What do we need to change about how we operate, now that the political environment is darkening?
The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.
User Anonymity and Privacy
- End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
- Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
- Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
Data Storage
- Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
- Ephemeral content: auto-deleting posts, messages, etc after a set period.
- Instance chooser that flags which instances are in unsafe countries.
- Defederate from instances in unsafe countries?
Communities
- Private communities - currently all are public
- Communities where every post is encrypted
- Approval process to join some communities
- Better opsec around instance owners, admins and moderators
What else?
Removed by mod
Yup. Really don’t get the constant drumming of “I want to use someone else’s website or server while pretending it’s a secure platform”. Peer-to-peer coms have been around for literal generations now. If you actually care about privacy, e2ee p2p is what you do.
Security runs opposite to convenience.
Removed by mod
I think this is a fallacy, and anyone that is old enough to remember the popular days of Bittorrent will have stories to tell.
Yes, in theory p2p models can be more secure if you really know what you are doing.
But in reality the users’ end devices are often the weakest link and most people have bad opsec. A server operator has often a much better idea what they are doing and systems like Tor or xmpp that allow servers to protect their users by not sharing all the metadata with every participant are safer for the majority of users.
You don’t need to go full p2p. You can still have servers and you can still have operators who work to prevent issues at the edges, but the servers need to be only blind communication relays and routers.
There is no such thing as a blind relay. There will always be meta-data accumulation at such points in the network.
It is possible to try to minimize the meta-data accumulation and obfuscate it further and there are certainly some interesting theorectical concepts for that in systems like SimpleX, Nostr etc. but in the end most of these are just giving a false sense of security.
In addition many of these systems engage in what I call “trust-washing”, i.e. them proudly proclaming: “there is no need to trust us, bro!” When in reality there are multiple points of failure in their pretend to be trustless system that they just chose to ignore or try to distract you from.
And when it comes to the real-world, tried and battle tested system like Tor are where I would put my safety, not some brand new crypto-bro dondogle that is funded by venture capital investors (like SimpleX).
Even with Tor you also have to trust the exit nodes. So, yes, I agree you will still need to trust someone, but we can control/design to have less things depending on this trust.
Specifically with ActivityPub, everything is designed around the idea that the server owns it all. It doesn’t have to be all-or-nothing.
Yep. And besides, the only people actually taking significant risk here are the instance hosters storing the content.
Secure Scuttlebutt is the way
So you’re saying we should use Nostr
No. Nostr is even worse because it ties your identity to your encryption keys.
How is that worse? You can always prove that you are the same person by encrypting a message with the same key. There is no way for me to prove whether my Instagram account is really me
The problem is the inverse. There are times where you don’t want to be connected to any message.
Nostr is being developed by stupid bitcoiners, and it suffers from the same stupid mistakes as BTC. Pseudonymous transactions is not enough for a payment network. Just like pseudonymous messaging is not enough for secure communication.
Then use a key you never used before to encrypt it