(no title)
axonic
|
8 years ago
I'm gonna be honest here, this is how this reads to me: Decentralize... with Google (Suprise! It's a Chrome fork). Funded by a couple of tiny science grants and the NSA/McClathyDC who owns Knight Ridder Foundation, earns 56.4% annual revenue from advertising in 2016 and 15% of careerbuilder.com, has been losing nearly $1B USD annually and has been in trouble for undermining counter-terrorism efforts - so easily controlled. They've got a fed with a clearance [GSA 18F] as an adviser, no matter how anti-gov his Twitter looks. Their 'partners' amount to the same few friends with the same logos, feds, academia, and former Mozilla hypocrites who now work on a technology powered by Google+GitHub [req. Chrome+Electron] to drive... decentralization? Specifically the Dat project as described by Max Ogden provides an alternative to GitHub, did they read that? But while looking suspect already, they're explicitly not building privacy, and citing 'a secret URL' as the key to encryption in the project pages. Underlying the project, is Dat. Dat appears to be where the real meat is, and it is geared for big data, government, and centralized decentralization. Man WTF, I'm sorry I wasted my time investigating. Give your research, data, and content to -big brother-, er... everyone! Set it free! lol Additionally they're node-obsessed.js v0.0.0.2a throughout and the only mention of security or authentication methods I found in the admin guide were a section on OpenStack integration (+1 for that at least, to use their Google-speak).
pwang|8 years ago
- Beaker is an app framework built on Electron/Chrome because without gorgeous apps you don't get users. But all of the data is stored within DAT, and there's nothing that prevents alternative apps (even textual ones) being built on that data.
- Three sentences into your incoherent rant, I lost the antecedent, but if you think involvement with something like 18F invalidates someone's interest in this kind of tech, then I think you're a Russian troll bot unless you can prove otherwise. QED.
- The authors of Beaker are very well aware of the history and original purposes of the project.
- DAT is not geared for centralized anything. You have no idea what you're talking about. Content-based addressing is the way past the centralized transport networks of today, which masquerade as information networks, and they are the single biggest threat to existing powers that gate/throttle/control the internet. Full stop.
beardicus|8 years ago
If i had to, I'd guess you're referring to Google as "they" at first, then the Dat project, with some Github "they" mixed up in the middle. It's honestly hard to tell.
I'm not sure why you think Dat is "centralized decentralization" and how using it would lead to "big brother" getting your research data. What part of Dat is centralized? This seemingly poorly informed hot-take on Dat leads me to question the other assertions in your screed as well.
axonic|8 years ago
TL;DR
I see freedom and privacy as something which cannot be combined with this concept as the project currently stands, due to reasons which are not immediately apparent but which I believe have at least enough substance to raise an eyebrow and question things.
I am left with the following questions after examining SEC documents, SM accounts, financial relationships, and company activities of parties involved and technologies used:
Let's find out...[Exhibit A] The guy who designed the protocol this depends on says in his paper on the subject that he offers an alternative to GitHub, then they build this derivative project on Electron and host on GitHub lol. o.O Okay, not by itself suspicious but weird and it stuck in my head, spurring more curiosity about individuals/projects/affiliations/home planets.
[Exhibit B] An ex-Mozillan building on a Chrome fork. Huh? Okay. It's a free world, but odd nonetheless. This makes me imagine where the project will go in the future. Will this get mainlined and become a feature in Chrome? What might prevent that? What if I don't wanna... Where's the alternatives? I don't want a Chrome-fork of ill repute on my systems to create more security vulnerabilities. Who reviews their changes? How quick do they roll out patches from upstream? Ack... Hang on a minute.. Google wouldn't want a P2P distributed web.
[Exhibit C] A handful of logos, a little namedropping... That makes me question who/why. Okay, let's see what their actual affiliation is. Code for Science turns out to be legit, and cool, but a tiny group so funding is... personal donations? The others seem to be foundations granting them some cash. Let's see who they are...
[Exhibit D] Upon looking up the Knight Foundation's recent dealings, I find they're now owned by a media company making its money from advertising, according to their SEC filings. Woah now, not friends of privacy, or P2P. What gives? Maybe the company has nothing to do with the foundation's activities, so I dig. Well, they're not in a position to spend money on bleeding edge tech, holy cow they're hemorrhaging money and have been for a while. Let's Google em and see why... Googling turns up fiascoes with the NSA, undermining counter-terrorism activities at a level the Inspector General's office deemed greater than all of the leaks by Edward Snowden. Wow that's a lot of heat, it can change a place - and who runs it. $1,000,000,000 USD/yr is a big fucking crowbar to leverage a company with. Susceptible to control? Yes. Motives to control? Yes. Opportunity to infiltrate? That reminds me that I haven't Googled the rest of the staff. This yields information that an adviser on the project is a GSA employee, in 18F - data. By itself that means little, but...
