Don't worry, you're free to speak your mind so long as you don't actually try to communicate with anyone. Please take care not to express your opinions outside of the officially designated free speech zones!
Don't be ridiculous. There are thousands of competing communications providers. If you want to share content that harms society or harms the platforms themselves then you might just have to do it outside of Facebook or Twitter.
> They're private platforms. You can send those links via many other routes ...
That is a complete non sequitur. You say it's not about freedom of speech. Someone responds that, in fact, blatant censorship is occurring. You don't even attempt to refute this point, instead falling back to pointing out that the censorship isn't illegal!
Censorship reduces freedom to speak. That statement remains true whether or not the speech happens to be legally protected, and regardless of how wide spread the censorship might be.
Removing spam could be considered a form of censorship. It is removing the speech of others.
Generally anti-spam measures facilitate rather than inhibit freedom of speech. A sufficiently popular internet forum without spam controls would quickly become mostly unusable.
In this case, doesn't censorship enable freedom to speak?
These aren't singular global quantities. Such censorship reduces spammers' freedom to speak in order to preserve that of the other participants. Spamming closely resembles a tragedy of the commons (overuse of the system to solicit sales) and anti-spam an associated regulatory action.
The problem with such an analogy is that spam is inherently off topic - approximately none of the other participants actually want to see it. That's fundamentally different from this case. Whether you deem it misinformation or political speech, many of the participants clearly do want to see it. In fact, they want to see it so much that such information is consistently selected by the automated algorithms that are designed specifically to maximize engagement metrics.
We should be careful not to conflate wanting to see something with clicks. By that metric, spam about free bitcoins has more interested participants than much of the political speech in question.
It's not a non sequitur. Freedom of speech is not the same thing as a (nonexistent) right to post whatever you want on a private platform regardless of the consequences for others or for the platform itself.
I never said it's not censorship. You can post links on a number of competing services (or start your own), therefore statements like
“A group of unknown people at a technology corporation should be the ultimate authority on what I’m allowed to say, read, or share with my friends.”
> Freedom of speech is not the same thing as a (nonexistent) right to post whatever you want on a private platform
Again with a non sequitur - I never claimed that it was. I said:
> > Censorship reduces freedom to speak. That statement remains true whether or not the speech happens to be legally protected
It's really hard to have a good faith discussion about the pros and cons of a nuanced issue when one of the parties repeatedly fails to make good faith interpretations of claims which appear to challenge their worldview.
> It's about freedom of Reach, not freedom of speech.
What a snappy cliche. If you prohibit certain people from using the printing press but allow others to do so, then in practice you are limiting their freedom to speak relative to other people. To imply otherwise is either disingenuous or profoundly misinformed.
Everyone has access to the modern equivalent of a printing press. Anyone can buy a domain name and a VPS and "print" as many leaflets as they want.
Publishing on YouTube is more like, well, publishing. There's a middleman. They own their own press, they have a reputation and an audience, they bring the eyeballs, they make the money and they give you a cut. It has never been censorship for a publisher to decline to publish something.
YouTube, Twitter, Facebook, Reddit, etc (and to a lesser extent search engines) are the modern equivalent of the printing press in terms of the effect they've had on how we communicate. A domain and VPS are simply not a viable substitute for access to mainstream social networks; to claim otherwise is disingenuous.
They are not at all similar to publishing. There's no editor. There's no approval process for the typical use case, only a retroactive removal process. They don't have an audience in the traditional sense of people paying someone to curate information for them but rather depend on network effects to maintain a monopoly on their segment of the market. To that end, they have more in common with a dating app than they do with the New York Times. The presence of advertising revenue is the only legitimate similarity I see to a traditional publishing model.
In spite of your claim that YouTube isn't infrastructure, it appears to me to have far more commonalities than differences with it. That it isn't (yet) regulated as such is merely a legal peculiarity from my perspective.
(And the above doesn't even begin to consider the effects that dumping VC and megacorp funded free product has had on the market. Good luck starting a competing platform when there's no viable way to operate a subscription model and your direct competitor has a monopoly on the relevant advertising market.)
The person I responded to did, in fact, directly imply this. Recall that I had compared the impact of modern mainstream social media to that of the printing press historically. Directly ignoring my central point clearly places your comment in bad faith.
"Freedom of reach" is nothing more than a thinly veiled attack on (cultural, not legal) freedom of speech (and liberalism more generally) for the reasons I've already articulated in this and nearby threads.
Original person you responded to here - I did not, in fact, imply this. My thesis is that your analogy is broken. We agree that having a domain and a VPS is a poor substitute for a voice on a major social network; likewise, owning your own printing press is no substitute for, say, a regular column in a popular newspaper. It's incorrect to frame it as forbidding access to technology, when what it really is is a middleman refusing to do business with you. We can debate about the precise nature of the middleman, but the presence or absence thereof is the defining feature. You CAN publish without Facebook. You CAN'T publish (paper) without a printing press.
It also bears noting that the gap in access to publishing technology has radically narrowed - it is WAY easier and cheaper to buy a domain and a VPS and publish your thoughts to the entire world without any content middleman, than it was to procure your own physical press and set up an operation to print even thousands of leaflets, let alone publish something with global reach. You have access to - pretty much - all the same technology that Facebook does.
No. Those are the very definition of publishers, not communications providers masquerading as publishers when it's politically convenient for them (recall the dance around Section 230 protections).
If a local newspaper ever somehow became the central point of communication for a significant fraction of the population, posting nearly everything they received by default with very little to no curation, then it would be reasonable to reexamine the expectations placed upon them by society.
> foreign governments and other actors actively seeking to polarize society
> What are some better alternatives?
I have no idea if it's mathematically possible but I'd be optimistic about the potential of a (hypothetical) privacy preserving web of trust metric. It would be really nice to have at least some limited indication of how the person behind the account fits into the world at large. Right now you can't reliably determine (arbitrary examples) country or even continent of residence, paid posts by an organized campaign (PR, propaganda, etc) versus organic occurrences, etc.
Of course, Facebook is the ever present counterexample where people proudly attach their full legal name to hate filled streams. But at least I personally know for certain that they're local people who actually exist and aren't being paid for their posts! Silver linings and all that.
But web of trust is still something you have to know and consciously decide to use. What if a majority of people would simply ignore it because it conflicts with the opinion formed in their own bubble - or if they simply don't know about it or don't know how to use it?
Not if it's built into the communication platform you happen to be using. Just one or a few basic indicators to give you even the slightest bit of information about who wrote what you're reading. Just a simple "p = 0.03 US resident" or an aggregate trust score based on a combination of social graph connectivity and spam reports or something. Sure, people could intentionally ignore it, but right now there's no indicator to be had even if you want it!
To be clear, I'm not talking about present day clunky GPG web of trust with key signing parties and all that. I'm talking about a hypothetical (ie as yet nonexistent) magical web of trust that somehow doesn't destroy your privacy in the process of being used. (It's not as crazy as it sounds - we already have zero knowledge proofs, blinded encryption, and various other privacy preserving cryptographic schemes.)
> You will just write a mobile app and that will be backwards compatible with desktop automatically.
A PWA? Sure. But a native app with seamless integration? No way.
Instead of Windows, macOS, and various Linux flavors, now you've got Windows, iOS, still macOS (for now), various Android versions, and various Linux flavors (including Chrome OS). Good luck!
(Depending on the type of app, you might also want or need to support various embedded devices or game consoles. I guess QT doesn't help there though.)
Just do your linking in a final build step that 1: Only reads in object files and resources (ie rejects source code); 2: Bundles up all the object files into an archive; 3: Outputs the final executable alongside the archive.
You mentioned LTO. Don't the LLVM and GCC LTO implementations currently involve outputting compiler IR to object files, then running the optimization passes against the full collection of object files prior to linking? So they inherently collect all the object files together in a linkable form.
(Of course, it's probably more efficient to just dynamically link Qt and pay for a license if you want to publish for iOS.)
Thanks for spelling it out like that - I think I might see the bigger picture here now. DoH (which incorporates DNSSEC under the hood) to protect the name lookup. IPv6 to provide unique addresses for every single service you connect to. The complete removal of SNI (as a security threat) and ESNI (as unnecessary complexity).
Pi-hole type filtering is then implemented based on IP blocks instead of DNS queries. Any unrecognizable IP address is default denied. Tracking, analytics, and ads could still be proxied by a remote host, but that can already happen anyway.
Of course, your ISP (or VPN, or anyone else along the network path) could employ the exact same approach to determine the services you connect to. Which leads me right back to DoH being largely pointless and Tor or similar being a hard requirement for actual privacy. Unless I'm missing something?
> there continue to be threads full of arguments that amount to "It should be possible for 'good' network admins to intercept traffic from devices that don't trust them, but 'bad' network admins shouldn't be able to intercept traffic from devices that don't trust them"
That's not what I see at all.
I see people pointing out that DoH hurts privacy and reduces control for end users by providing a convenient turnkey solution for device vendors to bypass filtering at the network level.
I also see it pointed out that DoH could have been specified in a way that facilitated filtering for the local network. Given that it's so obviously possible, the fact that it wasn't speaks volumes.
Note that (IIUC) your ISP can still see which sites you visit because TLS still transmits the FQDN in plaintext (https://security.stackexchange.com/questions/86723). Even if that stopped happening tomorrow, the destination IP would still be visible (not quite as bad but still reveals a huge amount of information). On top of all that, DNSSEC already exists which allows you to verify the authenticity of the query result. As such, the argument in favor of DoH would seem to be limited to preventing your DNS resolver (but not your ISP or VPN!) from tracking which sites you visit. I don't find that to be very compelling in light of the immediate downsides.
> I also see it pointed out that DoH could have been specified in a way that facilitated filtering for the local network. Given that it's so obviously possible
No, it couldn't have been, and this is exactly what I was referring to in my comment. Any mechanism that allows the local network to intercept the traffic of a device that doesn't trust the network can and will be abused. The entire point of DoH was to make DNS clients secure, by preventing ISPs and other network providers from monitoring, intercepting, or tampering with DNS results.
You're asking for DNS to be left insecure, so that you can tamper with it. You're asking for the security of clients that actually give users control (laptops, phones, etc) to be sacrificed so that you can continue to tamper with DNS results for clients that don't give users control.
> On top of all that, DNSSEC already exists which allows you to verify the authenticity of the query result.
DNSSEC isn't nearly widespread enough to expect to find it everywhere. Only very specialized clients could make it a requirement; most clients cannot. DNSSEC requires upgrading most of the world before people can rely on it; DoH is an incremental solution.
> As such, the argument in favor of DoH would seem to be limited to preventing your DNS resolver (but not your ISP or VPN!) from tracking which sites you visit.
SNI is being fixed. Once SNI is fixed, DNS is one of the last holes that allows your ISP or other network provider to track you.
And as mentioned above, since DNSSEC is not a viable solution anytime soon, DoH is also critically important to prevent ISPs and other network providers to tamper with your DNS results.
Some color to this: it's less than 2% of North American domains, the number of signed zones has actually dropped in some intervals, and it's practically nonexistent among big companies with security teams. Google isn't DNSSEC-signed. Neither is Microsoft. Or Facebook. Or Amazon (whose DNS service, Route53, doesn't implement DNSSEC). Or, last I checked, any US bank.
You can check this for yourself: make a list of domains, and then write a trivial script:
#!/bin/sh
while read domain
do
ds=$(dig ds $domain +short)
echo "$domain $ds"
done
