April 27, 2024

The mountain of shit theory

Uriel Fanelli's blog in English

Fediverse

Cialtroprivacy, II.

Uriel Fanelli 0 Comments

Cialtroprivacy, II.

The first article on cialtroprivacy caused some reactions, also due to the fact that I have clearly indicated who the scoundrels are, and therefore I would like to reiterate. Especially because the approach I suggest, that is to educate the data owner to a few principles (risks and value) is exactly one of the principles to follow when compiling the Privacy by Design documentation required by the GDPR. One wonders if the privacy scoundrels know how to prepare the documentation for the Privacy by Design item.

But let's get to the point. I see that the politicians who deal with the problem try to imitate the few politicians who do: if at the moment the EU is making a strategic plan for cyber independence, allocating money and establishing a roadmap, the politician is also trying to propose a “Strategy”, simply that it is bankruptcy from the start.

Let me explain: to break a monopoly there is only one method. Break the monopoly. An Authority arrives and reduces the monopolists to a stew of competing companies. Point.

The politician, on the other hand, always has the "do it yourself" solution, with the simple difference that, being inept in the field, he does not know how to do it. So he doesn't do it: the "facicchia". And therefore it proposes "alternatives" to the software greats…. which are not alternatives.

Have you ever done a modern diet? The first thing the dietician will tell you is that if he orders you to eat only "energy of the universe" and "two leaves of marjoram", you will probably do so for a month. Maybe for two. Then you will return as before, because the diet was unsustainable. So he has to make you a diet that is, first and foremost, equally enjoyable, to the point that it can be maintained indefinitely.

But the cialtroprivacy politician is not a professional like the dietician. He doesn't even know what we're talking about. He only knows that "fighting for privacy" could give him a spot in one of the many consumer associations, and pay him his salary.

So he proposes solutions that may be solutions, but they are not solutions. One of these is "Mastodon". Now, if we are talking about centralization (because GAFAMs are centralized) and you have something like the fediverse, don't make it so that only one part of the fediverse (Mastodon is just one of the software in use), becomes the name of EVERY one of its component. It is like saying that we take "social networks" and replace it with "Facebook", and then we are surprised if Facebook incorporates all social networks.

But the politician is looking for a job and money for the bill: he doesn't care if to do so he has to defend privacy online or the biodegradability of carrots, he has to fight a battle that allows him to have a salary, or at least the appearance. Politics, after all, remained the only social elevator. The little policy is a condominium staircase, but in short, you do some floors.

Under "self-hosting" our privacy politician falls very badly. First of all because not knowing anything about computer science and the internet, he believes that only very few sorcerers can have services at home. He doesn't know anything about projects like Yunohost because for him “doing” is the drama: if he knew how to do something, he wouldn't be trying to become “the next codacons”, after all.

Even worse, the politician continues to defend the fediverse as a system of federated entities, so that it is not possible with big data to do profiling, but post from one of your or three instances that have 500,000 users. To decentralize.

BUT I was saying, the diet. The impossible diet. So, let's go here:

https://www.lealternative.net/

The politician says that if you stop using the evil GAFAMs, and use the lifesaving applications above, then you are safe from GAFAM and they are not taking any data from you and you have set the world free.

Good. Try it. If you have a job that requires IT, you will last for about six months. You will install "loUsanoInTreOS 2.18", which above has "AstrusoOffice 44.3", which is 73.24% compatible with Office, and after having worked and cursed to import a file from colleagues, you will put what they asked for and send it back. And no colleague will be able to read it.

If you had a critical method, you would notice that Microsoft already had that document because your colleague uses office and windows and exchange. So you don't need to protect your colleague and his privacy, because it's already lost. So you can safely install a VM with windows on your linux, and use tools that will save you time. It's the same thing: your colleagues have already given that document to Microsoft.

And then the advice should not be to use "the alternatives": it is to use Qubes OS: https://www.qubes-os.org/ . It is built well by a person who is a security guru. Assessments were made on that stuff. It is not “BimboMinkiaDistribuzioneLinuxOS 0.9.3 pre-alpha”. And above there is no “stakkahstakkahOffice Unstable-e'-Bello 2.13-but alwaysAlphaE '”.

Another thing is when they recommend the usual "safe" email providers, such as Tutanota or Protonmail. Then log into ProtonMail, and get an email. Overflowing with privacy. End to end encrypted. To end. To end again, that's cool. Where does the email come from? From Gmail.

ooook. Then it's full of end to end privacy. For sure.

And then comes the usual objection "but if I send it tutanota to tutanota, or protonmail to protonmail, it's safe". Obvious. If you set up YOUR SMTP / IMAP server in your house, and everyone just uses that, you got the same thing. On the same SMTP server you always have the certainty that there is no MITM. What need do you have for tutanota or protonmail, if you ask everyone to use the exact same SMTP / IMAP server? You used to turn one home and go.

Let's move on to the "alternatives"?

Let's talk about Matrix and Signal first. Signal, besides being disgustingly centralized, is so complex as to be IMPOSSIBLE to make sure: the chain of dependencies is catastrophic. https://github.com/aqnouch/Signal-Setup-Guide

Matrix? So, the Matrix itself should be a simple service: https://spec.matrix.org/latest/ . it can be described as a set of APIs.

Now, if you look at any API gateway server, such as Apigee, or Kong, you will immediately realize that an API gateway that does the same thing after implementing the API as per swagger having only one DB as backend, would weigh much less than their system. And as if that weren't enough, it would be stable and wouldn't waste memory that way. You could rewrite the Matrix much better using Kong and ONLY ONE Mongo database from what I see from the described bees.

In reality, both Matrix and SIgnal servers are so complex (unnecessarily complex) that they CANNOT be secure. But the politician does not know that there was already a system capable of doing what these two software do: XMPP. And that then just use YunoHost and install it. And if you choose the right client, it can also be just as sparkling. And just as safe.

But the problem with selfhosting is that the politician doesn't understand it. And he comes out saying “you can keep an instance of it in self-hosting on a cloud provider of your choice”. Now, the point is, paying for selfhosting isn't enough. The "self" of selfhosting does not refer to whoever pays, but to whoever controls the system.

Saying that you can self-host an instance of, I know, Pleroma, on a cloud provider of your choice is like saying you can pay someone to fuck your wife well. She will also be satisfied, but YOU cannot say that YOU have satisfied her. Likewise, saying that I have a VPS on Hefner to self-host Pleroma is like saying “I paid Lorenzo Hefner to fuck my wife, I satisfy her”. Does not work. In the scheme it is not you who satisfy it, you are only the ones who pay. Likewise, if you self-host on a cloud provider, don't “self-host”, just “paid hosting”: in the whole game you do nothing, you are only the ones who pay.

I could again mention cialtronerie like “Telegram” proposed as a secure and privacy-oriented platform, for one thing. But I hope the concept is clear: as long as there are privacy-cials, you will never have any privacy.

You could have privacy by teaching how to segregate data, to choose which data to give to whom, to create secure communication circuits when the situation requires it. Instead, all you see is a pile of idiots piling up on Telegram discussing how to drop ER SISDEMA and the drug you took yesterday, but then ask the doctor to send the prescription via Whatsapp.

And no, with these "alternatives" the GAFAMs stay fresh and sleep well.

Because the ONLY approach that works with them is the segregatory one: creating digital spaces and then disaggregating them, deciding which data they CAN and which ones shouldn't.

It can be done using Qubes-OS:

  • A space where you interact with peons who use gafam software and the data can be considered lost.
  • A space where you interact with the internet (no data)
  • A space of trust where you really keep your data and only pass it on to people who are equally safe.

And a lot, a lot of disaggregation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Create a website and earn with Altervista - Disclaimer - Report Abuse - Privacy Policy - Customize advertising tracking