[Exhibit E] Giving their Fed (lol can't resist, sorry Jay-quith, it's meant in good fun) the benefit of the doubt, I Google him and find his anti-Trump tweetfest. Lol, ok, but you're a fed right? So why the Hillarsque feed? When I was in service, I wouldn't have undermined POTUS publicly, but kids these days are different, still seems like a weird fed. So I look up the 18F department handbook, hiring policies, and what kinds of people work there. He wouldn't fit in for a second by the sound of it, and... what is this? Don't they need clearances? Yes... For Open Data, we need an SF85a/SF86 do we? Huh, okay. Wtf? Moving on... Secretly Open Data?
Ok, so basically what I meant to say this morning is that the software, the project, its apparent contributors, and purpose all seem very nice, open, pro- freedom and sharing, targeted at people interested in decentralization and P2P sharing. Cool, they've got ex-mozilla people and they're 100% javascript buzzword compliant. They've got inspiring LinkedIns and professionally written bios. What hacker-for-public-good has traditional academia roots, gov ties, and likes Google/GitHub and Big Data _TM_ but aligns with Mozilla in a past life? Kinda strange, not incriminating, but those cool looking people are dependent on organizations and technology which they Beaker/Dat/Codeforscience.org) do not control. These forces have agendas which oppose the goals of this project.
One adviser is employed by the US government in an agency concerned with these matters, which seems fine, but I don't like single government anything really <tin foil hat>. Where is everyone else at the party? Curiouser still: When does gov+P2P anything mix? Who is accountable when I serve pirated media content I am unknowingly hosting via P2P using beaker? In some places using such software is illegal for that reason. Who takes down the page when I serve up bomb plans? There's one strong reason privacy may be intentionally broken, or at least cast aside. Deniability for people hosting the mirrored content is there, but it leaves nobody accountable for a DMCA notice or law enforcement action right? Unless they can come kick my door, then it's fine. See why they might not wanna have any kind of anonymity on such a network? Call it paranoia if you wish - whatever. It demonstrates a conflict between the design, and the objectives of involved parties. There are dozens of reasons why gov+p2p typically have nothing to do with one another, which would give some compelling reasons for a gov to want to put some boots on the ground, maybe manipulate the playing field a little. At least, they're solid grounds for gov to be anti-(beaker+privacy) combos.
One company which owns a foundation supporting the project makes its money primarily in an industry which is infamous for tracking, privacy invasions, selling and mishandling of user data, and exploiting user browsing behavior, but they are asking me to trust their modified browser and server, you need to run a modded httpd to serve "legacy browser" users with normal DNS etc.) I was under the impression that the contemporary cybersecurity concerns of users and governments were focused on improving privacy, not creating monetary partnerships with media companies.
So, wondering what the biz model is, where the money flows and why, and why government (read: THATS _YOU_ FED! lol) _may_ be interested and might present challenges to using it in the way I would like, for anonymous and open exchange of data. If you've been involved in research, defense, or fedgov the reasons are apparent. Well, doesn't mean they _are_ involved, or even _care about it_, but they may at some point care a lot, if history is an indicator. GitHub stands to lose a little here, maybe, so I doubt they'll jump to the front with their credit card in hand to help. Google sure won't benefit, and that sure is a lot of work for such a small team to tackle, so how are they gonna maintain this? Is this gonna be a forever-separated fork of Chrome? Will Google get shitty and try to break compatibility or prevent usage of Beaker or its features to protect their investments? Doubt they'll help at any rate.
Summary It seems like they're a project which is working for open data and an open web with the very people who want to prevent this at any cost and are in a position to be forced by those people to alter their behavior. The software this is built on is not privacy focused or even aware, and the project itself in no way ensures privacy or anonymity, and is controlled by parties who have interests counter to the goals of the project, so why would I invest my time-money in helping something which is at best naive, and at worst doomed to fail. I love the concept but WTF, how is _this_ the way to accomplish the goals of Dat, Beaker, or the pro-P2P community? By building in anti-privacy technologies and stakeholders?
I hope this makes more sense. Thanks!
staticvar|8 years ago
- https://docs.datproject.org/security
- https://blog.datproject.org/2016/12/12/reader-privacy-on-the...
detaro|8 years ago
The Knight foundation has given dat money to pay attention to a specific use case (sharing of large data sets)
You have to be clearer if you want to insist that either of those things compromises dat (or beaker, although beaker is only a client for dat) as a project and makes it unsuitable for its other goals.