Isn't it funny how within 24h the approach to changed from "it's secure and awesomesauce, use it for everything!!1!" to "I just use it to share stuff but warn users not to do sensitive stuff there"?

No, actually it's not funny. Because it keeps happening:

1. a new shiny startup does X in an open source but centralized way
2. a lot of "experts" saying how great it is; some greybeards warn that it's centralized but nobody listens - it's so shiny and cool!
(cont.)

(cont.)
3. startup makes a horrible business decision or gets bought up by someone onerous; it's inevitable, it's a startup.
4. everybody's shocked, shocked™, but still go with "using it for non-sensitive stuff, too late to move on"
5. rinse, repeat.

Do you know why we don't get a proper, decentralized, easy to use software solutions? This is why. Because we keep letting shitty startups crowd out the good projects.

(cont.)

(cont.)

Security is hard. Decentralization is hard. Usability is hard.

Being first to market is *easier* if you drop some, or most, of these.

So, shitty startups get to market first, and then crowd out the decent-but-necessarily-slower projects.

Every time you recommend a tool that follows this pattern of abuse, you are enabling it. You, personally, become a part of the problem. You, personally, help a shitty startup crowd out a decent project.

(cont.)

(cont.)

This is obviously not all black and white. There are edge cases, but then again there are clear red flags.

is a good example of an edge case. Decentralized? No. Startup? Also no. So, one red flag fewer.

Does this mean we can be certain Signal will not screw us over one day? No. But it not being a startup lowers that chance considerably, at least.

We techies need to be more mindful of this. After all, we are all complicit.

(end.)

Follow

@rysiek it seems to me the PGP case is also a little different because the existing software wasn't saying "yes the ux is bad and needs to be improved", but instead "this is the best possible ux so tough if you can't read through tens of pages of text to know what settings to use".

Keybase showed what was also possible, i.e., sane defaults.

· · Web · 1 · 0 · 2

@mvz well, I agree to some extent. there was software trying to do OpenPGP better. is one example.

@rysiek Does Mailpile handle creating and managing keys? The website is a bit low on details.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!