Pup Biru

this post helps to feed the AI beast

there’s no escaping it; let’s not do with AI what we’ve done with CO2 and plastic and shift blame to individuals

the other insidious part about it is that pretty much everyone agrees: experience is critical to ensuring AI isn’t just producing slop… 30% of the time you get something that’s not just working, but well architected

now when you get AI to do things, even if you go with the assertion that it’s quicker (which a lot of the time i doubt: task choice is also critical for effectively using AI to generate useful outputs), you’re grinding down on your experience… not only are you learning less, but you’re also letting your reasoning skills degrade because you’re not using them (this is a pretty well-documented effect in standard neuroscience afaik)

imo, only use AI in situations where you’d put a library in, because the level of abstraction from the problem solving is similar

it’s okay it’s there out of frame; it just has to be safe for meta platforms

if only it were that simple in a social and professional context

i’ll choose linux + a user age metadata standard that’s technically compliant + shit professional application that i have no choice but to use - over windows + exactly that same application any day of the week

sure, but if an application “requires” age verification for whatever reason, would you prefer the functional equivalent to clicking “i’m over 18 pinky promise” as a standard, or they use biometric data that they all implement differently and then there’s like 33.7 leaks in the next 6 months?

like the whole thing is bullshit, but a file on disk is a wink wink nudge nudge sure we are compliant bud

the true unix way: if you text editor you own the world

for large companies, i think you’re probably right… but there are plenty of transactions that happen cash. i think it’s a case of not letting perfect be the enemy of better. some people might lie, and if they get caught that should have some punishment… but we hope that most people don’t lie, because the risk just isn’t worth it

what’s stripping these companies lying about their financial data to tax authorities?

there are lots of self-report mechanisms that we use… it’s just not worth the blowback of non-disclosure to lie about it. some people do, and sometimes they get caught; not always, but overall it’s a net benefit to transparency

ENS runs on Etherium which no longer uses POW, thus doesn’t waste power in the same way as eg bitcoin

also I2P and onion don’t have name systems per se, so that doesn’t actually address the problem… AA could just use an IP address or something, but they require (for human usability) well known domain names

I2P and onion still require systems for discovery. they solve different problems to name systems

BUT ITS CHILLA TIME

but it’s not a 1000000x return!

i took the phrase

You don’t need to understand why they struggle, just accept that they do.

to mean that you shouldn’t assume someone is lying. they just might have different circumstance or needs. that doesn’t invalidate their experience, just that you’re solving different problems (which may not have been well communicated, and also may not even be technical problems).

if you’re trying to solve their problems, then sure that’s a discussing… but 99% of tech conversations on the internet like this are people berating others for “not understanding” the “simple” way it’s done because it works fine for them

slight disagree: proud version is actually when you become so disillusioned with your old code that you throw it all out and start again

sell at $100… got it! thanks future me! will do!

agreed!

you can’t, and shouldn’t… lemmy never claimed to be, nor has the architecture to enable it to be a private service. lemmy instances are run by arbitrary people on the internet, and some of them do run forked versions of the codebase (eg blahaj)… we have no way of verifying what’s running on the server

but interaction on lemmy doesn’t require trust. i don’t think anyone is expecting lemmy to be private

It’s not really a partial solution

disagree, and that’s fine… STEM is full of partial solutions that become complete solutions as additional pieces are added (and as i said with the proxy, imo the proxy makes it a complete solution)

The complete and obvious solution to the problem is to not collect personally identifying information in the first place.

but that creates other problems… for example, with spam and usability

it’s all trade-offs, and signal has done a lot of global privacy when compared to alternatives exactly because of the compromises they’ve made

You have a very charitable view of Signal making the base assumption that people running it are good actors

i don’t consider it charity… they’re making a lot of right moves, and are explaining their compromises. they’ve given me no reason not to trust them, and plenty of reasons to say they’re a good compromise that will have the greatest impact to global privacy

are there better privacy solutions? sure… will they ever take off? personally, i doubt it… not letting perfect be the enemy of better or good enough is important: a solution that keeps people who don’t care about privacy relatively safe is important, including for the privacy of people who do care about their privacy because it allows everyone to blend in with the crowd

Yet, given that it has direct ties to the US government, that it’s operated in the US on a central server, and the team won’t even release the app outside proprietary platforms

imo the fact that it’s hosted in the US is pretty irrelevant… as you’ve pointed out: it shouldn’t be a matter of trust… validation of the client is the only thing you can rely on, so even if the NSA hosted the servers you should still theoretically be able to “trust” the platform (outside of the fact that you couldn’t ever trust that they’re using encryption that they don’t have a secret back door in or something)

I do not trust the people operating this service, and I think it’s a very dangerous assumption to think that they have your best interests in mind.

i trust them as much as i trust anyone running any other privacy service

i think it’s a very clever partial solution, but when combined with signals other ethos (making privacy simple so that more people use privacy-centric options), that means people aren’t going to change IPs between temp token and message to solve the last part of the puzzle: thanks for explaining your line of reasoning

i also think that there’s a way forward where messages are sent or tokens are retrieved via a 3rd party proxy to hide IPs (i thought i read something about signal contracting a 3rd party to provide some of those services but i can’t find the reference to that, and also it’s not verifiable so limited in usefulness), which is a complete solution to the problem, as long as said proxies aren’t controlled by signal (thinking about it now, you could also simply route signal traffic through a proxy so many people share an IP, and they do provide proxy functionality separate to the system proxy configuration)

i still think that signal has made a pretty reasonable set of trade-offs in order to balance privacy and usability in order to have a large impact on global privacy

*edit: actually, adding to the proxy point, turns out EFF run a public proxy

and there’s a big list of public proxies available (not a big list to avoid censorship, but still a good resource)

and they also have support for tapping a link to configure the proxy, so very quick and easy

yeah, bad choice of words on my part… and i think the verification doesn’t have to be identity-based… it just has to be some limited resource (which identity is, and guarantees fairness because it’s n per identity)

it’s all compromises, and i don’t think there’s a perfect solution… what we want is the largest impact on general privacy the world over, and options that allow verifiable perfect privacy when needed - but understanding that that requires compromise in things like usability simply because it’s more complex to set up things like trust networks than to … just not

they do, but that information is disconnected from your messages by sealed sender: that’s the point… your sender identity is cryptographically shielded from the signal servers

they know who you are, but they have no ability to connect that identity with who you message (which you can verify using only your client)

*edit: i will say, because i’m interested in conversation and understanding not just winning an internet argument, that my conversation with yogthos here has underscored i think a place where this could still be improved: your IP address across the entire sealed sender process can be used to tie things together, if it remains unchanged (but you can change your IP address between receiving your sender token and sending messages)

that comes down to a difference in philosophy i think… signal have detailed their reasoning for not making signals servers decentralised and self hostable, and i don’t disagree with some of them… i think everything is a trade-off, and decentralisation has scaling and usability issues

signal has done a pretty good job of creating a platform that’s much much better than alternatives in a package that’s consumable by the general public

i’m not sure that something that’s more like matrix, or xmpp, etc could do that

it might be theoretically and technically not quite as perfect, but its impact on increased privacy across the globe has been far larger because they’ve made some of those compromises