Computers, Privacy & the Constitution

View   r6  >  r5  ...
LeonHuangFirstPaper 6 - 30 Sep 2017 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 6 to 6
 -- By LeonHuang - 29 September 2017
Changed:
<
<
Protecting our privacy relies on finding someone we can trust. Our quest for privacy began with a loss of trust in the service providers online like Google and Facebook to protect the users’ privacy. The quest continued with the revelation that (1) we have become addictive to the cornucopia of convenience provided by Google, Facebook, and the like and (2) we do not have the technical know-how to reinvent the wheel. The quest would reach its end when we can entrust someone else to do that for us.
>
>
Protecting our privacy relies on finding someone we can trust. Our quest for privacy began with a loss of trust in the service providers online like Google and Facebook to protect the users’ privacy. The quest continued with the revelation that (1) we have become addictive to the cornucopia of convenience provided by Google, Facebook, and the like and (2) we do not have the technical know-how to reinvent the wheel. The quest would reach its end when we can entrust someone else to do that for us.
 

I was na´ve to trust you, Google.

Line: 33 to 33
 According to Professor Moglen, I would have been better off had I consulted with experts. I would have spent $150 instead of $90 for a single-board computer much faster than a Rasberry Pi, and I would have installed Freedom Box software which would give me a personal cloud much more powerful. Taking his point further, I now believe my laughable attempt to reinvent the wheel in 10 hours is affront to the highly specific division of labor which we associate with the modern civilization.
Added:
>
>

I don't see how this follows. Your initial implementation of your idea was not very effective. You learned that you needed faster hardware. You implicitly discovered that you wanted something different than you initially thought you wanted. (In any kind of construction, including software architecture, the change orders that result from learning what is wrong with the design while building the design are both expensive and important.)

I suggested one way of solving the problem: with slightly more expensive hardware and a shift to already-available software that solves your problem, which I trust (1) because it is all free software so everybody can see what it does by reading it, which you can't do with the code running on the other side of someone's service, as you remark; and (2) because the project making it is run by me and my comrades, and we trust one another to follow the rules of transparency and respecting users' rights, subject always to complete ongoing inspection.

But we could also solve your problem at no hardware cost and using only free software. We could use the storage that Columbia gives your for free on your cunix account, and we could use tools like "tomb" to create an encrypted container on that account and tools like sshfs to access that container over a secure connection from your laptop anywhere. The effect would be to give you a folder contianing all your files organized however you want them that would look like Google Drive does, but which would be secure at rest and secure in flight and operated by you without any hardware or any cost. The space is limited by what Columbia gives you, but we could do the same thing using an Amazon S3 bucket---which you wouldn't have to trust Amazon about because it is encrypted with keys they don't have---and s3fs or the equivalent.

In other words, it's good to have some amount of knowledge, and fairly illogical to say that you wanted to find out whether something was possible to learn, but because you weren't successful in learning it the first time you tried learning is impossible and everyone should know that your experiment proves they should give up.

 

Can I trust you?

If we cannot trust the established service providers or ourselves, the only way out is to seek help from other experts in the field. In my case, I could have asked Professor Moglen. And in a more generalized case, we would need to find someone who (A) has the necessary expertise, (B) has no or limited conflict of interest, and (C) cares enough about privacy to conduct due diligence. While someone who meets all three criteria can be hard to come by within the reach of one’s social circle, he or she is likely within reach over the internet. But how can I be certain when someone claims to meet all three criteria over the internet?

Building trust among strangers over the internet is as difficult as it is in the real world. When the apparent stakes are high, people are willing to go to extreme lengths in proving their genuine intentions. For example, the initiation of Zcash, a cryptocurrency, involved a lengthy ceremony simultaneously conducted by several participants across the globe while being video-recorded live from all angles.3 In the case of privacy protection, the stakes are less apparent and the consequences less direct. How can we make sure that a website purporting to provide secure cloud services is genuine? Privacy protection in the end resolves around this trust question.

\ No newline at end of file

Added:
>
>

Why does the answer to this question, which I taught and which we discussed, not make an appearance here? When one uses free software one does not have to "trust" people who tell you what software does: one can read it. And if you don't or can't read it, you can listen to the conversation among the millions of people who do make, use, improve, and distribute free software, from companies like Oracle and Red Hat in the S&P 500 to the technical workers in your social circle. They teach people how to understand how it works, and are constantly checking on its reliability. What you are posing as a recursive difficulty in knowing whom to trust is actually a full technical ecology of trust management that answers your objection so basically and so strongly that most of the world's corporate IT already depends on it.

 \ No newline at end of file

Revision 6r6 - 30 Sep 2017 - 19:50:58 - EbenMoglen
Revision 5r5 - 30 Sep 2017 - 11:44:46 - LeonHuang
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM