The good folks over at @Ethical_net@twitter.com have included us in their list of ethical resources: https://ethical.net/resources/
A bunch of our friends' projects are also listed, check it out and see what proprietary tech you can cut out of your daily life
@cryptpad Useful overall but ethical.net lists some unethical choices: DDG, Loomio, Signal. Looks like they may be following the crowd and not doing research.
I know there's some controversy around DDG, but Loomio is free software and can be self-hosted. I follow some of the loomio team on scuttlebutt, and I'd consider them very ethical. On what basis would you consider them unethical?
Signal is centralized, and my biggest complaint is its requirement that users submit phone numbers. Beyond that, though, they're doing fantastic work in advancing privacy-enhancing technologies. Signal is still the gold standard in many ways.
@ansuz @cryptpad Signal has a huge list of privacy abuses documented here: https://github.com/privacytoolsIO/privacytools.io/issues/779. Loomio's services are jailed in the privacy-abusing walled-garden of CloudFlare, the ethical problems of which are documented here: https://github.com/privacytoolsIO/privacytools.io/issues/374
Thanks for the links! Personally I'm still using a big list of messengers depending on what my contacts use. That includes signal, wire, whatsapp, and riot. Every one of those platforms uses the protocol developed by openwhisper systems, so in any case I respect what they've done to help advance the state of the art.
Having developed in the open is beneficial for the ecosystem, so I think it's a bit far to call them unethical. Definitely not perfect, but neither are we
I met the Jami developers at fosdem 2018, and tried it out. I agree they're doing good work. All the same, I don't think anyone who does less is a bad or unethical person.
Considering ethics in boolean terms isn't really that productive, as I see it. Most things aren't that simple.
I'll have to give it a try again. The last time I used it my battery life was cut in half.
I appreciated a lot of their technical decisions with regards to privacy, though.
Signal is a step in the right direction for people who are otherwise just using SMS, and I think that's the audience the makers of this list were trying to reach. You may notice that it's nowhere near as focused on privacy as privacytools.io.
@ansuz @cryptpad Jami was rough when I tried it ~1 year ago. Not sure if it has stabilized, but in terms of ethics no other tool comes close to Jami.
Signal just replaces 1 walled-garden with 6 walled-gardens. I don't call that a step in the right direction. It's designed to trap users just like other corporate social media projects, and then use the clientel as bait to trap more users.
CryptPad was pretty rough at that point too, and we still have a lot to fix, so I'm definitely not trying to call anyone out.
We may have to disagree re: OWS. I'm glad they developed the protocols used by the majority of the encrypted messengers today.
Building software for privacy is hard. Proprietary services get paid good money to deal with complaints, but I think the services you're criticizing deserve at least a little recognition for their efforts.
@ansuz @cryptpad If you read the forums on the surrounding issues, OWS is clearly a bad player with profit at the forefront of their mission. They mislead and manipulate for the corporate bottom line. They get zero credit for ethics from a deontological standpoint. If someone can harvest some useful code from them and re-insert it into an ethical ecosystem, that's great, but there is no good reason to recommend Signal app to the general public. You might as well endorse Facebook's Whatsapp.
Regarding Loomio, I think it's their decision how they want to host their flagship instance. Cloudflare has a lot of issues, and I would never use it for one of my own projects, but I don't blame them for outsourcing some infra to someone else.
It's really hard to work full time on a product while giving away its source as free software, and they have my support for doing so. Anyone who doesn't like Cloudflare can self-host because the dev team made that decision.
@ansuz @cryptpad Sure it's their decision to subject users to the abuse of CloudFlare. It's also the decision of privacy-respecting users to boycott CloudFlare and go elsewhere. If one can take the software without stepping into CloudFlare's walled-garden, that may be a decent option, as long as they don't need to enter CloudFlare's walled-garden for documentation or support.
I think this too is a matter of audience. They're not expecting their readers to be able to launch a service.
I'm not trying to argue whether it deserves to be on the list, in any case, but the more general statement of whether the developers are "unethical".
I'm happy my project is listed, as we do need support. If you want them to remove items from their list you may want to use their contact form.
@ansuz @cryptpad Signal's ecosystem is /closed/. Having open code enables them to market "transparency", but when someone developed an app for their network the protectectionism of Open Whisper Systems ensured a closed walled-garden.