Have you seen this news?
-
😂
that's what *you* are doing
so you put the "dictating what we all want" out there. but how dare anyone push back?
it's absolutely fine to get your opinion out there
but you can't fallback to the comment you just made, expecting as if you won't receive any other opinion in response to yours. that's not the way it works
i'm not in charge here. and *you* aren't in charge here. get your opinion out, receive some pushback: welcome to life
-
“Inviolate” is a pretty strong word..
I’d say that this will make it prohibitively expensive for most “people in the middle” of your conversations (like server mods, IT workers, web scrapers, or general looky-loos) to intercept your encrypted messages. MUCH better than what we have now.
There’s always other ways that a well funded or morally unhindered group can break into your stuff.
Relevant comic: https://xkcd.com/538/
@benpate Thanks for opining. I like my word choice, and I like you for answering my question.
-
@benpate Thanks for opining. I like my word choice, and I like you for answering my question.
@Lizette603_23 notes like this are why I wish Mastodon would let me like things with little hearts and smiles instead of just stars.
I’ll have to put it here instead
❤️
-
@Lizette603_23 notes like this are why I wish Mastodon would let me like things with little hearts and smiles instead of just stars.
I’ll have to put it here instead
❤️
@benpate Hi and you're welcome and thank you again. Let's beat the system and flamenco appreciation 💃
-
@reflex @benpate @earth_walker
I'm not trying to be snide here, I mean this very literally.
I don't know what I don't know about operating an E2EE, patio, porn, or recycling business. All I know is they are all regulated, require licensing, insurance, have wildly different requirements in different jurisdictions.
I've done the work for operating social media services.
I have no intention of doing the work for any of the other services listed.
(Export controls come to mind though.)
@jaz @benpate @earth_walker I understand you do not know, but my point is if you are operating a mastodon instance, and you are connecting users via https, you are already operating a E2EE service. That is what https is (via TLS, used to be SSL). You do not need to know more to have your messaging be E2EE within the instance unless they have done something very wrong with the masto instance.
It's an international standard, the concerns you have can be raised, but likely are not valid.
-
@jaz @benpate @earth_walker I understand you do not know, but my point is if you are operating a mastodon instance, and you are connecting users via https, you are already operating a E2EE service. That is what https is (via TLS, used to be SSL). You do not need to know more to have your messaging be E2EE within the instance unless they have done something very wrong with the masto instance.
It's an international standard, the concerns you have can be raised, but likely are not valid.
@jaz @benpate @earth_walker HTTPS is E2EE between the server (instance) and client (app/browser/etc). It ensures data in transit cannot be intercepted easily. E2EE messaging is the same thing but user to user, essentially keeping the data invisible to the server (instance). Same principle. It's commonly used and typically invisible to the admin.
It does not block screenshots, reporting mechanisms will still be valid.
Again, assuming this implementation does not do something weird.
-
@jaz @benpate @earth_walker HTTPS is E2EE between the server (instance) and client (app/browser/etc). It ensures data in transit cannot be intercepted easily. E2EE messaging is the same thing but user to user, essentially keeping the data invisible to the server (instance). Same principle. It's commonly used and typically invisible to the admin.
It does not block screenshots, reporting mechanisms will still be valid.
Again, assuming this implementation does not do something weird.
@reflex @benpate @earth_walker I believe you may be underestimating my understanding of and experience with internetworking including the network and transport layers, but I'll just say that encryption in transit is not end to end , and the simple fact that I can moderate user-to-user (end to end) content on my service expressly informs that fact.
Let me put it another way, I have no intention of operating an unmoderatable community service.
-
@jaz @benpate @earth_walker I understand you do not know, but my point is if you are operating a mastodon instance, and you are connecting users via https, you are already operating a E2EE service. That is what https is (via TLS, used to be SSL). You do not need to know more to have your messaging be E2EE within the instance unless they have done something very wrong with the masto instance.
It's an international standard, the concerns you have can be raised, but likely are not valid.
Sorry. We are talking about a different end. E2EE means encrypting messages from my device all the way through to your device, and not being decrypted by the server in the middle. HTTPs://does not do this, so this message I’m sending to you is readable by the admins of several intermediate servers.
It’s a very different model for communication.
-
@reflex @benpate @earth_walker I believe you may be underestimating my understanding of and experience with internetworking including the network and transport layers, but I'll just say that encryption in transit is not end to end , and the simple fact that I can moderate user-to-user (end to end) content on my service expressly informs that fact.
Let me put it another way, I have no intention of operating an unmoderatable community service.
@jaz @benpate @earth_walker To be clear, your line is one that leaves users vulnerable to malicious admins. I am unclear how it hinders moderation since again, screenshots are a thing.
Also referring people to a separate centralized service that cannot be simply moved out of a hostile jurisdiction and is easily blocked is not ideal.
-
Sorry. We are talking about a different end. E2EE means encrypting messages from my device all the way through to your device, and not being decrypted by the server in the middle. HTTPs://does not do this, so this message I’m sending to you is readable by the admins of several intermediate servers.
It’s a very different model for communication.
