Notices by Strypey (strypey@mastodon.nzoss.nz), page 115

@bikecurious intriguing. Are you familiar with the history of #LibreSignal? Basically Moxie threw his toys about #trademark infringement. He's also said he doesn't want any third-party clients connecting to the Signal servers. If that policy has changed, that would be great, because it would allow another client that can talk to Signal users to be added to F-Droid. Not holding my breath though ...
@gentoorebel @noorul

@z428 can you expand on that? If you have a blog post or a previous fediverse thread on the topic, feel free to link me to that rather than re-explaining.
@gentoorebel @noorul

@bhaugen this reminds me of the discussion that started here:
https://mastodon.nzoss.nz/@strypey/101069850665253849

... where I started out disagreeing with @matslats and then realized we were both arguing for the same thing ;-)
@Matt_Noyes

@matslats I'd love to, but I'm in China and I can't access GoogleDocs. Has this been published yet? I'm really keen to learn more about #Holochain.

@bhaugen
> But I'm not sure if and how "structurally resistant to capitalist domination" is possible.

Can you name a distributed net technology that's been used by a corporation for #DataFarming in the same way server/client architectures like the web have? Capitalist domination requires some degree of centralization, so you erect tollgates. Pure #P2P networks treat tollgates as damage and route around them.

@Wolf480pl exactly. Not only is there no discussion of #ThreatModelling, but also no reasons for *why* any of the advice is given, just a list of DOs and DON'Ts. I can't think of a worse way to educate people about computer security than "look for someone that seems like a geek and mindlessly follow whatever unsubstantiated security advice they give". The first thing I say when asked for security tips by other activists is "take everything I say with a grain of salt and do your own research".

@bob
> Some of it is bad. But that's for 2017

It hasn't been updated since then. It's still sitting there on the site as the latest security advice. The org had events as recently as May last year, but maybe it's fallen over since then?

@bob I definitely like the idea of ID credentials being stored on a physical key. This is much easier for Jo User than managing #PGP key pairs etc. I got given a YubiKey just before we relocated to China, so I haven't got around to learning how to use it yet. Is it not worth the time?
@nolan

@gentoorebel I managed to get my family (all hooked on FB Messenger) to talk to me on #Wire. Mainly by absolutely refusing to chat with them via accounts on FB or other #DataFarms. Wire has all the benefits of Signal (#FreeCode, #E2EE, user-friendly etc), but is developed but a team employed by a private company (Swiss), not controlled by one cypherpunk celebrity. Plus, server>server federation is in Wire's roadmap (Moxie has said Signal will *never* do this)
@noorul

@greenjon if you want a similar service to Signal that isn't US-based, is planning to implement server>server federation, and is more friendly to the software freedom movement, I suggest trying #Wire. #GNU #Jami (formerly #Ring) is also worth a try, but much less user-friendly (at least last time I tried it).

@greenjon #Tox comes with its own set of issues. There's been some serious questions asked about their encryption:
https://github.com/TokTok/c-toxcore/issues/426

But at least it's a decentralized network, not a centralized silo controlled by one person. I'm keen to give it a test drive but so far I haven't found anyone using it to test it with.

@bikecurious
> its still a royal PITA to update apps from F-Droid

When did you last use it? On my #Android device, #FDroid has automated updates, and has for some time. It's no hassle at all. Yes, the F-Droid team has to compile each update from source and push it, but that doesn't take 3 months.
@gentoorebel @noorul @fdroidorg

@bikecurious
> Builds also have to be done by F-Droid on their servers, removing control from the devs.

That's a good thing. It allows us to be sure that the binaries being distributed are actually derived from the source code being published. The fact that Moxie actively blocks attempts to make Signal builds reproducible is ... fishy.
@gentoorebel @noorul @fdroidorg

@Wolf480pl
I don't disagree with any of this, I'm just looking for a bigger picture answer. Why put all this energy into computers and the net at all? What larger goals are we trying to achieve by allowing people to communicate freely over the net?

@href @xj9 @feld @kaniini

@colomar see Drew's article. We have to trust that the software Signal runs on their production servers is the same as the source code they publish. There is no way to check. One possible explanation for Moxie's refusal to implement server>server federation, or allow modified clients to connect to the Signal servers, or even work with #FDroid to make their client builds reproducible, is that they are not. #HoneyPot

@colomar see Drew's article. We have to trust that Signal runs the same software they publish on their production servers. There is no way to check. One possible explanation for Moxie's refusal to implement server>server federation, or allow modified clients to connect to the Signal servers, or even work with #FDroid to make their client builds reproducible, is that they are not.

@Wolf480pl
> Freedom to try better designs of socnet/communication tool.

I agree this is an improvement, but again, to what end? Why do we want to be able to create better online communication tools? Is that really an end in itself?
@href @xj9 @feld @kaniini

@Wolf480pl
> that's assuming your goal is to get everyone to use free software.

That's a stated goal of the software freedom movement. It's a subset of the more ambitious goal to create a world free of proprietary software.

> IMO "protocol freedom" (is this a thing already?) is a more important problem lately.

I agree it's an issue, and thanks for the examples. I disagree that it's more important than software freedom. I'm not sure it's even as important.

@highfellow this is exactly the role I've been trying to play since the mid-90s. I'm more of "techie" now that I was then, thanks to years of reading and testing, but I'm still a "power user", not a developer or engineer. I'm really keen to learn more about formal #UX practice, so I can be more helpful.

(BTW please untag me if you repond to Shamar. I have them on mute and I could do without half a frustrating nonsensical conversation with them in my notifications. Thanks ;-)