[liberationtech] Heml.is - "The Beautiful & Secure Messenger"
Mitar
mmitar at gmail.com
Thu Jul 11 13:36:32 PDT 2013
Hi!
On Thu, Jul 11, 2013 at 1:04 PM, Julian Oliver <julian at julianoliver.com> wrote:
> A good point. Nonetheless the way forward for security critical software is
> toward de-centralisation; encouraging deployment and adaptation to local
> contexts - political, social and topological. This is why both client and server
> need to be open such that they can be both audited and adapted.
But how do you assure that server is really running the server code you audited?
I agree that we should try to decentralize because of the censorship
reasons. But if you distribute your servers all around the globe, but
they are still operated by same entity, is this much different than
being operated by multiple entities? You still cannot assure that the
servers are running what they ought to be running.
But yes, if servers are run by multiple entities you somehow assume
that it is harder to convince majority (if you are using some majority
voting) than one entity to run compromised code. Maybe. Or it just
takes more time.
> I can't think of a case where arguments in favour of closed-source deployment in
> this space aren't ultimately grounded in desire for control and capital return
> within a product-oriented (rather than service) business model.
I agree. But wanting (and assuring it with closed source) capital
return might not be so big problem if it does not lower the security
of the users, while assuring high-quality and ongoing operation of the
service.
Maybe we should, instead of criticizing, start thinking also about
business models for distributed secure systems. So assuming that they
would make it distributed and completely open source, which known
business models we have for that, which would assure a steady income
and not be dependent on grants? Donations? Crowdfunding?
My issue with business models is that once the money is involved, you
could be easier to track. Bitcoin is not anonymous. Or if you want to
make it, you have to do additional work which again might not be so
user friendly and people might skip it.
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
More information about the liberationtech
mailing list