[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Social-media antipathy (was Re: How i can optimize my operating system?)

On 3/18/21, Celejar <celejar@gmail.com> wrote:
> On Thu, 18 Mar 2021 12:49:27 -0300
> riveravaldez <riveravaldezmail@gmail.com> wrote:
>
>> I'm getting pretty confuse with these statements.
>>
>> On 3/18/21, Celejar <celejar@gmail.com> wrote:
>> > (...)
>> > I definitely share your concerns about Facebook (although perhaps not
>> > quite your vehemence), but making **blatantly incorrect** assertions
>> > like
>> > the claim that Facebook is one of the ends of WhatsApp's E2E encryption
>> > does not help our cause.
>> (...)
>> > WhatsApp **apparently** has genuine end-to-end encryption, using the
>> > Signal protocol, and neither of the ends is Facebook.
>> >
>> > Of course, it's closed source, so **we can't know for sure what's
>> > really
>> > in there**, and I certainly won't use it, but as far as **anyone
>> > knows**, it
>> > is **the real deal**:
>>
>> I added all the '**' to emphasize with precision what I find
>> unacceptable.
>> Taking them as a whole they are simply absurd, in a very rigorous, logic
>> sense.
>>
>> Am I wrong in this, and altogether they conform a serious and reasonable
>> argument?
>>
>> Because as far as I used to know, once you put one foot in closed-source
>> clients territory you're no longer speaking about security but
>> insecurity.
>> The whole discussion becomes irrelevant, you're simply **having faith**
>> - **in Facebook**, to make it even more intense - , which is, by
>> definition,
>> the opposite of reason, science or self-verified-security.
>>
>> Is that I'm completely wrong in this?
>>
>> How can anyone **know** that WA's claimed E2E encryption is **the real
>> deal**?
>
> I agree that no one "knows," in the sense of absolute epistemological
> certainty. (...)

I wasn't "asking" for that much, in fact, that category of 'certainty'
is probably
unachievable (even more, in scientific terms, it's probably a misconception).
Just the difference between an open-source code more or less checked,
audited and edited-in-collaboration by certain community (and with the
inherent risk of being transparent if you pretend to inject anything malicious),
against a closed-source code, completely and perfectly obscure, for which
nobody have no kind of access, and which direction and actions are solely
decided by the profit interest of some number of shareholders, specially
when its profit mechanism relies specifically in the capture and collection of
as much as possible user's data, etc.
I'm sorry that my English is pretty poor and rustic but maybe with a little of
good intention this is clear enough.

> (...) someone might reasonably assume that if Moxie talks
> like this about WhatsApp, then it is likely trustworthy:
>
> https://signal.org/blog/whatsapp/
> https://signal.org/blog/whatsapp-complete/
>
> (Of course, the first one is from around the very beginning of the
> Facebook days, and the second one is still five years ago.)

Five years, in this matter, is an unacceptable amount of time to consider,
at least in my opinion, we could be talking about a completely different code.
Please someone correct me if I'm wrong.

> (...) The bottom line: no, I don't "know" that WhatsApp is secure, but
> neither do I "know" that anything I run is. (...)

To put it simply, I can't accept the idea that in terms of security or privacy
"community driven open-source and corporation-profit driven closed-source
software are perfectly comparable or even the same". I think such an
implication is blatantly false, and to deal with it is to shore crazyland...

But again, I'm always sincerely open to be corrected.

Kind regards.
Reply to: