It’s a tad upsetting that the Chromebook, not dev mode hacked, is now the gold standard for secure computing

Just as the iPhone, not jail broken, is the gold standard for secure mobile

How did we end up here?

Apple and Google realized their walled gardens are used more and more by ordinary people who understood the privacy implications of their devices

While truly open source privacy tools retained the warmth of a dung-smeared cactus, these became the easy to use variants for the public


Open source tools are by and large NOT user friendly in the name of remaining powerful and familiar to those who are already used to them

It’s a degree of tech elitism that’s locked out the public. The typical computer user is not going to familiarize themselves with the command line. Meanwhile, point and click tools got the upper hand in the market

Speaking of gold standards, if you do take the Chromebook route and want it to remain secure (I.E. easy to wipe and restore easily while traveling And security token enabled), this is a handy guide that’s easy enough for most users

It goes into the details of setting up a dev computer with YubiKey and 2FA with your mobile which takes care of most threat models (except nation states. But if a nation state is after you, you’ve got bigger problems)

I see some folks took this thread about open source privacy tools and made entirely about FOSS tools. That may be a limitation in text based communication or maybe some folks are paying disproportionate attention to the second toot and not the first one

One dev took it so personally, he viewed it as a personal insult. That’s unfortunate. It also highlights the uphill battle. It’s hard to view your world objectively from the view of those who know nothing of it

There’s an “othering” of the user

@cypnk i agree with this, but it has nothing to do with "general users being aware of their privacy". open source developers are smug, technical and hold this air of elitism that you refer to. this means the average user isn't going to use them regardless of their privacy stance, leaving only walled gardens as options.

Users wanted more privacy
Looked at what was available and cringed

Apple and Google saw a market opportunity

They’re both related

@cypnk the thing is that free software devs make things for themselves, not for some hypothetical end user.

I don't think there's anything wrong with that, as long as we aren't criticizing people for using nonfree software.

@popefucker Definitely not a criticism of users. They use what they can get used to. I would do the same in their place

Most hackers do build tools for themselves, but some (not all) still insist that learning them is the path to privacy and security for the general public. That’s just not gonna happen

I think that’s also part of the driving force behind “everyone should code”. I’d love it personally, but most people just want to enjoy their devices safely, not code on them

@cypnk true! And there has been a push of late for user-friendly FOSS tools, like signal and Ubuntu and whatnot, but it will never ever be at the same level as proprietary software because proprietary is what the industry grew around. There's so much more time and energy being poured into google than searx, for example.

@cypnk however, one thing:

radicals *need* to learn to use free software, and to thwart the surveillance dragnet. That's not a question of morality like most free software stuff is, it's a question of necessity, and too much organizing is still over corporate channels well-monitored by three-letter-agencies.

@popefucker That group already self-selects for people more likely to learn them

To be a radical is to expect some degree of hardship. To be revolutionary needs thinking beyond what’s already available, in use, or what’s “comfortable” and easy. And so many will learn new tools even if they’re not familiar with them initially

@cypnk I wish this were true, but it's really not.

Except for the truly hardcore revolutionaries, most don't know or care about this kind of stuff.

@popefucker They’re not radicals ;)

We also have to consider how many things the average person has to keep in mind beyond their sociopolitical interests. Family, children, and other engagements eat into their available bandwidth and what’s left is “use an iPhone and Chromebook”

Maybe a helpful friend will add “use Signal, use Tor”

@cypnk @popefucker Only if they realize that it's valuable to their cause.

@popefucker And most FOSS hackers I know are broke too. Some barely get by via Patreon. That’s just no match to the amount of cash Google and Apple can pour into user friendly alternatives

@cypnk @popefucker Another aspect of this is that the yield which Google and Apple get in terms of how much money they put in and how much usable software they get out is very low compared to the broke Free Software hacker living mostly in a hackspace.

@bob @popefucker Much like in meatspace, the luxury of experimentation and room for mistakes are only affordable for the wealthy in hackerspace

@bob @popefucker @cypnk do you mean that with just a little more money, open source would blow Google and Apple out of the water in terms of usability?

Then it’s even more important to push for campaigns like public money, public code, because govt software budgets would make all the difference.

@Tryphon @cypnk @popefucker I think more effort is needed on the public money public code campaign. I noticed that when it started I was seeing some pushback from the proprietary contingency, which indicated to me that a nerve had been struck.

