[liberationtech] FB-like "Twitter-connect" soon. How can we avoid all this tracking?
Eleanor Saitta
ella at dymaxion.org
Fri May 25 09:37:09 PDT 2012
On 2012.05.25 16.37, Sarah A. Downey wrote:
> I'll respond to your "everything must be open source" statement,
> although I'm fairly certain it won't have any effect on your opinion
> that "closed" always equals "bad." And please keep in mind that we're
> giving away a /free /add-on with /zero /tracking of or advertising to
> its users.
>
> It's an unnecessarily restrictive and self-handicapping position that
> software /must /be open source to be useful for privacy. Plenty of open
> source privacy tools have come and gone in the past because they aren't
> sustainable without funding.
>
> Our software does what it says, and it's designed to be simple enough
> that the vast majority of Internet users--people who aren't coders or
> particularly tech savvy--can use it.
The problem here is that we don't trust you. It's nothing personal. We
don't trust anyone, unless we can verify. If we can't see exactly what
the tool does, we don't have a way of verifying what it does. This is
critical normally, but much more important for tools that claim to
provide privacy or security protection.
There are a lot of ways around this. Open source is one of them.
Providing source access to independent auditors under a license that
does not restrict them from talking about what it does and how it does
it is another.
If you're not willing to be open about exactly how your tool protects my
privacy, why should I trust that you got it right? No, I don't expect
all users will check, or care, but some of us will, and we tell others
what they should use.
Privacy, like crypto, is *hard*. Would you trust someone who claimed to
have a super-secure crypto algorithm that they wrote themselves that's
never been peer reviewed? No. Why should we do it with a privacy tool?
E.
--
Ideas are my favorite toys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120525/9e4488e2/attachment.asc>
More information about the liberationtech
mailing list