Mention that users should not use multiple of our services #987
Comments
ghost
added
the
Mikaela
added
high priority
🌐 website issue
|
One of the problems with decentralization, is that if an enduser has the choice of
plenty of people will pick door#2 ... which tends to make the brand even more-well known, and pretty soon you have a "centralized despite intending to be decentralized" actuality. In most ways this is an unavoidable paradox: 99% of people are NOT going to be able to secure a server-node, and configure it in a privacy-respecting manner, as the folks who run privacyToolsIO. Thus, they are actually better off entrusting the privacyToolsIO team to run the server portion, because Bob trying to secure his own firewall and patch/harden his own server-side OS and install/configure his own federated service-node... well, to put it bluntly, Bob will screw the pooch if he tries to DIY because he is not competent enough. But once you have millions of Bob-type-folks trusting the central privacyToolsIO server-cluster with their sensitive info... THAT turns the server-cluster into a juicy target! Pretty related == https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident Kinda related == https://lwn.net/Articles/687294/ To me, the thing that is worrisome for privacyToolsIO services, is that if they succeed they will cost a lot of money to operate (since hosting-fees go up as userbase goes up), AND they will make the privacyToolsIO servers and nearby-router-boxen and such into juicy targets (because surveillance-value of a popular service with lots of endusers goes up as the userbase goes up as well). Definitely related == #966 about funding the work ...and defining WHAT the work is, which you really want to put your minds to accomplishing |
|
@Shifterovich What is your concern with "consolidation" (I think that is a better term) of using several services from the same provider (PTIO)? Is it that if the Mastodon instance is down or compromised, the other services like Matrix and Write are also unavailable or compromised? |
|
Yes. Also users shouldn't trust us more than any other provider -- even less, in fact, since a paid service comes with more guarantee than a volunteer project like PTIO. |
|
How would we be implementing this warning, where would it be posted? does it also have to be on the main site, or just a blog post on blog.privacytools.io? We also need to think whether we want the warning on every service homepage. |
|
A link to a new page should be added to the Services dropdown. That page should explain why users shouldn't centralize their privacy on our services. |
|
Hi @privacytoolsIO/editorial, is anyone thinking of this issue actively (or at least remembering it exists)? Due to its ghost status (#1379), it's difficult to find and I just remembered this while referring here from the forum thread on replacing Matrix with XMPP. |
|
Two possible ways to mitigate this:
|
We could make a explanition on why federation is important in a "don't put all your eggs in one basket" kind of sense, together with a link to librehosters on our services page. what do you think @dngray @jonaharagon |
|
This is essentially what #1732 covers already, no? If you want to adjust the wording you can add a suggestion there. |
ive added it to the PR. |
We are for decentralization, but at the same time, us hosting so many of these services looks like we want our visitors to use them.
It's okay to use one of our services but users shouldn't centralize their privacy around PTIO.
We should add a notice to the site.
The text was updated successfully, but these errors were encountered: