undefined | Better HN

0 points8organicbits3y ago0 comments

I think that's far to vague to be workable and sounds incredibly expensive (unless everyone uses those loopholes).

Storing data on user's devices isn't great, it takes up storage space (adding cost) and relies on the user to manage the backups (which lots of folks don't do). Users also switch between devices, so you'd need some sort of cross-device syncing or something.

e2ee implies that the data can only be decrypted by the user's key. If the user loses their key, they lose data access. Since keys are user managed you need to deal with user support/education and build interfaces to support key management. e2ee isn't something you can bolt on an existing system. This sounds quite expensive to implement, so you'll shift significant funds away from other development (destroying innovation).

If today I'm running a Django site that allows users to message each other, do I need to change from my server-side template rendered system to a client-side rendered system?

For loop holes, I'd expect people to claim that they can't rely on device storage, need to support multiple devices, need to support customers who can't manage keys, perform heavy-weight rendering that would consume too much device battery and run slowly, etc.

These ideas are very 2020s focused. As the software industry evolves, would we need to convince politicians to allow us to use better technology that challenges assumptions we have today?

0 comments

4 comments · 1 top-level

Schroedingersat3y ago· 3 in thread

For messaging, Matrix has solved almost all of the problems you're claiming are insurmountable. Key management can be assisted with m out of n type secret sharing, or we just treat people like responsible adults, and if they lose their keys, then tough, those messages are gone now.

For loopholes, the solution is to just not believe the bullshit. Have a very high standard of evidence required and/or require fully informing the user of exactly what is stored, where it is stored, who can access it, and publicly sharing all code that touches it.

It's been proven over and over again that the current model does not work and that the people in charge are narcassistic children who cannot be trusted and lie constantly.

The GDPR is a half measure designed as much around enabling surveillance as safeguarding privacy. Anonymisation is a blatant lie. 'Innovation' is just a codeword for doing the same things we did before but worse.

8organicbitsOP3y ago

Not insurmountable, just very expensive. You're describing a worse user experience too.

Matrix probably isn't a good example. That's an impressive project with great developers. Most companies don't have equivalent staff, nor the budget to hire.

> publicly sharing all code that touches it

That's a huge request.

Schroedingersat3y ago

If an industry has proven repeatedly they can't be trusted not to stalk people and lie about it followed by being recklessly irresponsible with data and lying about breaches, then it's the bare minimum that should be enforced.

It would also encourage the innovation that you're so keen on because users wouldn't be trapped and you couldn't sit on one feature forever. You'd have to have an ongoing value proposition like every other vocation in all of history.

1 more reply

neon_electro3y ago

Is profiting from my data not a huge reward for such an effort?

j / k navigate · click thread line to collapse