I need every infosec person to understand that surveillance capitalism is structural, not individual, and we are not going to ethically-consume our way out of it please and thank
Like take whatever measures that help you reduce your and others' exposure to surveillance, share information, give advice and organize, that's all great work! But don't assume others who use insecure corporate services are ignorant sinners in need of a sermon and conversion. Harassing people who are just trying to live and organize, doing some little good in a horrible world, does Not make anyone safer or more secure.
So I don't have a Soundcloud but please send money to Black and Indigenous people!
Indigenous queer household of 4 in need of household expenses: https://rage.love/@unfitmisfit/108625777629311732
Help a Black Indigenous Caribeña artist get stable while they work on their Ph.D.: https://www.gofundme.com/f/help-marcia-get-stable
Black, disabled, and cute enby in need of help to pay the bills: https://social.computerfox.xyz/@melaniemoo/108708667308899206
@ljwrites A relevant post that I wrote a while ago, aimed at folks in the "privacy community": https://gist.github.com/joepie91/6a5f50b27965c711436f5b566f97960d -- I've had *some* success with linking people to that when they're being pushy/insufferable evangelists.
> surveillance capitalism is structural, not individual
> Harassing people [...] does Not make anyone safer or more secure.
💯 More people need to hear this.
I would like to also offer a bit of my own rant and optimistic take on how the structural/systemic issues at hand here can be addressed.
IMO a lot of the "structure" at work here comes from economic forces that poured endless investment cash into research & effort on how to make client software and webapps usable by everyone.
Meanwhile the usability of the server applications / web infrastructure stuff is still stuck in the 80/90s for the most part.
I think tech folks with the resources and time can (and should!!) strike at the root of the problem. To me that mostly means trying to improve the usability of server software and make it more accessible to more people.
I don't mean everyone should run a server.
But as servers become more and more like web browsers (they "just work" on the first try and don't break when they update themselves automatically) it will become more and more likely that everyone will know someone, or a friend of a friend in their community who _does_ run a server.
I liked the "TL;DR" from homebrewserver.club:
> Take the ‘home’ in homebrew literally and the ‘self’ in self-hosting figuratively
> That means we try to host from our homes rather than from data centres - a.k.a. ‘the cloud’ - and we try to host for and with our communities rather than just for ourselves.
I think the fediverse software and similar networks have sorta succeeded in that regard despite continued rampant usability problems on the server/admin side. Its encouraging to me that something like mastodon which is far from perfect can still gain traction and continues to attract new users and inspire new projects.
Basically I want to be a home server evangelist but if the thing I would be evangelizing still costs money, takes time to set up, and still fails 99% of the time, what's the point?
Just need to get the software / systems to a point where they don't annoy ppl much, they can be easily shared with friends, and they fulfill a need. For example they provide a sense of data custody and belonging within a local community, something folks'll never get from Google, Facebook or AWS.
Yes, its a tall order, its insanely hard / no one knows if this is even possible. But I feel like I would be doing myself and everyone else a disservice if I didn't try.
@forestjohnson I think something like YunoHost is a great step in that direction. When I used it I was amazed by how it made the admin experience more browser-like, literally an interface in the browser. I ended up uninstalling it because it felt like another layer of complexity when I needed to debug something, but getting to install and try out multiple apps in several clicks was a big help and I know experienced admins who swear by it.
Yeah I feel similar about YunoHost. My two biggest wishes for a system like YunoHost are
1. Built to support replication/failover
2. Built to support multiple users
By "support multiple users" I mean similar to how Mastodon/Matrix servers do the "1 admin per ~100 users" model.
So for example I can share my server with my friend, create an account for them, and then they can get their feet wet and try out hosting something themselves without expending too much effort.
But at the same time, since it supports replication & failover, there's a reasonable path to those "experiments" becoming well loved and frequented destinations with reliability / longevity. When one admin falls (loses interest) another can rise to take their place without much fuss.
So I think that's what I'll work on next :)
@ljwrites maybe infosec techbros should spend more time concentrating on their Bitcoin-brain-broiled compatriots, who continue to demonstrate just how structural these problems are by being highly technical and still getting scammed
@LovesTha saying it's "required" seems to justify harassment, though, since the people who are doing the pestering no doubt assume the people they're hounding are able to consume ethically.
