
Open, Closed, and Privacy - devy
https://stratechery.com/2018/open-closed-and-privacy/
======
zaksoup
This is some of the wrongest I've ever seen Ben be. I'm not sure how you can
write an article about "open" vs. "secure" vs. "private"
messaging/communication and fail to mention Signal (an "open" and "private"
protocol that FB Messenger happens to use for their so-called 'secret chats')
or Telegram.

Both are 'open' (Signal is fully open source, Telegram has fully open source
clients and an open protocol so anybody could technical implement the Telegram
technology).

Open is emphatically _not_ the enemy of Secure, and framing it that was is
ignorant of the incredible work folks like Open Whisper Systems are doing to
create Open, Private, AND Secure messaging and communication platforms.

Silliness.

~~~
erikpukinskis
How can you consider Signal “open” if the only way to message Signal users is
in the Signal app?

~~~
zaksoup
I think some of this is just confusion about "open" vs. "federated". Moxie
doesn't like the federated model but anybody can write a signal client that
uses the signal protocol (FB Secret Chats), and OWS's code itself is all open
source.

~~~
erikpukinskis
What good would that do?

In what sense is that any degree of meaningful openness?

------
rhn_mk1
The author seems to be using a weird definition of "open", which is
incompatible with "secure". Do they mean "federated"? Even then, I can't see
the incompatibility, bittorrent can encrypt even p2p streams.

~~~
specialist
Also not grokking author's taxonomy.

I think the distinctions are interoperable vs proprietary and plaintext vs
encrypted.

iMessage is encrypted and proprietary.

(I think) Google Chat is plaintext and interoperable.

iMessage could be interoperable by allowing third parties to participate.

Google Chat could be encrypted if it facilitated key exchange, via P2P,
central registry, or both.

Aren't there a bunch encrypted interoperable chat options? Like matrix.org and
Signal? (Sorry, I contracted 'aggravated chat client fatigue' a long time ago
and stopped paying attention to the horse race.)

~~~
zaksoup
Yeah I think you're totally right. The Author seems to be drawing a conclusion
based on what is highly visible, but Matrix.org is both federated (what I
think Thompson means by 'open') _and_ supports e2e encryption. There's no
technical limitation in e2e encryption patterns or federated messaging
patterns that keeps them from being combined and used. Only that the default
apps on iOS and Android are exclusively e2e or federated, but not both.

------
ycombonator
[https://twitter.com/khaldoonalnuaim/status/98727793803810816...](https://twitter.com/khaldoonalnuaim/status/987277938038108160)

------
Digital-Citizen
The essay inadvertently points out a problem of "open" (popularized in the
corporate computer press by enthusiasm for "open source"). Open source came
along over a decade after the free software movement.
[https://www.gnu.org/philosophy/open-source-misses-the-
point....](https://www.gnu.org/philosophy/open-source-misses-the-point.html)
gets into how "Open Source Misses The Point of Free Software" and points out
how the open source development methodology is disposable in the face of
reliable, powerful proprietary software (see the section "Different Values Can
Lead to Similar Conclusions…but Not Always"). The open source enthusiast drops
the development methodology when adhering to it prevents them from running
what a proprietor offers. The free software activist understands that software
freedom is something to value in itself, and therefore one should fight for
powerful, reliable, free software (software licensed to let its users run,
inspect, share, and modify for any reason at any time).

The author ends up advocating for a comparable line by not pointing out what a
trap "choice" can be. We're told "openness" and means having "choice"
("openness, if you believe in choice") but what if the only choices are all
powerful, reliable, nonfree software -- which word processor do you want:
Microsoft Word or Word Perfect? Which OS do you want: iOS, MacOS, or Windows?
None of these choices respect your software freedom, none respect your
privacy, and all come with insecurities you are prohibited from fixing or
helping your proprietary-software-running friends by sharing a copy of the
fixed program (no matter how technically-minded and motivated you are). Time
to give up on openness, according to the author, and get on reviewing against
a substantially lesser value which ignores software freedom entirely.

Then the author quotes a well-known bolster for software nonfreedom (Walt
Mossberg) who misframes his critique of a Google chatting program in terms of
being "insecure" instead of the core issue of being proprietary. And the
author compounds the problem by critiquing the review badly -- "being “secure”
and being “open” are incompatible". I'm not sure if that's so because of the
ill-defined and somewhat contradictory way "open" is used (no doubt, on
purpose). But there is no contradiction between being insecure and respecting
a user's software freedom. We can improve bad free software to make it better.
We can't inspect, alter, or distribute (sometimes even run!) proprietary
software. The only party allowed to inspect, alter, and distribute proprietary
software is the very party we can't trust to work in our interests. So we're
always better off with free software, regardless of its current technical
quality.

In fact, the problem of insecurity rests squarely with nonfree (proprietary,
user-subjugating) software precisely because (as
[https://www.gnu.org/proprietary/](https://www.gnu.org/proprietary/) points
out) "Power corrupts; the proprietary program's developer is tempted to design
the program to mistreat its users. (Software whose functioning mistreats the
user is called malware.) Of course, the developer usually does not do this out
of malice, but rather to profit more at the users' expense. That does not make
it any less nasty or more legitimate. Yielding to that temptation has become
ever more frequent; nowadays it is standard practice. Modern proprietary
software is typically a way to be had." and then lists so many organized
examples to back up this claim that it's safe to say if one is running
proprietary software, it's likely there's an insecurity (perhaps a universal
backdoor) in it.

------
blakesterz
hmmm... I kinda feel like I can't read the most important part of this as he
explains in the footnote:

"So, I definitely messed up with yesterday’s article in a way none of you
noticed; given that on Monday I wrote in-depth about Google’s new Chat
initiative, I kind of skirted over the details in yesterday’s article, Open,
Closed, and Privacy. Unfortunately, that meant I got a whole bunch of tweets
and email from non-subscribers taking me to task for items, well, that I
already explained (I didn’t get any from subscribers). The perils of
paywalls!"

Because even after reading it twice I am not sure I can follow along.

~~~
satyrnein
Make sure you scroll down inside of the footnote tooltip thing. Not obvious
that you can do so!

