32 comments

[ 3.1 ms ] story [ 73.7 ms ] thread
(comment deleted)
Facetime was also meant to be an open protocol. I think we just have to accept that big corporations can say whatever and do whatever and get away with it. Because we let them get away with it. Convenience trumps everything.
I think we should attempt to address the ills we find in society, lest we see them expand rapidly without any counter force.
No one should be surprised by this, they should just make intelligent choices about how they protect their personal information. If you're in a position where you have to trust Google or Facebook or any other large company that lives by selling your data, you have to question how and why you got there.
The rest of the world brought me here, and I was unwilling to let them pass me by and leave me alone but with perfect control of my data.

The world is rich in complexity and devoid of absolutes. I've yet to see someone build an ivory tower with the foundations to stand more than a small shove.

Maybe there's something to be found between dreams of an ivory tower, and just laying there and taking it with a smile?
There surely is, but the first step is to acknowledge that the world has come to a certain point where we've lost control of our data and intelligence agencies, and not to write off people who's privacy has been compromised as fools who should have known better.

Because we are all those fools. Do you use gmail? If you don't, do you email people who do? Do you use Facebook? Do people talk about you on Facebook, even if you don't have an account? Do you email people who give Facebook their contacts? Is that even something you can find out?

Trust is transitive. If someone close to you along your social graph is being observed, you are being observed indirectly. If many people around you are being observed, you are being observed rather closely.

There's a difference between protecting your data from a company that collects it when you use their service, and hiding from a state-level actor like the NSA.

I don't use Gmail. I don't use Facebook. For just those reasons. I do use uBlock Origin, NoScript, uMatrix, and Random Agent Spoofer, and depending on the site a VPN. I don't throw up my hands and pretend that a platform like Facebook is somehow fundamental to life.

Collection by intelligence/LE agencies and by private companies are increasingly interrelated. These are not separate problems, but two sides of the same coin.

I'm afraid you've missed my point, because I don't use those services either. No man is an island. And very few of them are OpSec masters, either. For instance, consider how unique that precise set of tools is, how easy it is to fingerprint browser extensions, and how you've effectively announced your identity in a public forum.

(Edit: Though doing that without JavaScript would be a pretty neat trick. I'm pretty sure it'd be possible to do if you can convince tags to load sequentially, so you can send requests to your server interleaved with requests for add-on resources, and observe timing. I'm thinking many levels of nested iframes ought to do the trick. But I don't know that for a fact.)

What I am trying to say is that this is hard, and we cannot solve anything by oversimplifying or victim blaming.

It's not a population of victims, by and large it's a population of people who don't see the point, and can't be bothered. The population of people whom the NSA keeps tabs on might be victims, the people who use Facebook are definitely not.

Besides, victim facilitation and precipitation is an ugly, and sad reality of life. You can be aware of your role in becoming a victim, without blaming yourself for the actions of other people who took advantage of your situation.

As to the rest, again, we're not talking about dropping off the grid or avoiding a government, just about not broadcasting everything all of the time for some paltry "free" service.

I feel like you're talking over me rather than trying to understand what I say.

But stay safe and have a good life anyway, traveler.

Disagreement can feel like that. Take care.
Maybe I'm biased because I've done some intelligent agent work when I was back at Microsoft, but I really like how Allo handled this. They let the user decide whether or not they want convenience, or strict privacy. This is how it should be - up to the user.

Some people want the convenience of having their messages be stored in the cloud and helper bots to add relevant content to the mix, some people want a reduced experience but with the reward of privacy.

Disagree. The average user is not savvy enough to make this call. Secure end-to-end so I can have secure conversations with less technical people, and know we are both safe. It only take one party to escrow the logs to the server and all those conversations are no longer private. E2E||GTFO
Uh, no. Data loss for your end-users as a default behavior is unforgivable. The impetus is on people who think it's OK to irretrievably lose access to their freaking data when their phone battery explodes to set that up. For myself, and for Joe P. Random, losing my data without my having explicitly (and again) decided to take that risk is what directly precedes a decision to no longer use any Google products, full stop.
People already assume their voice conversations are (usually) ephemeral. As long as it is explained properly, an ephemeral text chat can not only be acceptable, it may also be a feature.

More importantly, why are you pretending that end-to-end encryption implies an irretrievable loss of data? If desired, backups can be made locally or to another local device such some type of LAN-only network storage or a USB storage device.

Exactly. Snapchat = ephemeral video sharing/chat. Why is it so big?
(comment deleted)
Exactly, and this is precisely why it's E2E by default with iMessage. One company makes money off of your information, the other makes money off your hardware.
I'm big into privacy and that actually makes some sense to me. Though I'm a little concerned that if E2E isn't the default, it will be buried in the settings and most users won't ever think to use it.
> helper bots to add relevant content to the mix,

Is not that called an advertisement?

Have you used bots in Allo or telegram or facebook messenger or discord or slack? They can be very helpful.
I've often found the contrary - they add a lot of noise into the signal. For example, the gify bot encourages people to post response gifs to response gifs, creating pages of nothing but pure crap, making content harder to find than the proverbial needle in a haystack.

I don't need web pages expanded in-place, it pushes content off screen. I don't want CI/Jira/Pagerduty spam constantly dinging for my attention. I don't want random gifs. I don't want YouTube videos expanded and started automatically.

Maybe there's a good bot out there, but I haven't seen one yet.

I sort of have this feeling that, if end-to-end encryption is going to be a standard requirement of the users in the near future, the big software companies won't know how to resolve this conflict of interest. They can't offer e2e at the same time that they try to extract value from the conversation channel. It's the same reason that Google is not really interested in promoting PGP on Gmail.

Which means that it won't matter which channel people are using to talk to each other, they will have to find a way to be a conversation point on each other's channels - e.g, Have a Google Bot on Facebook Messenger and Whatsapp and Skype and Telegram, and the others doing the same. By that point, the whole thing gets unbelievably stupid, and it will be better for everyone to just give up on building the walled gardens and go back to networks based on interoperable, federated open standards.

I made a "ask HN" [1] post because I am involved in this space, and I wonder if people here would be willing to put up with the loss of privacy or if they would be willing to pay for a chat service. I would appreciate if people could share some thoughts.

[1]: https://news.ycombinator.com/item?id=12553221

The big software companies may not be able to figure it out, but the big hardware companies don't care. This is where the salvation of e2e must come from, and we're already seeing it with Apple, where iMessage has been e2e for a long time.

It's not perfect, Apple can still tweak the system to control the keys if they wanted to (not that I believe they would) but it's a really good start.

Can I use iMessage from my non-Apple computer? Would Apple be willing to open up its protocol or to implement in other platforms so that it could be universally adopted?
Not officially. That still doesn't negate the point that hardware companies like Apple have already started e2e encryption. The poster also mentioned it's not perfect; full cross-platform support would presumably be one of those areas that could get it more perfect.
Whatsapp is also e2e encrypted. And they aren't hardware at all.