It's also always worth being wary about government money, because sometimes strings can be attached. Projects like Tor have been trying to move away from relying so heavily on government money.

@cypnk It is so strange to me how supposedly the public won’t use a command line but they will edit registry keys for hours. I think they would totally use the command line if Ubuntu or whatever just came installed on every and they had to use it. Then they’d like it.

This must be the hacker version of unrealistic beauty standards ;)

To be fair, people also write entire applications and databases in Excel and never call it “programming”. Perceptions do matter and most users will never make that leap

@cypnk Using Excel to do visual design is computer hacking.

@rotatingskull It is indeed, but I’ve yet to meet an office manager who would call it that

If you ask the person who did all that work in Excel, you’ll likely find a hacker who thinks they aren’t one due to a conspicuous absence of a balaclava

@cypnk @rotatingskull This suggests to me that the whole business about command lines and programmatic interfaces (and I don't even claim that command lines are the be all and end all of programmatic interfaces) being /user unfriendly/ is sort of a problem conjured from nowhere. Apple happens to be /familiar/ and /cool, but there's nothing about its paradigm that makes it particularly easy to use.

Free Software could use more /polish/. A LOT more polish.

@rotatingskull @cypnk But that's a much smaller ask than wishing programmers would spend their free time building tools they actively dislike using and limit their actions.

@Azure @rotatingskull FOSS devs in particular take on tasks as a labor of love and just adding polish to open source tools is dreary and soul-sucking in a lot of ways. I just don't see it happening that way

But what I do see is projects being sponsored for polish depending on who uses it and how badly it's needed. You see project adoptions all the time, so there's hope for a lot of these

I just hope none become proprietary all of a sudden

@cypnk I am not sure I understand your point. The tools that secure the chromebook and iphone aren't tools any users have access to.

Securing a device is hard to do, but really easy if a pro from apple does it for you.

I don't think there is a good exemplar of an easy to secure system that is also easy to use.

@_tj Repost from another reply:
“Users wanted more privacy
Looked at what was available and cringed

Apple and Google saw a market opportunity”

My point is that secure devices came ready made because the tools to do it ourselves are complex and arcane by comparison

A non jailbroken iPhone is still secure
Likewise a non-rooted Chromebook
Both don’t need much further tweaking besides not installing more spyware


Very true, but some enterprising coders who understand the desire for and ease of use of graphical interfaces have an opportunity to market overlays for open source or, if they're really kind people who simply want to make things easier, they'll keep their GUIs open source, too, and free or shareware.

@EuphoriaLavender The more choices we have, the better it is for end users at least since they’re not cornered. Right now, there just aren’t enough resources to pour into better and open source alternatives, but I’m still hopeful


One of the best things about Open Source is that ANYONE can use it and contribute. There are so many people learning to code while they're young now and someone is likely to innovate simply because they'd like to have GUIs or want to make things easier for their grandparents or maybe even just for fun. Then there are older people who aren't working for a living anymore, have extra time and need intellectual stimulation and like a challenge.


I'm fairly certain we'll be seeing more and more innovations from people in that category, clever people with lots of life experience and knowledge who are redirecting their ambitions.

@Xinjinmeng @cypnk
I just can't let that slide. Software should be written to make tasks easier or faster to perform. Poorly written code (even if it was difficult to write) that is unintuitive or difficult to use, is just that.

Full disclosure: I have, for several reasons, written my share of bad code over the course of 30+ years.

@cypnk command line would be fine if it was not the minimum common denominator
people who use the firefox/chrome javascript console regularly are usually lost in lower command shells

@Efi That’s partly a lack of easy to access instructions. YouTube has helped a lot, but few people go out of their way to find tutorials. That’s mostly because of work and life leaving precious little time for much else

@cypnk affordances are better than instructions
people already know to click on buttons and links, but ttys can't leverage that

@cypnk Those who are already used to them are also users. Being friendly to them is also important. Making their work efficient is also important. Most beginner-friendly software I've seen is very unfriendly to advanced users. It wants you to keep being a beginner.

@cypnk You'd expect you could do more advanced things with it once you learn more, or use it in a faster and more efficient way, but nope, the software treats you like an idiot, and the more you learn, the more "are you sure" warnings you have to click through, only to realize you can't do what you wanted anyway.

