Notices by Meredith Whittaker (mer__edith@mastodon.world)

See also, from the wonderful dkg at ACLU:https://www.aclu.org/news/privacy-technology/secure-messaging-and-ai-dont-mix

We love to see it--community-created harm reduction infrastructure in the face of the alarming integration of AI agents into the Windows operating system (which is currently the most reckless deployment environment) <3

https://github.com/zoicware/RemoveWindowsAI

Why? See: https://www.youtube.com/watch?v=0ANECpNdt-4

📣 NEW w/#UdbhavTiwari Mapping the technical reality & privacy/security perils of pushing AI agents into our infra

We offer palliatives, but the core issues are paradigmatic: 'agency' relies on pervasive data access + ability to act w/o explicit consent.

https://media.ccc.de/v/39c3-ai-agent-ai-spy

Merry Christmas! May you enjoy the cinnamon nutmeg season as much as I do, with all the peace, major chord progressions, warm drinks, butterfat and sparkling this and that, whatever you believe, however work it ❤️🎄

🎁 here's a great album to get your day going https://www.youtube.com/results?search_query=oscar+peterson+live+in+tokyo+1862

PSA: tips to protect yourself from scams on Signal.

Every major comms platform has to contend w phishing, impersonation, & scams. Sadly.

Signal is major, and as we've grown we've heard about more of these attacks--scammy people pretending to be something or someone to trick and abuse others. 1/

@troed I don't think you have a clear understanding of this space, but I hope you have a good time digging in and learning more.

Concerning, bc it indicates that the extent of the concentration of power in the hands of a few hyperscalers is way less widely understood than I’d assumed. Which bodes poorly for our ability to craft reality-based strategies capable of contesting this concentration & solving the real problem. 2/

The question isn’t "why does Signal use AWS?" It’s to look at the infrastructural requirements of any global, real-time, mass comms platform and ask how it is that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers. 3/

Running a low-latency platform for instant comms capable of carrying millions of concurrent audio/video calls requires a pre-built, planet-spanning network of compute, storage and edge presence that requires constant maintenance, significant electricity and persistent attention and monitoring. 4/

Instant messaging demands near-zero latency. Voice and video in particular require complex global signaling & regional relays to manage jitter and packet loss. These are things that AWS, Azure, and GCP provide at global scale that, practically speaking, others (in the western context) don’t. 5/

This isn't ‘'renting a server.' It's leasing access to a whole sprawling, capital-intensive, technically-capable system that must be just as available in Cairo as in Capetown, just as functional in Bangkok as Berlin. Particularly given the high stakes use cases of many who rely on Signal. 6/

Such infrastructure costs billions and billions of dollars to provision and maintain, and it’s highly depreciable. In the case of the hyperscalers, the staggering cost is cross-subsidized by other businesses–themselves also massive platforms with significant lockin. 7/

Meaning that infrastructure like AWS is not something that Signal, or almost anyone else, could afford to just “spin up.” Which is why nearly everyone that manages a real-time service–from Signal, to X, to Palantir, to Mastodon–rely at least in part on services provisioned by these companies. 8/

But even if Signal had the billions needed to recreate AWS, it’s not just about money. The talent to run these systems is rare & concentrated. The expertise, the tooling, the playbooks, the very language of modern SRE came out of these hyperscalers, and is now synonymous with 'the cloud.' 9/

o, yes, Signal runs on AWS. It also runs on your phone, which runs on iOS (Apple) or Android (Google). And on Dekstop, via Windows (Microsoft). Each of these presents similar dependencies on large entrenched tech companies, and concomitant barriers and risks. 10/

In short, the problem here is not that Signal ‘chose’ to run on AWS. The problem is the concentration of power in the infrastructure space that means there isn’t really another choice: the entire stack, practically speaking, is owned by 3-4 players. 11/

So, Signal does what we can to provide a service w integrity in the concentrated ecosystem we're working in. We protect your comms w end-to-end encryption, so that we can use AWS and others as a highway across which to send Signal data in ways that don’t let AWS, or anyone else, gain access. 12/

To conclude: my silver lining hope is that AWS going down can be a learning moment, in which the risks of concentrating the nervous system of our world in the hands of a few players become very clear. And that this can help us craft ways of undoing this concentration and creating real choice ❤️ 13/

📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).

It’s also concerning. 1/