Hacker News new | comments | ask | show | jobs | submit login
Open, Closed, and Privacy (stratechery.com)
42 points by devy 10 months ago | hide | past | web | favorite | 12 comments

This is some of the wrongest I've ever seen Ben be. I'm not sure how you can write an article about "open" vs. "secure" vs. "private" messaging/communication and fail to mention Signal (an "open" and "private" protocol that FB Messenger happens to use for their so-called 'secret chats') or Telegram.

Both are 'open' (Signal is fully open source, Telegram has fully open source clients and an open protocol so anybody could technical implement the Telegram technology).

Open is emphatically not the enemy of Secure, and framing it that was is ignorant of the incredible work folks like Open Whisper Systems are doing to create Open, Private, AND Secure messaging and communication platforms.


How can you consider Signal “open” if the only way to message Signal users is in the Signal app?

I think some of this is just confusion about "open" vs. "federated". Moxie doesn't like the federated model but anybody can write a signal client that uses the signal protocol (FB Secret Chats), and OWS's code itself is all open source.

What good would that do?

In what sense is that any degree of meaningful openness?

The author seems to be using a weird definition of "open", which is incompatible with "secure". Do they mean "federated"? Even then, I can't see the incompatibility, bittorrent can encrypt even p2p streams.

Also not grokking author's taxonomy.

I think the distinctions are interoperable vs proprietary and plaintext vs encrypted.

iMessage is encrypted and proprietary.

(I think) Google Chat is plaintext and interoperable.

iMessage could be interoperable by allowing third parties to participate.

Google Chat could be encrypted if it facilitated key exchange, via P2P, central registry, or both.

Aren't there a bunch encrypted interoperable chat options? Like matrix.org and Signal? (Sorry, I contracted 'aggravated chat client fatigue' a long time ago and stopped paying attention to the horse race.)

Yeah I think you're totally right. The Author seems to be drawing a conclusion based on what is highly visible, but Matrix.org is both federated (what I think Thompson means by 'open') and supports e2e encryption. There's no technical limitation in e2e encryption patterns or federated messaging patterns that keeps them from being combined and used. Only that the default apps on iOS and Android are exclusively e2e or federated, but not both.

Signal is Yet Another Walled Garden.

The essay inadvertently points out a problem of "open" (popularized in the corporate computer press by enthusiasm for "open source"). Open source came along over a decade after the free software movement. https://www.gnu.org/philosophy/open-source-misses-the-point.... gets into how "Open Source Misses The Point of Free Software" and points out how the open source development methodology is disposable in the face of reliable, powerful proprietary software (see the section "Different Values Can Lead to Similar Conclusions…but Not Always"). The open source enthusiast drops the development methodology when adhering to it prevents them from running what a proprietor offers. The free software activist understands that software freedom is something to value in itself, and therefore one should fight for powerful, reliable, free software (software licensed to let its users run, inspect, share, and modify for any reason at any time).

The author ends up advocating for a comparable line by not pointing out what a trap "choice" can be. We're told "openness" and means having "choice" ("openness, if you believe in choice") but what if the only choices are all powerful, reliable, nonfree software -- which word processor do you want: Microsoft Word or Word Perfect? Which OS do you want: iOS, MacOS, or Windows? None of these choices respect your software freedom, none respect your privacy, and all come with insecurities you are prohibited from fixing or helping your proprietary-software-running friends by sharing a copy of the fixed program (no matter how technically-minded and motivated you are). Time to give up on openness, according to the author, and get on reviewing against a substantially lesser value which ignores software freedom entirely.

Then the author quotes a well-known bolster for software nonfreedom (Walt Mossberg) who misframes his critique of a Google chatting program in terms of being "insecure" instead of the core issue of being proprietary. And the author compounds the problem by critiquing the review badly -- "being “secure” and being “open” are incompatible". I'm not sure if that's so because of the ill-defined and somewhat contradictory way "open" is used (no doubt, on purpose). But there is no contradiction between being insecure and respecting a user's software freedom. We can improve bad free software to make it better. We can't inspect, alter, or distribute (sometimes even run!) proprietary software. The only party allowed to inspect, alter, and distribute proprietary software is the very party we can't trust to work in our interests. So we're always better off with free software, regardless of its current technical quality.

In fact, the problem of insecurity rests squarely with nonfree (proprietary, user-subjugating) software precisely because (as https://www.gnu.org/proprietary/ points out) "Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Software whose functioning mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate. Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically a way to be had." and then lists so many organized examples to back up this claim that it's safe to say if one is running proprietary software, it's likely there's an insecurity (perhaps a universal backdoor) in it.

hmmm... I kinda feel like I can't read the most important part of this as he explains in the footnote:

"So, I definitely messed up with yesterday’s article in a way none of you noticed; given that on Monday I wrote in-depth about Google’s new Chat initiative, I kind of skirted over the details in yesterday’s article, Open, Closed, and Privacy. Unfortunately, that meant I got a whole bunch of tweets and email from non-subscribers taking me to task for items, well, that I already explained (I didn’t get any from subscribers). The perils of paywalls!"

Because even after reading it twice I am not sure I can follow along.

Make sure you scroll down inside of the footnote tooltip thing. Not obvious that you can do so!

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact