Cypherpunk reviews of products [was: peerio.com]
Regarding peerio.com thread... The issue there is that so far it appears they're just another commercial startup of the day trying to figure out if they can monetize it by witholding the server. Their interest does not yet appear to be in you, but in holding your accounts. Which they or govt can cancel (censor) at any time. Just like any other centralized commercial service on the net. While not the content, they apparently have access to all your messaging and storage metadata and friend lists, so that's a non improvement. And non-optional read message notification back to the sender? Well, if you like being trapped by senders. They claim to be 'peer reviewed' and "professionally audited' in big letters but provide no such backing papers anywhere. They say "tested and proven security" and all sorts of other marketing drivel and hype (look at their github site commits) and provide few self-caveats. Their source probably doesn't match the binaries they're distributing. How exactly do they plan on being "free and ad-free and not selling you" while existing past year one. Wasn't one of the author's Cryptocat flawed too? Etc. Here's another classic game being played... "we [...] require the user to confirm their email or phone number." Really, wtf, default to that if you want for the masses security/recovery illusion, but make it optional for those that don't want the tracking reality. Don't forget, their "invites" are not just a fun party and name reservation, but tracking too. Interesting API/model, it may even be a step in the game such that you might consider inflicting on your friends, or even paying for yourself (because free isn't free so you will pay somehow), nothing wrong with that. But just saying its neat looks good and whatever other two-bit reviews were made is not doing the public much service. Cypherpunks should in fact review and endorse "step in the game" commercial services as they come along, if they're worthy. (All the upstart browser based on the fly crypto central email services not being one of them, that's what Thunderbird and Enigmail are for.) Just know that in this field, a good review needs to call out the marketing BS and be seriously candid about what exactly the stepwise advances in the game are, what they defeat, how any caveats make them moot in particular or on the whole compared to more mature solutions, and where if anything can be improved. This isn't email, texting, facebook, using the phone or giving a speech in public. Privacy and crypto assertions and statements to uses for such purposes made by products to a new and clueless user base are serious business and have highly different needs requiring careful analysis (even if the bottom line summary attached to it is "looks good"). And as cypherpunks, why not also swipe parts of its model, replace the backend with some sort of distributed anonymous p2p storage grid where you get what you donate over it. Similarly, with a $10 shell account and the server side you could have an analog to the group messaging and storage of peerio. Further what about RetroShare and other similar things that already exist. It's clear that with many new products appearing, there needs to be the emergence of reviews by reviewers that are steeped in the same space. Consider what could be done similar to this: https://www.prism-break.org/ with review centric nature of these (before they went pop) https://www.anandtech.com/ mashed with more detailed facts and tables and openness like this https://en.wikipedia.org/wiki/Anonymous_P2P https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software https://en.wikipedia.org/wiki/Comparison_of_file_sharing_applications https://en.wikipedia.org/wiki/Comparison_of_webmail_providers
participants (1)
-
grarpamp