Cypherpunk reviews of products [was: peerio.com]
grarpamp
grarpamp@gmail.com
Thu Jan 15 14:29:31 PST 2015
Regarding peerio.com thread...
The issue there is that so far it appears they're just another
commercial startup of the day trying to figure out if they
can monetize it by witholding the server. Their interest does
not yet appear to be in you, but in holding your accounts.
Which they or govt can cancel (censor) at any time. Just like any
other centralized commercial service on the net. While not the
content, they apparently have access to all your messaging
and storage metadata and friend lists, so that's a non
improvement. And non-optional read message notification
back to the sender? Well, if you like being trapped by senders.
They claim to be 'peer reviewed' and "professionally
audited' in big letters but provide no such backing papers
anywhere. They say "tested and proven security" and all
sorts of other marketing drivel and hype (look at their github site
commits) and provide few self-caveats. Their source probably doesn't
match the binaries they're distributing. How exactly do they plan
on being "free and ad-free and not selling you" while existing past
year one. Wasn't one of the author's Cryptocat flawed too? Etc.
Here's another classic game being played...
"we [...] require the user to confirm their email or phone number."
Really, wtf, default to that if you want for the masses security/recovery
illusion, but make it optional for those that don't want the tracking
reality. Don't forget, their "invites" are not just a fun party and
name reservation, but tracking too.
Interesting API/model, it may even be a step in the game such
that you might consider inflicting on your friends, or even paying
for yourself (because free isn't free so you will pay somehow),
nothing wrong with that. But just saying its neat looks good and
whatever other two-bit reviews were made is not doing
the public much service.
Cypherpunks should in fact review and endorse "step in the
game" commercial services as they come along, if they're worthy.
(All the upstart browser based on the fly crypto central email services
not being one of them, that's what Thunderbird and Enigmail are for.)
Just know that in this field, a good review needs to call out the
marketing BS and be seriously candid about what exactly the stepwise
advances in the game are, what they defeat, how any caveats make
them moot in particular or on the whole compared to more mature
solutions, and where if anything can be improved. This isn't email,
texting, facebook, using the phone or giving a speech in public.
Privacy and crypto assertions and statements to uses for such
purposes made by products to a new and clueless user base are
serious business and have highly different needs requiring careful
analysis (even if the bottom line summary attached to it is "looks
good").
And as cypherpunks, why not also swipe parts of its model,
replace the backend with some sort of distributed anonymous
p2p storage grid where you get what you donate over it.
Similarly, with a $10 shell account and the server side you could
have an analog to the group messaging and storage of peerio.
Further what about RetroShare and other similar things that already
exist.
It's clear that with many new products appearing, there needs to
be the emergence of reviews by reviewers that are steeped in
the same space.
Consider what could be done similar to this:
https://www.prism-break.org/
with review centric nature of these (before they went pop)
https://www.anandtech.com/
mashed with more detailed facts and tables and openness like this
https://en.wikipedia.org/wiki/Anonymous_P2P
https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
https://en.wikipedia.org/wiki/Comparison_of_file_sharing_applications
https://en.wikipedia.org/wiki/Comparison_of_webmail_providers
More information about the cypherpunks
mailing list