@Wolf480pl I’m absolutely not advocating for advanced users being handicapped, but that also doesn’t mean excluding the average user from secure and private computing

I don’t know id you read the toot this is a reply to. I’m specifically referring to the state of duopoly between Apple and Google

@cypnk IOW, you're saing that we need a beginner-friendly operating system with good privacy and security protections, that our mothers and grandpas can use, while we continue to use mutt on gentoo? Seems legit. OTOH, I wouldn't want to develop software that I hate using, and I guess many FOSS devs feel the same.

@Wolf480pl Hence the dilemma. FOSS hackers have fundamentally different goals in mind, but it did leave the space wide open for Google and Apple to swoop in

I honestly think it’s too late for something different at this point. Unless Google and Apple change, it’s the Age of the Big Silos now

@bob @Wolf480pl My other worry is what happens to all that data

Also, Google isn’t even just a tech company anymore; It wants to “change the world” (whatever that means). I can see Apple getting dethroned, but Google has far too many tentacles to fall “cleanly”

@cypnk @bob

Google is like an AI gone wild.

Which makes a lot more sense when you know the corporation->AI isomorphism described on #34c3 (IIRC it was this talk )

@cypnk yeah, we all know it's the Age of Big Silos and it sucks. I was hoping you had an idea how to fix things, but if you're saying it's too late, and we may as well go back to the proverbial installing of gentoo, then fine.

@Wolf480pl There’s a tiny glimmer of hope

I don’t think the model of a company providing Thing or Service is gonna be viable for long. I think the future may be in creating what we need when we need it

E.G. I’m building a DIY writing computer (glorified typewriter, basically). Totally not expecting anyone else to do the same, but I can see someone taking the design, tweaking it and selling it on eBay. It may be the era of bespoke devices and services

@Wolf480pl @cypnk I don't think the age of big silos will last. You can see the seeds of its destruction in the problems of today - like the fact that Twitter has been turning into the social equivalent of a toxic waste dump. I don't think they will be able to solve their social problems by deploying AI, though they will try.

There mere fact that we're communicating here in the fediverse rather than in a corporate silo is an indicator of the way things are going. Twitter can't really emulate the fediverse without destroying its business model.

I started out on this social network thing around 2010, and back then the situation really did look hopeless. It looked like Facebook had crushed everything and turned it into a naff farming game. For years the fediverse was mostly just a few Free Software holdouts.

@bob @cypnk OTOH, look at the IM space. Facebook Messanger, Telegram, WhatsApp, Snapchat, Signal - all are centralized silos a.k.a. walled gardens.

@cypnk @bob and barely anyone uses XMPP or IRC, especially on mobile.

@bob @cypnk @Wolf480pl I've been excited to see the Zeitgeist turning back towards an interest in smaller dispersed online communities. I've been championing keeping ancient bulletin boards and IRC channels going for years with no success.

@lordbowlich @bob @cypnk so you're saying this is the right time to push decentralized solutions, because people no longer want to interact with "EVERYONE!!1" and instead they want to be in a few small communities?

@Wolf480pl @lordbowlich @bob I hope the communities aren’t too few or too small ;)

But I do love the idea of cozy discussions in communities where each person can truly connect with and appreciate each other. I don’t see that on big platforms. Everyone is busy talking past each other and don’t spend enough time listening

@lordbowlich @Wolf480pl @cypnk Things do seem to be changing and I think there are multiple factors involved.

@cypnk @Wolf480pl a real part of this dynamic is:

i've been using FOSS operating systems as my main environment for 18 or 20 years. i write software and administer systems for a living. i have spent time as a technical writer on these topics for a novice audience, etc.

and "dung smeared cactus" strikes me as an entirely accurate assessment of the experience of most standard FOSS security tooling.

@Wolf480pl @cypnk there're plenty of libre tools in the general sense with decent to very good UX. my very non-technical mom has happily used linux as her main driver for ages.

but, aside from ssh, which most people can learn, interacting with security-specific tooling like openssl (anything to do with ssl, really) and (a little less so but still) gpg is just generally an awful nightmare.

@brennen @cypnk
I'm confused now: is this talk about security/privacy tools, or is it about "I want a calendar app on my phone that doesn't send all the data to a cloud service that makes money selling data to advertisers" ?

@Wolf480pl @cypnk ...that's a fair question. i haven't been awake long and i'm foggy, so i'm probably just muddling the discussion.

i would say that i think the two things are kinda related, and i concur with the original point that the duopoly situation sucks and is also probably inescapable in practice.

you can have e-mail / calendar / IM that's pretty "secure", but you mostly can't have it without giving up a bunch of other freedoms.

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!