@ljwrites yeah, nuance is hard there.
It's required that some are (at least trying), not that everyone does.
The main thing from my PoV is that if you're going to talk up this stuff, you need to be ready to back it up with action.
If they're using something for free because they have no budget, and it takes labor to do the "ethical" thing, then providing that labor (one way or another) is the cost of your activism.
Otherwise STFU and mind your own business. A little humility and compassion goes a long way.
To avoid ambiguity (which I just noticed), the notional target of my comment ("you") was the would-be FLOSS activist.
It's perfectly fine to suggest a FLOSS solution to a problem, rather than sticking with proprietary options.
But if the proprietary option is *$0* and that's why they're using it, that's clear enough.
Either you have to find a way to make the FLOSS option *$0* as well, or just walk on and mind your business.
(Yes, for an online conference the hosting of a video platform is going to take some $ as it wont fit onto someones pi in their basement. But other situations do have solutions that will run on that pi, but it takes time to do it)
Yes. Time is money. From the organization's PoV, *$0* includes time cost.
That's the commitment, if you want to make that happen with FLOSS solutions. It isn't just the software license, it's the hosting and the support.
And you can bitch about how your labor should be paid, etc -- but the corporate platform was covering all that. That was the trade-off.
Though to be fair, the corporate option has a time cost, as well. So it's not _really_ *$0* either. It's more properly considered a "sunk cost".
Anyway, I've had to make a lot of choices like this, myself. It's a make/buy/borrow decision.
MANY FLOSS projects do that as well -- with Github, for example.
And with some things, like e-commerce, I can't really see that it matters all that much, as you can't avoid the proprietary bank services, even if the software is free.
@LovesTha @TerryHancock over the long term and at scale, sure, the free-with-an-asterisk corporate option can't be fixed, but if it's someone using Zoom or Google Docs at small scale and short-term? The risks of malfunction become small enough to ignore for most applications, not because these companies give a shit about individual users but because their shitty data-mining business model is threatened if there are widespread breakages.
There are of course horrifying and heartbreaking stories ranging from people losing hours of work on Google Docs to a company losing their entire data migrating their GSuite account and not being able to do a thing about it (and the company was a paying customer, too). It is likely imperative for some users, like the company in the example, to adapt transparent open-source solutions and pay for individual, accountable support. With an individual occasional user, though, it may well be more efficient to write off a rare loss than sink money/time into a comparable open-source alternative. There's no one-size-fits-all.
Well, I've had failures with self-hosted FOSS software, too. Plone became unusable due to poor support and no longer available packages, which forced me to spend time switching to Wordpress, etc.
Can be an unpredictable time sink, and often there is no one to turn to, because it's not "what everyone is using". So you face expensive consulting costs, stopping everything else to DIY, or just switching.
Often the fastest and easiest is to go back to a corporate platform.
@rakoo and arguably surveillance capitalism is a case study in making "free" (paid for in data and tracking) profitable.
@ljwrites this explains why infosec warnings tempt me to feel demoralized and helpless the same way coverage of how every corporation is evil do, doesn't it?
@firebird Yeah there is no individual solution to structural problems, so any discussion of privacy and surveillance that focuses exclusively on individual behavior can feel like an exhortation to plug an open floodgate with one's own body. No matter how heroically devoted one is, no matter what extraordinary (and, at some point, kinda doubtful and counterproductive) measures one takes, it's never going to be enough :(
@ljwrites I can get off Gmail but I apparently can't even get my HOA Board to stop using a single shared Gmail address we all have to log into. (This is the sound of me screaming "who keeps putting things in the trash???" into the void.)
@firebird Oh no 😂 😭 shared email is the worst, can't impose any consistent structure on it without some heavy on-boarding that people won't follow anyway, and there's no record or audit of who did what.
@ljwrites We just had an election and two people are leaving the board. One of them is the person whose phone number is attached to the gmail account. Do I have any real way of knowing they aren't accessing it anymore? No I do not.
Generalist Hometown instance with a strong focus on community standards. No TERF, no SWERF, no Nazi, no Centrist.