Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Mention that users should not use multiple of our services #987

Closed
ghost opened this issue Jun 11, 2019 · 10 comments · Fixed by #1732
Closed

Mention that users should not use multiple of our services #987

ghost opened this issue Jun 11, 2019 · 10 comments · Fixed by #1732

Comments

@ghost
Copy link

ghost commented Jun 11, 2019

We are for decentralization, but at the same time, us hosting so many of these services looks like we want our visitors to use them.

It's okay to use one of our services but users shouldn't centralize their privacy around PTIO.

We should add a notice to the site.

@ghost ghost added the ✨ enhancement label Jun 11, 2019
@Mikaela Mikaela added high priority 🌐 website issue *Technical* issues with the website. 💬 discussion labels Jun 12, 2019
@five-c-d
Copy link

One of the problems with decentralization, is that if an enduser has the choice of

  1. going through the time&trouble to self-host
  2. or, just using a well-known brand they already trust

plenty of people will pick door#2 ... which tends to make the brand even more-well known, and pretty soon you have a "centralized despite intending to be decentralized" actuality.

In most ways this is an unavoidable paradox: 99% of people are NOT going to be able to secure a server-node, and configure it in a privacy-respecting manner, as the folks who run privacyToolsIO. Thus, they are actually better off entrusting the privacyToolsIO team to run the server portion, because Bob trying to secure his own firewall and patch/harden his own server-side OS and install/configure his own federated service-node... well, to put it bluntly, Bob will screw the pooch if he tries to DIY because he is not competent enough.

But once you have millions of Bob-type-folks trusting the central privacyToolsIO server-cluster with their sensitive info... THAT turns the server-cluster into a juicy target!

Pretty related == https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident Kinda related == https://lwn.net/Articles/687294/

To me, the thing that is worrisome for privacyToolsIO services, is that if they succeed they will cost a lot of money to operate (since hosting-fees go up as userbase goes up), AND they will make the privacyToolsIO servers and nearby-router-boxen and such into juicy targets (because surveillance-value of a popular service with lots of endusers goes up as the userbase goes up as well). Definitely related == #966 about funding the work ...and defining WHAT the work is, which you really want to put your minds to accomplishing

@Perelandra0x309
Copy link
Contributor

@Shifterovich What is your concern with "consolidation" (I think that is a better term) of using several services from the same provider (PTIO)? Is it that if the Mastodon instance is down or compromised, the other services like Matrix and Write are also unavailable or compromised?

@ghost
Copy link
Author

ghost commented Jul 18, 2019

Yes. Also users shouldn't trust us more than any other provider -- even less, in fact, since a paid service comes with more guarantee than a volunteer project like PTIO.

@blacklight447
Copy link
Collaborator

How would we be implementing this warning, where would it be posted? does it also have to be on the main site, or just a blog post on blog.privacytools.io? We also need to think whether we want the warning on every service homepage.

@ghost
Copy link
Author

ghost commented Sep 6, 2019

A link to a new page should be added to the Services dropdown. That page should explain why users shouldn't centralize their privacy on our services.

@Mikaela
Copy link
Contributor

Mikaela commented Feb 11, 2020

Hi @privacytoolsIO/editorial, is anyone thinking of this issue actively (or at least remembering it exists)? Due to its ghost status (#1379), it's difficult to find and I just remembered this while referring here from the forum thread on replacing Matrix with XMPP.

@strypey
Copy link

strypey commented Feb 20, 2020

Two possible ways to mitigate this:

@jonaharagon jonaharagon removed the 🌐 website issue *Technical* issues with the website. label Feb 20, 2020
@blacklight447
Copy link
Collaborator

blacklight447 commented Mar 2, 2020

Two possible ways to mitigate this:

We could make a explanition on why federation is important in a "don't put all your eggs in one basket" kind of sense, together with a link to librehosters on our services page. what do you think @dngray @jonaharagon

@jonaharagon
Copy link
Contributor

This is essentially what #1732 covers already, no? If you want to adjust the wording you can add a suggestion there.

@blacklight447
Copy link
Collaborator

This is essentially what #1732 covers already, no? If you want to adjust the wording you can add a suggestion there.

ive added it to the PR.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants