@kylerankin Imagine having 5 different web browsers you had to switch between depending on which website you wanted to visit. If these same orgs had their way, you would (and that's largely what phone apps have become).

Messaging isn't complicated. It's sending text, emojis and photos, perhaps to a group, ideally w/ e2e encryption. You have 5 incompatible messaging apps on your phone not from tech limitations, but because greed drives orgs to ignore compatibility and optimize for vendor lock-in.

I dismissed this product until I realized it's probably the only way to get work done in a modern office with an open floor plan. It's basically a cubicle for your face: neatorama.com/2018/10/18/Human

Click, Clack, Moo is underappreciated as a subversive tale of the power of technology, collective bargaining, and boycott to shift the balance of power in favor of an oppressed, exploited group.

@kylerankin Sadly, current e2e msg apps, including Signal, built a world *worse* than CAs in this respect. If WhatsApp backdoors e2e for ad data or for govts (why not both?), to revoke trust you must convince all your friends to revoke trust, or else fall back to insecure SMS.

@kylerankin Applied to CAs, this means if a CA violates your trust, you should be able to revoke your trust in them but still be able to browse the web securely. And if you don't trust, say, Verisign's CA, you can anchor your trust in another vendor and web browsing is secure.

One of the most powerful ideas in @Moxie's convergence talk was the idea of "trust agility" youtu.be/UawS3_iuHoA?t=1558 the idea that trust can be revised at any time, and users can decide where to anchor their trust.

As someone who spends a lot of time working on Heads and thinking about BIOS tampering, it's interesting to read about examples of UEFI/BIOS hacking in the wild: welivesecurity.com/2018/09/27/

The thing I am most excited about with the Librem Key is its integration with Heads to make detecting tampering easy. It's something that doesn't exist anywhere else and in this deep dive post I explain the technical details. puri.sm/posts/the-librem-key-m

The Librem Key represents a fundamental change in how we view laptop security. Learn more about tamper detection and interdiction in @kylerankin deep dive on what makes the Librem Key unique in the industry at puri.sm/posts/introducing-the-

Check out the review of the Librem Key by Alessandro Castellani - youtube.com/watch?v=J4P7RFNHkN! We'd love to hear your feedback. Remember you can ask questions at forums.puri.sm/t/introducing-t

@Purism is proud to announce the latest offering in the @Purism line of products - the Librem Key! The first and only key to offer tamper evident protection to laptop users. puri.sm/posts/introducing-the- … Discuss at puri.sm/posts/introducing-the-

@kylerankin Put yet another way: what good is e2e encryption if your vendor has remote root onto the endpoint?

@kylerankin Put another way: a fundamental part of most compliance regimes is answering the question: "who has root on production?" So which Apple/Google employees have root on all smartphones? Have any govts forced use of those powers?

I'd be curious to know how many people within Apple and Google have this remote control power, the checks on that power, and what scenarios constitute an "emergency" to remotely take over someone's phone. cnet.com/news/10-years-later-g

The next few months will be challenging to two groups: 1. Linus + team to follow through on CoC. 2. critics who won't want to forgive, even if Linus + team truly do change. Humility, repentance and forgiveness are hard, I'm rooting for both groups.

Google's China search engine features a censorship blacklist that "included terms such as “human rights,” “student protest,” and “Nobel Prize” in Mandarin." and makes it easy to link searches to individuals: theintercept.com/2018/09/14/go

Looking at the current state of tech it's easy to conclude that people don't care about . I have to remind myself that people *do* care, they just feel powerless to do anything about it.

Show more
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!