UPDATE: they have dropped Persona!

liaizon@social.wake.st

@seabass thanks for the reply Sebastian. I am a huge fan of F-Droid and a daily user. I have great respect for F-Droid and wish it the utmost success. This situation seems like it might need a quick response by the community and I think Open Collective must really not be thinking very deeply about who they are representing if they are making moves like this. I would hope this issue can be brought up internally and maybe some peer pressure from orgs like yours might really help this situation.

liaizon@social.wake.st

@lanodan I can't imagine how all of this sort of sharing of personal data with "partners" would work in a legal sense but it sure seems like its common in Valley startups

sef@social.coop

@nullagent @liaizon @scan
> build services in a heartbeat

I believe that when I see it 😛

seabass@social.seabass.systems

@liaizon It's always nice to hear from users, and on behalf of the project, thanks for your kind words! I agree that this is an unfortunate decision - made independently by both Open Collective and Open Source Collective, it seems - that has the potential to harm lots of FOSS maintainers. I hope you can understand that it is, well, a delicate matter to raise complaints against the very organization that holds >80% of our funds, but I shall do my best to address this with sensitivity and expediency.

havchr@mastodon.gamedev.place

@liaizon @scan The First Person project is needed quickly. TLDR , proof of identification without breaching privacy. Linux Foundation is the first test case for it to avoid Jia-Tan-like attacks. Why OpenCollective needs the identity verification provider in the first place though, what are they using it for?

lanodan@queer.hacktivis.me

@liaizon Yeah, it seems like the vast majority of VC-backed or publicly traded companies from the silly con-valley has their business model based on privacy violations.

yakmacker@society.kalli.st

@liaizon @lanodan behind the scenes it always amounts to selling the data to the highest bidder. Often with very sloppy access controls.

Even companies that have totally unrelated business models will do this.

liaizon@social.wake.st

Because of Open Collective's belief in transparency, you can see directly how much @OpenSourceCollective is paying to use Persona and when those payments started:

https://opencollective.com/opensource/transactions?searchTerm=persona&kind=ALL

li@tech.lgbt

@liaizon @scan just dont do mass survailence and identity scanning .. ever, also dont call it "kyc" call it what it is tbh

li@tech.lgbt

@havchr @liaizon @scan or hear me out, dont have "proof of identifcation" at all?

liaizon@social.wake.st

So yeah, this really seems like they are integrating Persona directly into Open Collective. So even if the fiscal host changes directions here, this seems totally not ok.
https://github.com/opencollective/opencollective-frontend/pull/11988

havchr@mastodon.gamedev.place

@Li @liaizon @scan I think we are going to need it. Open source will be attacked by bad faith actors which can set up a bot army of "contributors" - the openness we want needs some kind of trust mechanisms. I am not saying this specific case warrants an identification system - just that there are sharks in the water ahead. Say someone wants to infiltrate the forums of KDE, and make a lot of noise and disturb development, they can already. In the future they can x1000 it in volume and distruption

liaizon@social.wake.st

Soooooo @Mastodon is using @OpenSourceCollective as their fiscal host...

https://opencollective.com/mastodon

li@tech.lgbt

@havchr @liaizon @scan

look okay we just "need" mass privacy violations, we just *need* to destroy all anominity on these projects, its super important! we just need to discriminate against people who are not 'blessed' by teh state with the privledge of being able to exist.

yeah; how about no;

i do not care how 'palletable' you try to make this dystopian bullshit

please fuck off

abekonge@venner.network

@liaizon Ok let's talk strategies for push back - we gotta stop this! @jowek @ukrudt @tak @ruben @magnus

Making an angry github issue?

Making a petition signed by a lot of collectives?

?? what else?

havchr@mastodon.gamedev.place

@Li @liaizon @scan Look, I am not rooting for any of these things, I am rooting for solutions that can proove personhood _without_ breaching privacy.
There is a whitepaper about it on the firstperson project web page. The Linux Foundation is one of the initiaters of this work. And in the case of OpenCollective and shipping ID off to Palantir-bros - hell yeah, they can fuck off.

aslakr@mastodon.social

@liaizon A botly hooray

li@tech.lgbt

@havchr @liaizon @scan "proving personhood" again please fuck off with this shit.

"proving personhood" means that someone can just decide your not a 'person', or that you are a "person" its discriminatory, and creates extreme power dynamics (which is what IDs are for, the other part is survailence)

ive been told for ages im not really a person you know, i don't actually have a magic id card that says i 'count' actually;

a person is anything that says it is, fuck you. stop trying to enforce dehumanization actually

i don't need to fucking 'prove' to fucking anyone ever; and i hope your system gets hacked to fuck; (i mean, you cant do 'privacy preserving, identify verification'' its self-contradictory)

and fuck the linux foundation for enabling this shit too actually

clayote@peoplemaking.games

@havchr @Li @scan How would proving personhood have helped against Jia Tan? That was a real person. Their loyalties weren't where they said they were.

liaizon@social.wake.st

@clayote @havchr @Li can yall stop tagging me in this tangential thread?