@benpate @jaz @earth_walker I did make this distinction, pointing out that it's server to client. My point, however, is that it raises the same concerns Jaz raised previously, namely things like insurance, licensing, export controls, etc etc. If that is a real concern, we are already operating under it.
-
@jaz @benpate @earth_walker To be clear, your line is one that leaves users vulnerable to malicious admins. I am unclear how it hinders moderation since again, screenshots are a thing.
Also referring people to a separate centralized service that cannot be simply moved out of a hostile jurisdiction and is easily blocked is not ideal.
@reflex @benpate @earth_walker malicious admins already exist, and I didn't refer anyone to anything. I have spoken my concern, it stands, I appreciate you may not share it, but I am at a loss as to why you want to disabuse me of it. Let's agree to disagree and move on.
-
@reflex @benpate @earth_walker malicious admins already exist, and I didn't refer anyone to anything. I have spoken my concern, it stands, I appreciate you may not share it, but I am at a loss as to why you want to disabuse me of it. Let's agree to disagree and move on.
@jaz @benpate @earth_walker Nobody is disabusing you, but your concerns are mostly FUD, like I said we already do those things in other aspects.
Nothing else to say I guess.
-
@jaz @benpate @earth_walker Nobody is disabusing you, but your concerns are mostly FUD, like I said we already do those things in other aspects.
Nothing else to say I guess.
@reflex @benpate @earth_walker
Moderation is hard.
Moderation tooling for E2EE is hard.
Plenty of other other people can, should, and will take this on. I will not be one of them.
-
@reflex @benpate @earth_walker
Moderation is hard.
Moderation tooling for E2EE is hard.
Plenty of other other people can, should, and will take this on. I will not be one of them.
@jaz @benpate @earth_walker Wow, the guy in charge of #IFTAS thinks it's cool to slander someone like this? Crazy world. For anyone reading this, I never posted this nor would I ever.
-
@jaz @benpate @earth_walker Wow, the guy in charge of #IFTAS thinks it's cool to slander someone like this? Crazy world. For anyone reading this, I never posted this nor would I ever.
@reflex @benpate @earth_walker exactly my point
-
@reflex @benpate @earth_walker exactly my point
@jaz @benpate @earth_walker You have some real issues, Jaz. This was inappropriate. I never attacked you or put words in your mouth to make any point.
At the end of the day trust and safety includes safety from instance admins.
All you've done here is demonstrate a failure in leadership.
-
@jaz @benpate @earth_walker You have some real issues, Jaz. This was inappropriate. I never attacked you or put words in your mouth to make any point.
At the end of the day trust and safety includes safety from instance admins.
All you've done here is demonstrate a failure in leadership.
@reflex @benpate @earth_walker As previously stated, you are 100% entitled to your opinions on my concerns and on me.
-
@reflex @benpate @earth_walker I believe you may be underestimating my understanding of and experience with internetworking including the network and transport layers, but I'll just say that encryption in transit is not end to end , and the simple fact that I can moderate user-to-user (end to end) content on my service expressly informs that fact.
Let me put it another way, I have no intention of operating an unmoderatable community service.
As someone who’s completely in favor of E2EE and is literally building it into ActivityPub right now..
This is a perfectly reasonable point. E2EE is not for everybody or every server.
Honestly, I’m not sure if I’ll allow it in the servers that I run (bandwagon.fm, etc)
Maybe just for myself? Maybe paid accounts only? Probably not for free signups though.
There are valid reasons to enable this, and not to enable this. It must be opt-in for everyone involved.
-
As someone who’s completely in favor of E2EE and is literally building it into ActivityPub right now..
This is a perfectly reasonable point. E2EE is not for everybody or every server.
Honestly, I’m not sure if I’ll allow it in the servers that I run (bandwagon.fm, etc)
Maybe just for myself? Maybe paid accounts only? Probably not for free signups though.
There are valid reasons to enable this, and not to enable this. It must be opt-in for everyone involved.
@benpate @earth_walker I'm removing Jaz due to abuse.
However the problem here is that regular people just assume comms are private. We even call them "Private mentions" by default on masto. Obviously people should not assume that, but they do. Education is not a real solution, especially when the name is so misleading.
IMO the UI and UX should match, and both should be geared towards default user assumptions. Only Security pros assume otherwise on these things.
"Individual mentions"
-
@benpate @earth_walker I'm removing Jaz due to abuse.
However the problem here is that regular people just assume comms are private. We even call them "Private mentions" by default on masto. Obviously people should not assume that, but they do. Education is not a real solution, especially when the name is so misleading.
IMO the UI and UX should match, and both should be geared towards default user assumptions. Only Security pros assume otherwise on these things.
"Individual mentions"
Yup. Explaining the ins and outs of tech to regular people is hard. I *think* there's a warning on the Mastodon web app, but that doesn't carry through to the app I use on my phone.
re: UI and UX should match. 100% agree.
But E2EE isn't for everyone, or every server. And it's important to make the tradeoffs as clear as possible to regular people using regular language.
When I get there, I'll post screenshots of my balancing act. I'd love to hear what you think :)
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi