The bad thing about snopes is they don't have a spectrum, it's a binary 'fact or not fact' system. This means even a slight bit of bias can be the difference between fact or not.
But the more important question is why a random website is being used as the basis for truth. They don't even try to hide the bias in their language, it's just filled with words you would never see in an academic document.
I was thinking more along the lines of a true spectrum, like a percentage system. What you have here is a bunch of qualitative truthiness symbols decided arbitrarily, it's not much different from just saying true or false.
For example, https://www.snopes.com/fact-check/marijuana-electron-microsc... this article would lead a passerby to believe that there is equal parts truth and lie in this picture + caption. In reality I would judge this as 'mostly true' because the caption is more true than it is false.
I saw one on PolitiFact about Biden a while back. The claim was that he's been fighting to cut social security benefits for the last 40 years. The verdict was "mostly false" but if you read the contents [1], it's "mostly true." You see shit like this all the time.
It's more in the middle. He clearly was going with the flow of politics at the time on budget hawking. It hardly seems like he wanted to eliminate/privatize SS like most conservatives who aren't retired want to do. So there a levels to "cutting social security" like most complicated topics from freezing it to reducing it to eliminating it. I agree though their mostly false doesn't seem reasonable to me from a statistical analysis of what they presented in the article
Maybe, but a well told lie told by The One Authority on Truth has more destructive power than a billion chaos monkeys typing on their typewriters for the next hundred generations.
I am starting to think that ultimately, though, the answer is one that no one particularly wants to admit because it boils down to two unpalatable options, one distributed and unregulated; the other centralized and regulated.
1) Unregulated: No one is the arbiter of truth, in which case a haphazard group of marketers, propagandists and psyops peddlers reign supreme. This eventually/inevitably consolidates into an organized propaganda outlet.
2) Regulated: A group is selected based on some credential or merit and you end up with essentially a Technocracy. More or less what the "Elites" boogeyman is. If the Technocracy is staffed by scientists and engineers, then it might be the best possibility available. But this also eventually consolidates and leads to an erosion of the eligibility credentials and then non-expert people will gain positions within it for ulterior motives.
If the technocratic group is limited in scope of what "truths" it can decide on, then that is potentially a reasonable compromise.
The world is multi-faceted. Situations and individuals are complex. Externalities and exceptions abound.
Multiple perspectives can accurately describe the same event - e.g. the fable about the blind me all describing an elephant.
Each of their individual descriptions is true. There is also a larger truth that none of them are aware of. That doesn’t make them liars either individually or a group.
Additionally, it can be highly politically advantageous to frame, spin, or otherwise mischaracterize, on the thinnest evidence, both out of bad faith and naïveté.
So, about Truth with a capital ‘T’, I’d like to paraphrase PK Dick’s statement, “truth is what exists when you stop believing.”
What could you possibly want to post that might get taken down by twitter? Unless you post actual nazi propaganda or violence or something, it's a pretty free place. Remembering that freedom means people get to tell you to shut up, of course.
Now that I think about it, why aren't most messaging apps peer to peer? Shouldn't that be the standard? I mean it's literally the point of messages: sending from one person to another.
a) Often the intended recipient isn't online when the message is sent, and it may happen that there is never a time when both sender and recipient are online simultaneously (e.g. sender's device only turns on to send the occasional message, receiver's device is usually off but turns on occasionally to check if there are messages)
b) Often one or both devices can only connect to, but can't be connected to (because behind a NAT, a mobile device, firewall, etc.)
c) Communication is often desired between accounts rather than devices -- I may want to send/receive on my work computer, home computer, phone, and watch
In before someone suggests storing encrypted messages in a public blockchain. This is a really good overview of the challenges with these messaging systems. Store and forward has been our MO since email and Usenet were invented because always on always connected devices that aren’t restricted by some network obstacle are not really feasible or even desirable most of the time. I do wonder what alternatives we have to something like a trusted online service to store and forward messages or a public blockchain. Some kind of crypto based system where nobody but the owner of a private key can even locate the message? A decentralized system where multiple copies of multiple fragments of your message are stored so nobody can piece together your (encrypted) message without controlling the majority of the nodes?
If only the ecosystem had been built to use E2EE by default, always. They fucked up with the design allowing bridges and bots, left E2EE for later, and now they're in the vicious circle of downgrade attacks until all major clients switch to E2EE with no insecure fall-back option.
there aren't downgrade attacks. we turned on E2EE by default in May for private rooms, and there's no negotiation involved. if you're on a client that supports E2EE (i.e. almost all major ones, now) and you try to DM someone, they simply won't be able to read you unless they support E2EE. i.e. they can't downgrade the convo.
That's good. The last time I had a look at Matrix clients it was a mess. IIUC the E2EE isn't enabled by default for the old Riot client, only RiotX and Riot web have it.
What happens if someone with old Riot client creates a room and someone with e.g. RiotX joins it, will it force E2EE on? Or will it fall back to non-E2EE messaging?
The creator and admins of the room picks the encryption preferences, iiuc: if you have a client that doesn’t support E2EE, you might be able to create an encrypted room (?) but it would be pretty useless. The clients all clearly mark the encryption status of the room you’re in.
So if an ignorant/malicious user creates a room without E2EE and doesn't care to enable it even when requested, all users are forced to converse in effectively plaintext, and the solution is "clients tell users it's not E2EE".
IMO it should be the case that it's always E2EE, no other options. Until that's the case I think Matrix ecosystem isn't keeping up with centralized solutions like Signal.
I'm really intrigued by the Scuttlebutt protocol, but in practice it's super hard to get plugged into the community because, as a new user, nobody follows you. I haven't figured out how to just engage people in conversation -- I reply to their posts but nobody sees my replies.
If there are other applications that can run over the protocol, I'm interested in learning about them.
Yeah, that behaviour's designed to counter spam and unwanted bots, but it does mean newbies need to be invited into a community. Meanwhile it's lonely talking into the void.
If you're happy posting your SSB ID publicly, I'll follow you, and that may help. Or you can use the #new-people tag if you want to introduce/announce yourself :)
This really isn’t my field, I am more of a full stack developer who mostly works on web apps with a heavy interest in networking. So definitely not an authority on the subject.
I think that’s basically the sort of system that most places employ. It’s nice because it’s easy to set up but you really need to trust Skype. Say they actually try to use end to end encryption. How does that work? Well, you could say “I am Alice and I want to establish a connection to Bob. Here is my public key he can use to send me messages and I’d like his public key so I can send him his.” That of course would need to happen in addition to establishing a network connection. So no if Skype is a good actor they will pass my public key to Bob, get his and send it to me as well as coordinate us establishing a direct connection.
But what if Skype is a bad actor? Well they could take my public key and send Bob one of their own. Then they could also send me their own. Now they can listen in on my conversation. They can also in a similar fashion make it seem like I’m connected directly to Bob’s networked device but really just relay the connection through their servers. Neither Bob nor I would have any way of knowing that without having exchanged public keys prior and having verified them. So this system is basically insecure against Skype wanting to listen to my conversations or being compelled to do so by a state actor.
Is IPv6 likely to be a practical solution to the router/NAT issue? Are routers assigning globally-routable IPs to their clients, is that already a thing?
IPv6 solves one of the reasons to use NAT. One more intractable reason is that many players (cellphone network operators, corporate networks) consider it a positive thing that individual devices are not globally accessible.
For cellphone networks it's not just a provider-side incentive, as inbound traffic will drain battery and you'd have no good way to stop it. But this only requires some sort of spam filter to be in front of the cellular link, like with a friends-based system where you keep connections to some friend's online nodes when you lock your phone, and just exchange IP+port info on both sides to just send a UDP packet to each other's IP+port from your own IP+port, punching your firewall. Theoretically you might even actively control your firewall to allow closing it off and also maintaining some permanent open entries for your friends to reach you with no indirection from their usual network(s). A provider could make money by selling (quota for) provider-side user-controlled firewall entries, and you could have your OS give out quota to apps.
It's feasible once you reach the point where it's worth the effort of implementing.
The NATs will be gone, but they'd be just replaced by firewalls with "default deny incoming" policies for most users. Some users might change this, but there would be enough people using defaults that one could not rely on p2p connectivity.
(The current networks are often not set up to handle malicious incoming internet traffic, and new protocol is not going to change this)
> why aren't most messaging apps peer to peer [...] it's literally the point of messages: sending from one person to another.
Messaging apps are more like postal services — "please deliver this message to $person" — you're describing driving across town to drop something in a mailbox directly. A peer-to-peer messaging system wouldn't have many benefits over an E2E-encrypted one (in a centralized E2E-encrypted service you already enjoy technical guarantees that the courier can't peek inside the metaphorical envelope), but would have several usability drawbacks that would drive away casual users, which the sibling comments mention.
Driving away casual users has its own problems: you might drive them away to insecure services ("ah fuck it, this thing doesn't work, I'll just DM them on Twitter"), and the lack of casual users will make your remaining users stand out in traffic analysis (e.g. state agency says "hmm, askxnakjsn is using SuperEncryptoP2PMessenger, better go make sure they aren't a dissident").
For multiple reasons but first of all because it would require both devices to be connected and online.
The common alternative to overcome this is to pass the messages through the server and encrypt/decrypt them on the device (aka e2e encryption). I acknowledge that might not be secure enough for certain use cases.
P2P requires both clients to be running at the same time in order to communicate. If you friend's phone is off and you send a message, they won't get it when they turn their phone on.
Seems to me like there should be a DHT way to solve this. When you boot up, you take your place in the table and query your neighbors for messages. If someone's unreachable when a message is sent, you hand the message to their neighbors to hold it until they appear.
Which requires you to trust your neighbours. To which you might say: aha! Just use end to end encryption! And sure, you can. But at that point, what benefits are you getting over using E2E with a centralised system? Very few. And you’re getting a bunch of drawbacks in terms of reliability too.
E2EE only protects content. Metadata is also very important and where as p2p apps like Briar, Ricochet, Cwtch and TFC hide it from all, centralized and decentralized apps have one or more weak points that allow eavesdropping on larger amounts of metadata.
Depending on whether you expect IM to work like physical mail or a phone call, this may be the expected behaviour.
It seems the majority here seem to be expecting the former, although I think of IM as more like the latter: if the recipient is not available, then the message is simply dropped, much like I can't call someone who is not answering the phone.
The big problem with this is that you expect the computer to respond to your clicks naturally and instantly and instead you are put on hold while an animation plays. It may not break the latency rule strictly, but theoretically feels like it should be added on there because it has the same effect for users who don't care about animations (aka most users).
But the more important question is why a random website is being used as the basis for truth. They don't even try to hide the bias in their language, it's just filled with words you would never see in an academic document.