[vox-tech] any OTR preferences?

[T. Mark]

3. Dec 2016 15:06 by bill at broadley.org:


> On 12/02/2016 03:46 PM, T. Mark wrote:
>>   Thanks for your erudite observations, Bill.. I agree with almost all of them. 
>>   That is indeed a bit troubling that Keybase unnecessarily grabs your private
>> key.. I should've paid better attention & noticed that myself.  Looks like I'll
>> continue to not really use it (never connected any mobile devices like most
>> people do btw.. that thought creeped me out straight away.)  It's an interesting
>> idea though, & lots of cool nerds there, 
>
> Indeed, especially the FUSE based filesystem.
>
>>   I'll definitely take your enthusiasm for Signal into consideration along with
>> all the various opinions.
>
> It's a hard line.  Would federation be cool?  Definitely.  Do federated
> standards slow down innovation, definitely.  See SMTP, XMPP, or HTTP, all of
> which have been very slow to change.  None of which bake in e2e, and all of
> which have a huge variety of clients that will break if you tried to force e2e.
> Not to mention large communities that will split into change nothing and change
> everything communities and battle over changes, and ask for committees that will
> decide anything at a glacial pace.  Even after the standards committe decides
> then software developers will implement suggested changes willy nilly... leaving
> a bunch of half functional clients that you can't trust to do encryption right.
>
> Thus the difference between signal and any of the old school federated protocols.
>
>




I continue to procrastinate in finding these posts by "Moxie" et al.. just haven't much spare time.  Hopefully that can change. 


> See why Moxie isn't excited about Joe Randoms distributing hacked signal clients
> and pointing at whisper systems servers?
>
>>   Where I think you're a bit mistaken is wrt Google Hangouts--  I recall reading
>
> I didn't the mention the word hangout.  I mentioned GCM (google cloud
> messaging).  It was a major complaint of the blog post, but seems to miss that
> it leaks no message, no meta data, can't tell who you are walking to etc.
>
>> a post by a developer on a Goog forum decrying the fact that Google Voice
>> traffic goes over unencrypted (even though the gmail connection spawning it is
>> https) ..  and sure enough, when I run Firefox from the command line & fire up
>> the Voice Plug-in, it's blurting out stuff all over the place, including my
>> gmail address as far as I can tell.  Haven't had the desire to do video (and
>> actually find the push to use Hangouts instead of the old Voice to be quite
>> annoying) so I have no observations about that.
>
>





Sorry for presuming Hangouts.  I don't have service hooked up to my Androids--  no desire to enrich rip-off Wireless Companies nor be triangulated by dirtboxes nor really a pressing need to be online or in-contact all the time.  I suppose I could run Android on my laptop & goof around with apps when online, but haven't got 'round to it.
 

> I didn't mention hangouts.  I mentioned GCM which is not hangouts.
>
>> But I've never trusted that
>> megacorporation much, for a variety of reasons, and I must admit I find
>> questionable your further assertion that "Google does NOT know who you are
>> talking to, or what you are saying .." I mean, if the rest of Hangouts is
>
> I was speaking specifically about signal's use of GCM, not some broad ranging
> comment about google.  I trust google to be relatively transparent.  They admit
> to tracking your habits, showing you ads, reading your gmail, etc. etc.  It's
> what you "pay" for free services.  If you don't like it, don't use their services.
>
> Android is pretty secure, and pretty good about being transparent.  But if you
> let it, it will track your position, your email, your commuting routes, your
> receipts, your contacts, your routes, etc.  However you can totally use android,
> say no, use IMAP, XMPP, some google cal equivalent, and even install your own
> app store if you want.
>
>> anything like Voice, they absolutely try to know.  Voice automatically tries to
>> convert all your speech-recognize all your voicemails, presenting a usually-iffy
>> text of them (and there's no way to turn that off that I could find.)  This is
>> consistent with their "free" business model--  free doesnt mean Free As In
>> Freedom, to quote stallman.org..  our eyeballs (& vocal chords & probably
>> camera-gleaned biometrics) are absolutely The Product--  Goog is an advert
>> monster, after all.  If I had the patience to read legalese, I'm sure I could
>> provide passages from their ToS that'd leave no question about this.
>
> I don't deny that google collects tons of info if you let it.  If you don't like
> it use something else.
>
>>   While I'm ragging on them, it might be worth noting that I heard some definite
>> discontent on one or more of the Linux podcasts I consume about Android tending
>> more & more toward pushing a proprietary silo sort of environment on
>> hardwaremakers & consumers.  They basically bemoan the increasing disappearance
>> of AOSP options (
>> https://en.wikipedia.org/wiki/Android_(operating_system)#Open-source_community>>  )..
>
> Yeah, the #1 problem is google play services (GPS), which many apps depend on,
> but isn't open source.  However the API to GPS is documented, but it would be
> challenging to keep up with google.
>
>


For sure--  I balk whenever someone directs me to The Play Store to get an app..  never felt comfortable Registering My Device with them which is required to gain access.  F-Droid is nice, but not adopted widely enough as yet.  I eventually found  org.aclu.mobile.justice.ca* on one of the 3rd party sites that hosts .apk's, though, so now I guess I can livestream questionable incidents if I happen to be in a free hotspot.  (Maybe someone going to the EFF event can ask if they can ask ACLU to get hip to F-Droid?  But I wont get my hopes up-- just saw where ACLU did a live q&a on F*book Video.. (don't get me started!))

 




Thanks again for your technical analyses though-- definitely helpful. 





--
https://medium.com/@linuxusergroup




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lugod.org/pipermail/vox-tech/attachments/20161206/4873c0ef/attachment.html>