sometimes radical stances on moral issues against the current of capitalism. I feel like she's the closest thing we have to an rms-type figure today.
I suppose you could detect some patterns, and it definitely wouldn't be clickable. But is the text google.com considered a URL for example? I guess it isn't?
(yeah I know, it's a stupid law anyway, but just wondering)
g3tfr33g0ld DOT сом
In both cases, they identify and scan something.
Not sure, if there is out at all.
No, as I understood the GP comment, if you opt out there won't be anything for them to identify and scan, because you can't send anything.
> Not sure, if there is out at all.
Sure there is: You can opt out from being on the Internet.
I would argue that comment implies that something might be alllowed, but not everything. There is potential to restrict any kind of data. To identify that you are sending something restricted, they need to scan.
> Sure there is: You can opt out from being on the Internet.
Not going to argue with that. But yeah, you can't crash the car if you don't drive it. If you never live, you can't die.
I read it as at least "they permanently remove your ability to send" (or possibly even "they shut down your account").
Of course incentive systems make that very hard in today's corporate world, but I can still wish for my ideal world.
In the anarcho-capitalist mindset the only solutions are technological, but we also have governments (even if they have gotten useless regarding tech issues). But we could enforce something like having any company that has more than 1 million users to have one executive on board that's a government employee tasked with overseeing its operation. I wouldn't want something like this, it's just an example, but I'd at least expect some better discourse than putting the burden on the consumer, and basically abandoning 90% of the population that can't handle managing their own tech stack.
When doctors are found prescribing medication with severe side-effects, we don't say "just learn to medicate yourself". We still learn how to medicate ourselves, but we also ask for less corruption in the system.
This helps against everything except a valid search warrant from your government. If you don't do outright illegal stuff, and don't live under an authoritarian regime, it should be fine. (If you do both, you have bigger problems.)
Without some easy to use out-of-band key backup solution, an E2EE server backup is no backup at all.
> After losing my phone and not having a way to recover a lot of data, I've come to the realization that I don't want end to end encryption.
Effective backups and key management are 100% related to this thread
If you have an Android device you can literally backup your Signal message history and move it wherever you want.
I think Windows has an unofficial option. But yea you're out of luck on macOS and iOS it seems.
Until somebody figures out a non-dystopian way to achieve that, I'll stick with end-to-end encryption, though.
If you want to opt out of that, I can't stop you – I bet you'll be able to find an entity that will take both your money and your encryption keys. I just don't want that to become the default, or even only, way of doing things.
But Signal doesn't want that, and most people are too cowardly to trust anyone other than the people who absolutely must make a profit running such a system.
But need I go into the little rant about how signal controlling the clients and the network means you have to take it on trust?
However the point of federation is that you can find someone you trust. - and you get to control data residency, all those weird hard to comply with laws become super easy if your uncle hosts a family chat server that federates with others; or your ISP, or your favourite local library.
and, c’mon, people do harder things in the interest of family.
Maintaining a home is a shitload of work, but we dont live in a prison so that we can avoid the effort of cleaning and cooking.
The skills to run a federated matrix instance, for example, can be had in less time than it takes to learn how to BBQ without starting a fire or poisoning someone. Yet we choose to do that, we even consider transferal of those skills to be a bonding experience.
Now, another layer is that while I have a healthy distrust of corporations like Apple or Facebook, I actually think that it's virtually impossible to match the level of security they provide. And it's not a prison, it's a nice, clean cafeteria, with pretty good food which is practically free. The food could be better but I would much rather spend my time making home cooked meals than securing a server.
In truth: I’d rather someone else cook my meals, seriously.
I’m a terrible cook, however what is happening is that everyone has decided they they’re a terrible cook and the planet has become completely dependent on fast-food restaurant chains.
“But its where my friends are, they would never join me in a steak restaurant, it’s unfamiliar and theres no parking”.
We forgot how to make home-cooked meals, its learned helplessness, for decades.
It’s going to be painful if we start now. It’s going to be even more painful if we start a decade from now.
And the delivery service in question was, slow, arbitrarily changing their rules and governed in a foreign country that had a bad reputation for dragnet surveillance.
Try taking to normal people. They will find their pitchforks if you mention encryption and privacy.