is the databag protocol/design documented somewhere? does it claim to have forward secrecy?
from a quick glance I see here they’re generating an AES key from a passphrase and using it to encrypt an RSA private key, which is… not a good sign.
fwiw https://simplex.chat is another thing which seems to have similar goals and functionality but is better documented.
there is a lemmy thread discussing that post here
If by “free and public” you mean a model and code that you can download and run on your own hardware, there is this one: https://crfm.stanford.edu/2023/03/13/alpaca.html
but if you mean a free service… it looks like their public demo (which was here) is not operating currently. but since it is relatively easy to run, there are probably other alpaca-based services you can find.
There are instructions for how to run your own instance of it here: https://www.howtogeek.com/881317/how-to-run-a-chatgpt-like-ai-on-your-own-pc/
when you send an SMS, all of the metadata imaginable is retained by default… as is the content of the message, in many cases.
besides law enforcement and other government agencies, numerous telco employees also have access to this data, and, in many countries at least, some of it is also sold to data brokers.
you can’t get much less private than SMS.
ActivityPub has a over 20k different independent instances, mostly federating with one another. BlueSky has one, and if you try to set up an independent one, it won’t federate.
I’m guessing you still haven’t read this post I linked to? Here is the first paragraph:
Moderation is a necessary feature of social spaces. It’s how bad behavior gets constrained, norms get set, and disputes get resolved. We’ve kept the Bluesky app invite-only and are finishing moderation before the last pieces of open federation because we wanted to prioritize user safety from the start.
It’s a little surprising that the person you’re linking to managed to install and operate their own Personal Data Server without reading enough of the BlueSky website to see that federation isn’t turned on yet!
You are confusing content warnings (not exposing others to potentially triggering content you post) with moderation (making it hard to harass users). These are two very different things.
Why should they be different? If a user neglects to label their own post, shouldn’t other people be able to label it? (And shouldn’t the reader be able to decide who’s labels to give what importance to?)
Yes, and the current owners have no economic incentive to change that. It’s a project backed by financial investors, which means they’ll want to get back as much money as possible as soon as possible.
Their initial funding came from twitter, but twitter doesn’t own it. The BlueSky Public Benefit LLC is owned by the founding team, many of whom have been working on decentralized protocols (SecureScuttlebutt, IPFS, Hypercore, XMPP, among others) since before Mastodon was a thing. The entire purpose of their company is to build the protocol, not their instance of it. Running the first instance is just a way to bootstrap the protocol.
After reading atproto.com do you still think accounts that currently exist on bsky.app won’t soon be able to migrate to another (including a self-hosted) PDS?
Have you read their blog post titled Composable Moderation?
imo it is the ActivityPub world that is cosplaying decentralization.
AT Protocol (BlueSky) seems sort of like AP except if it were designed by people who knew about cryptography and content adressability and who saw that using those tools allows for building systems where where users don’t need to rely so heavily on the node operators.
Right now, if your AP server changes their policies in a way you don’t like, or simply disappears, your only recourse is to make a new account elsewhere. If your old server is able and willing to facilitate it, you can leave a pointer to your new identity, but you can’t take your history with you.
This gives the (mostly hobbyist sysadmin) server operators that most people rely on enormous power, not to mention responsibility.
Having cryptographic identities that are not permanently tied to whatever provider you selected is the solution to this problem, and that is the main reason why ATP exists.
BlueSky hasn’t actually turned on federation or public signups yet; it remains a centralized invite-only website right now. But I’m pretty confident that both of those things will be changing soon, because the point of the project is to build a resilient decentralized protocol.
It had 4K users a couple weeks ago, and 50K today.
They implemented the “block” feature yesterday. This is what it looks like:
(Like any system where you are publishing things that are public-by-default, the “they will be prevented from seeing yours” part can of course be easily circumvented, but, like twitter and mastodon etc they are adding a speedbump that will help in many circumstances.)
BlueSky also already has a system for flagging different categories of sensitive content, much like Mastodon’s CWs. This is what it looks like currently:
If your complaint is that “node operators will have no agency in the system”… lol, i guess that is kind of the entire point of it? Of course ATP server operators will have the agency to not host content or users that they don’t want to, and to provide their users with whatever moderated views of content anyone wants to build. But, they won’t have the agency to hold users hostage to the admins’ whims like they do today in AP.
With ATP, the idea is that users (most of which are not going to be node operators, in either system), instead of admins, have the agency to change their decision about who to rely on to keep their data available, and also the agency to define what they want to see and what they want to not see (without having to start over when someone else changes their policies).
But the user-and-or-server agency I think you are worried about BlueSky taking away is not related to the technical differences, but rather the social/cultural ones: it’s the false promise of agency that Mastodon promotes by pretending it’s possible to have the benefits of a public-by-default conversation without the negative effects of it being searchable/discoverable (aka public). One could actually build things with that philosophy on top of ATP as effectively as it has been done on AP, and perhaps someone will, but indeed the current developers seem unlikely to run an anti-search-ethos server themselves.
The screenshot showing the avatar of his alt account is real: https://twitter.com/elonmusk/status/1650607963084554288
… as reported here and elsewhere: https://www.vice.com/en/article/v7bew8/elon-musk-burner-account-ermnmusk
This is the account that Vice is talking about is this: https://twitter.com/ErmnMusk … but it could easily be an existing account that just changed its avatar to that photo. Note that Vice says the discovery of this account was originally made on 4chan.
And also by now there are other accounts using similar names and the same photo, like https://twitter.com/ErmMusk which is more clearly fake.
Use free/libre software, running on your own server, and don’t use any 3rd party services besides the payment processor(s).
The site you’re referring to appears to be built using WordPress with https://en.wikipedia.org/wiki/WooCommerce btw.
they still load for me… also, the first 3 are on archive.org:
(and the last one says it is saving there now but hasn’t yet)
Discord says they aren’t selling user data, but from the job descriptions they’re currently hiring for you can see that they are clearly collecting and analyzing a lot of it:
indeed, they have a public firehose, as of this PR: https://github.com/bluesky-social/atproto/pull/205
and this site’s code which consumes it is very short and conveniently not minified: https://whenitrains.glitch.me/script.mjs
There is a lot going on here, including parts of the program not even visible in your screenshot.
You should try to make a much smaller minimal reproducible example - in the iterative process of removing things and then re-running it to test if the bug is still present (write a shell script to automate step 2, to run it as many times as are currently necessary observe the bug) you might find the cause yourself. And if you don’t, your MRE will make it easier for others to help you.
for one thing, a lot of “non-tech” people do manage to buy their own domain names somehow.
but, also: domains-as-handles doesn’t actually mean everyone needs to get their own domain. For instance, if/when feddit.de adopts ATP, you can be
@sexy-peach.feddit.de on bluesky (and everywhere else that uses ATP).
I am looking forward to one day seeing Jason Scott address the anti-archival philosophy of the mastodon bdfl and his acolytes.
(perhaps activity pub allows me to notify him by using his mastodon name @email@example.com here? probably not.)
it’s DIDs in DNS. you can read more here: https://atproto.com/guides/identity
so, your DID (which includes a pubkey) is actually your identity, and you can change your handle without changing your DID.
It doesn’t exactly say it on the page i linked, but iiuc their plan is also that while today handles are all names ending with ICANN TLDs in the future they could also be under alternative TLDs defined by ✨blockchains✨.
I expect he can probably sue Musk for disclosing his medical information, among other things.
Yes, maybe, but I don’t see a big problem
If I used Portmaster, I would want to chat with the developers and other users and get involved with its development. But, I don’t want to make a discord account, and they haven’t bridged their discord to matrix, so, I can’t. I see this is a big problem for the project.
include it`s fuctions in Discord itself, not possible in other social networks
You can easily have bots on Matrix (or XMPP, or IRC, …).
That Discord tracks the user like FB and others, isn’t really a problem with extensions and privacy tools
🤦 yeah, no, it is still a problem. discord is proprietary software as a service, concentrating millions of people’s unencrypted communications in one place. If you block all the servers doing surveillance, you would be blocking discord itself.
I refuse to give discord an email or phone number, or to agree to their terms of service, and so do many other people. By requiring the use of discord to participate in their community, the developers of portmaster are alienating the privacy-aware demographic of discerning technologists which might otherwise use and contribute to their software. They are communicating clearly that they don’t see discord as a problem, and that means that they are not people who I want to rely on to develop privacy tools for me.
You can use most desktop environments on most distros.
If a distro has its own GUI and it doesn’t exist on other distros, usually that means either it isn’t free software or it’s not good enough that anyone has bothered to package it for other distros.