How checklists lie with facts, and are bad for figuring out privacy of apps etc.
-
cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
-
cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
I'm surprised this article doesn't mention privacytests.org by name, but it reaches a conclusion that may as well:
If you see a dumb checklist trying to convince you to use a specific app or product, assume some marketing asshole is trying to manipulate you. Don’t trust it.
Thankfully there's a good recommendation in the very next paragraph for all things (messaging apps, browsers, etc):
If you’re confronted with a checklist in the wild and want an alternative to share instead, Privacy Guides doesn’t attempt to create comparison tables for all of their recommendations within a given category of tool.
Also: shots fired at XMPP throughout, as the poor protocol limps along trying desperately to catch up to the encryption baseline that was set over a decade ago by the first versions of Signal.
Ultimately, both protocols are good. They’re certainly way better choices than OpenPGP, OMEMO, Olm, MTProto, etc.
Why OMEMO is "bad" is indirectly answered earlier:
The most important questions that actually matter to security:
- Is end-to-end encryption turned on by default?
- Can you (accidentally, maliciously) turn it off?
If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.
Similar discussions have skewered the federated Delta Chat for having an even worse version of this issue.
-
cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
My lithsmus test for a good checklist is how they rate the Brave browser, Telegram, and popular VPNs. All three have marketed themselves as privacy friendly and secure, but all three are absolutely terrible if you do your homework on them. I've seen Brave or Telegram in the top tier on so many lists it isn't even funny
-
cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
-
Thieves*
Good catch, feel free to tell Soatok as all posts are repliable on fedi.
-
Good catch, feel free to tell Soatok as all posts are repliable on fedi.
Not my circus, not my monkey.
-
Not my circus, not my monkey.
So you just wanted to be a pedant for the sake of it?
-
My lithsmus test for a good checklist is how they rate the Brave browser, Telegram, and popular VPNs. All three have marketed themselves as privacy friendly and secure, but all three are absolutely terrible if you do your homework on them. I've seen Brave or Telegram in the top tier on so many lists it isn't even funny
Yeah, more tech and privacy enthusiasts should really look into things before declaring them secure or private. Even those that market themselves as such. Like, a lot of them hark on about SimpleX without really understanding that it's not a good choice.
-
Yeah, more tech and privacy enthusiasts should really look into things before declaring them secure or private. Even those that market themselves as such. Like, a lot of them hark on about SimpleX without really understanding that it's not a good choice.
For reference what's bad about SimpleX?
-
For reference what's bad about SimpleX?
wrote last edited by [email protected]Well, it's not exactly about privacy. But it does need a lot more time to develop before it is ready for 'mainstream' use, right now it's very niche, they haven't figured out how to get the same profile on multiple devices, there's no proper ipad support and because it's niche only tech people use it and thus I'm not interested in it until the average user can and will use it easily as I like all my friends etc to be on things I use.
Plus it doesn't have as many audits, as say, signal, so that's a big hmmm in my book. Yes, it's not been around as long, so that might not be fair, but it has a lot of things to fix before it's worth using.
Also, it really needs more 'fun' features, like signal has before most average people will use it. I think it also needs to figure out things like calling, especially group, but I cannot remember if that's still accurate or not.
Oh, also, I remember there was a big concern about funding because they went commercial instead of doing the right thing and starting a foundation or some such.
-
Yeah, more tech and privacy enthusiasts should really look into things before declaring them secure or private. Even those that market themselves as such. Like, a lot of them hark on about SimpleX without really understanding that it's not a good choice.
wrote last edited by [email protected]I actually do endorse SimpleX. While it does lack a lot of user features you might enjoy in other messengers, it does do the security/privacy part right. While not having as many auditors as signal, there have been enough to form an opinion. The fact that it is foss in the first place gives an advocate for their transparency. It's also double ratchet E2E enrypted, comletely anonymous, practices perfect forward secrecy, and even offers Tor proxies; which is more to be said than most messengers.
