I made this post about four years ago initially I guess. But the lesson then stands today.
What I'm not advocating for is that we should accept all content as being public, but rather that giving the illusion that certain things are protected and private when they are not or *cannot be* actually puts users in a state of unsafety.
Architect for more secure systems, be clear about what you can't prevent. Some things are unpreventable, but the scope of them as risks can be reduced.
Admittedly, that's not a snappy marketing phrase, and there is something to be said about popularity gained from being better at marketing than I am. For instance, the phrase "own your data", which Mastodon claims but which is mathematically impossible (for the same reason DRM purveyors rely on *legal* tools more than *technical* ones), may have lead to a lot of its success because it *sounds* like what people want, at the cost of convincing people they had kinds of control they didn't.
@cwebber I think you're interpreting that phrase as promising stronger guarantees than the average person would. I "own" a guitar but that doesn't mean that it's mathematically impossible for someone to break into my house and take it.
@danielcassidy "Ownership" implies exclusive access and generally implies a rivalrous good. By contrast, information is non-rivalrous, and can be copied trivially. Attempting to control copying either reduces to a confinement or scoping problem (the correct approach), a legal approach (bottoming out in state authority), social trust/constraint, or a lie. It's the same reason why people are confused about "owning" the information associated with NFTs.
@danielcassidy Social trust/constraint is also the right approach, and our systems can help users do the right thing when they want to: "Voluntary Oblivious Compliance".
But we shouldn't trick people into thinking our systems give them powers they don't have, and we should make it clear when social trust *is* involved. That helps users construct situations where they *do* scope/constrain the information they share.
"Own your data" doesn't give that impression.
@danielcassidy The phrase "Own Your Data" didn't start with Mastodon btw; Diaspora marketed their stuff that way too. It was wrong then as well.
@cwebber @danielcassidy We saw the same thing with VPNs where folks were promised absolute secrecy without having the whole picture. Unless folks understand what the security trade-offs are they may make themselves more vulnerable. It's akin to having an e2e speakerphone that you yell state secrets to in Central Park: at some point the technology is incapable of protecting you.
@cwebber @craigmaloney @danielcassidy There are lots of reasons to dislike Signal, but they did have legitimate criticisms of F-Droid’s security. Signal fills a niche that trades a lot of freedom for security. Unfortunately there isn’t an alternative software distribution platform for Android, so the best way left is the Aurora Store.
I hate the fact that the most secure options tend to come with so much baggage. The most secure messengers are closed platforms because features like the full Signal Protocol plus Sealed Sender are inherently centralized; the most secure browser by a wide margin is developed by an adtech company with a conflict of interest, and the “Ungoogled” variant disables security features like component updates; the best FOSS desktop operating systems (Linux, *BSD) are also incredibly lacking in sandboxing (it’s opt-in) and modern exploit mitigations; etc.
Security is hard, and that has consequences:
The only orgs that can supply adequate financing for some areas are big corporations.
People equipped to deal with it (security researchers, cryptographers) are understandably focused primarily on security and thus often overlook other issues adjacent to software freedom. And vice-versa. Sometimes this is a more-or-less equal tradeoff; other times less so.
my working definition of the fediverse is the 0.01% of the universe where people can criticise signal, protonmail, mastodon, non-GPL licenses etc etc and it is not considered an absurdly indulgent act
the other 99.99% of the universe is, alas, completely oblivious to any of these "faulty" projects
the criticisms are not without merit, just that... for anybody not deeply invested in the ramifications / alternatives it feels so out of touch with reality
there are arguments that could justify the degree of negativity around these projects: if their "anti-features" prevent adoption, or if their putative "success" would tunnel the digital world into an irreversible state that is worse than the current twilight zone
but those don't seem at all plausible concerns
the rise and fall of the only ever mainstream project (mozilla) indicates the "open source" universe succeeds of fails as a whole
@cwebber I don't really agree, I think ownership is a social and legal construct and that people understand it as such. I think "own your data" is a perfectly clear and accurate statement of opposition to the Twitter/Facebook model where users sign a legal document assigning effective ownership of their data to the platform.
@cwebber I think the average person will interpret it that way and not have some mistaken idea of a perfect mathematical guarantee, because the average person has never encountered the concept of perfect mathematical guarantees in their daily life.
@cwebber you're right though that the key difference is that data can be copied and that there's often no tangible evidence when that happens. I can easily believe an average person would have trouble with that part.
@cwebber With respect to federated search I think it is important to address it and provide a secure, consistent and transparent means to do so, and in a broader context than microblogging as well.
In the current state of things the fediverse cedes control over search to the bot crawlers from google to yandex and even though you can post unlisted or private here eventually something WILL leak either inadvertently or malicously. Fedi is like early internet days where security was a sign saying "keep off the grass" instead of a fence with a locked gate but people have been led to think it is the latter.
@cwebber ...and by broader context i mean other applications of federation like source code management or a "federated dmoz" internet directory. I think a lot of decision making around ActivityPub has unfortunately focused far to narrowly on the Mastodon use case to the detriment of other potential uses, as well as proper means of security.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!