Notices by Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz), page 2

The conventional wisdom suggests that WhatsApp provides 'fully encrypted' messaging between parties. I know that the Fediverse has a disproportionately high population of folk with a credible understanding of advanced cryptography... Can any of you tell me whether we can *prove* that the code running in the actual proprietary WhatsApp client is implementing uncompromised end-to-end encryption that only the sending & receiving part(y|ies) can decrypt? Or are we just taking Meta's word for it?

@be yes, I guess my point is that, unless we can see the code that's gone into the actual clients we're using, at both ends, it's impossible to say with confidence that the encryption is sound... The real evidence it's *not* sound is hard to determine for sure, but over time, the weight of evidence might prove it's not (or Meta might be sitting on their knowledge of what's being sent via their messenger for some very high-value situation, e.g. global power dynamics)...

@be in any case, as I say in https://davelane.nz/proprietary, if we're dealing with proprietary clients that we can't build ourselves with a full tool change we can verify ourselves, we're forced to put our trust in 3rd parties with every interest in betraying us if that increases shareholder value. That, to me, is an oppressive liability, which is why, to the extend I can, I avoid being subjected to it.

@be bingo - I suspect that because Meta controls both ends of every communication via WhatsApp, there're ways they could 'legitimately' claim 'E2EE' while still having full knowledge of the content of each communication (e.g. having 2 streams of data going via their central server, one E2EE, the other split at the server). & yes, I believe Signal has fewer negative incentives plus there seem to be possible alternate llibre clients (but the central server code is proprietary as I understand it).

I predict, in the coming months, it will become untenable for any non US organisation or gov't to claim their complete dependence on US BigTech is justifiable or acceptable.

The best thing that might come from the new US administration is that every other country in the world abandons US big tech on the grounds of clear & present threats to their digital sovereignty (took them way too long to work that out!). That'd be a tremendously beneficial (and cost-saving!) outcome for the world and could mean the death of big tech. Win-win. Bring it on.

How is it possible that anyone, never mind a local or national politician with some influence, can still promote 'growth' as an economic strategy without being ridiculed from all sides?! Probably for the same reason we still have the same folks seriously talking about #TrickleDownEconomics like an early 80s gold-plated dickhead, secure in the knowledge that most people neither give a crap, nor know any more than they do. The state of the world is relentlessly depressing.

I wonder how many of us are making the world better with our livelihoods... and how many making it worse, for ourselves and others we don't know (and better for shareholders who already have far more than most).

I wonder how many of us are honest with ourselves in making that assessment. I wonder how many of us actually think about it.

So on the NZ-based techies in schools group I'm in has just had a query from one of the techies at a school - apparently a couple parents are uncomfortable with their kids being forced to use MS O365 as required by the school. Appallingly, the first thing other folks on the list was to chide the parents for using Gmail addresses. Some of the techies really don't realise that their primary role has little to do with kiwi kids' learning & everything with increasing Google & MS shareholder value.

@Bruce @simon @Fragglemuppet @techsinger @FreakyFwoof I certainly do. Every time. Also, I encourage those new to the Fediverse to follow https://mastodon.social/@alt_text as they train themselves to do the right thing.

@_elena I got the impression it's a pretty automated process once you've got it set up, so I don't think it matters that much when you do it...

@_elena @robin started from scratch... although I did investigate the migration process when someone asked about it here (perhaps you?), and though it's poorly documented (because why would a commercial entity want to make it easy to migrate away from its service **eyeroll**) it looks fairly easy... I got the impression it's as easy as "use the 'migrate to Ghost hosting' but in reverse"... but I haven't tried it...

@robin I've done that too (self hosting Ghost) - and yeah, it's quite straightforward, eh! And am doing the same with Matrix and Pixelfed, although I have some work to do to tidy things up after the latest Pixelfed upgrade... but yeah, the savings in hosting is massive. All my external systems are running on Hetzner's 7 euro/month instances. Crazy cost-effective. (hosting a lot of other services besides those 3)...

@robin where/how were you hosting previously? Fully managed services? I've found moving my work off AWS & Azure, we lowered our costs 95% across the board. Paying trivial amounts for cloud hosting now. We have grandfathered server at Hetzner with big disks and back up to it, otherwise storage is a minor cost for us. We don't use object storage, all block storage. I back personal stuff up to home servers w/big disks at home & I host stuff here, too.

Now just need to play with Ghost more.

@robin nice.Yeah, I moved a lot of stuff from DO to Hetzner, and saved 60%...

@dentangle I'd refine that to say 'without effort' rather than 'sacrifice' - because sometimes doing the right thing takes effort that is both fun & fulfilling, like a job-well-done. It doesn't have to feel like sacrifice.

Most of the time, doing the 'right' thing is harder than doing the 'easy' thing. I find it fascinating that people simply don't 'get' that when it comes to tech. They fail to realise that the 'easy' thing has been made easy by people who're spending a LOT of money to get far more in return, and that fleecing (in some way) those choosing the easy path is the source of that return. It's not rocket science, but people fall for it again and again. "But the farmer feeds us so well!", said the pig.

@kfogel I've had relatively few rejections from the big players - when i have, it' been for a short period (a day or so), due to their lazy policies of blocking deliveries from entire network blocks based on one spam host... but hasn't been major. Of course, the more of us there are, the less the behemoths can ignore us and get away with lazy practices...

I wish more people capable & confident to do so would run their own email services, and provide access to them for their communities (who would hopefully realise the great benefit of having a family domain). That'd help to undermine the current cabal of mostly ill-intentioned email providers out there. Email's too important to trust to a colossal corporation that sees you (and your correspondents!) as a resource to be data-mined. Plus, it really isn't nearly as hard as people make it out to be.

I'd be happy to share my notes - I'm no hosting genius, but I've been running email services that are great to use, full-featured, and provide user-friendly delegation to others wanting to manage their own domains &/or mailboxen. Happy to share my notes.