The only good argument I've seen against it is that it isn't federated or P2P, which is a discussion on the centralization of power rather than a security/privacy issue outright
-
So you just wanted to be a pedant for the sake of it?
wrote last edited by [email protected]If we don't gently remind each other to be better, who will? You?
-
If we don't gently remind each other to be better, who will? You?
wrote last edited by [email protected]I don't count that as being better, heh. Being better is things like behaviour not some random spelling someone got 'wrong' that ultimately doesn't matter.
-
I actually do endorse SimpleX. While it does lack a lot of user features you might enjoy in other messengers, it does do the security/privacy part right. While not having as many auditors as signal, there have been enough to form an opinion. The fact that it is foss in the first place gives an advocate for their transparency. It's also double ratchet E2E enrypted, comletely anonymous, practices perfect forward secrecy, and even offers Tor proxies; which is more to be said than most messengers.
The only good argument I've seen against it is that it isn't federated or P2P, which is a discussion on the centralization of power rather than a security/privacy issue outright
wrote last edited by [email protected]A big thing they could do to convince more of us is to set up a transparency report like Signal has, so we can see any requests for information or legal orders they get, and their replies.
-
Well, it's not exactly about privacy. But it does need a lot more time to develop before it is ready for 'mainstream' use, right now it's very niche, they haven't figured out how to get the same profile on multiple devices, there's no proper ipad support and because it's niche only tech people use it and thus I'm not interested in it until the average user can and will use it easily as I like all my friends etc to be on things I use.
Plus it doesn't have as many audits, as say, signal, so that's a big hmmm in my book. Yes, it's not been around as long, so that might not be fair, but it has a lot of things to fix before it's worth using.
Also, it really needs more 'fun' features, like signal has before most average people will use it. I think it also needs to figure out things like calling, especially group, but I cannot remember if that's still accurate or not.
Oh, also, I remember there was a big concern about funding because they went commercial instead of doing the right thing and starting a foundation or some such.
commercial
Okay so its absolute trash at best.
-
I don't count that as being better, heh. Being better is things like behaviour not some random spelling someone got 'wrong' that ultimately doesn't matter.
Oh, my sweet summer child...
️ -
Oh, my sweet summer child...
️Winter actually.
-
Winter actually.
-
That tracks.
What also tracks is you're a pedantic asshole that somehow thinks that correcting random posts on a forum, and not the original author because it's "Not my circus, not my monkey" (but it is yours to correct random internet posts, go figure) somehow makes you 'better' than others or others 'better' in some way when all it does is show how much of an asshole you are over things that ultimately do not matter and will not in any meaningful way change the world.
This isn't a fucking spelling competition, it's not an academic piece of work, it's not an exam, it's one fucking minor 'mistake' that, no really, doesn't matter and is just a reference to "Comparison is the thief of joy." Seriously, find something better to do with your obviously boundless free time, if you have so much of it you'd have the time to do this.
Instead of realising that language is about communication and as long as the original message comes across fine in non professional context then that's all that matters, you'd rather come into some random thread so you can be a smug asshole from afar.
Now either have something meaningful to say about the actual subject or get out.
-
What also tracks is you're a pedantic asshole that somehow thinks that correcting random posts on a forum, and not the original author because it's "Not my circus, not my monkey" (but it is yours to correct random internet posts, go figure) somehow makes you 'better' than others or others 'better' in some way when all it does is show how much of an asshole you are over things that ultimately do not matter and will not in any meaningful way change the world.
This isn't a fucking spelling competition, it's not an academic piece of work, it's not an exam, it's one fucking minor 'mistake' that, no really, doesn't matter and is just a reference to "Comparison is the thief of joy." Seriously, find something better to do with your obviously boundless free time, if you have so much of it you'd have the time to do this.
Instead of realising that language is about communication and as long as the original message comes across fine in non professional context then that's all that matters, you'd rather come into some random thread so you can be a smug asshole from afar.
Now either have something meaningful to say about the actual subject or get out.
Don't forget to breathe, kiddo.
