[Standards] e2e privacy for XMPP Re: RFC 3923 (e2e with S/MIME) and OpenPGP

Andreas Kuckartz a.kuckartz at ping.de
Tue Nov 19 16:29:12 UTC 2013


Carlo v. Loesch:
> but if you ask me I would say because if
> taken in on a global scale, social graph data gives you enough
> information to be a threat to liberty and democracy of entire
> populations. I presume you can find plenty of scientific analysis,
> ...

That is correct. Determining the social graph has for a very long time
been one of the tools of all repressive regimes.

> #youbroketheinternet is only ironically pointing a finger, since we
> know that governments are operating in best intentions like everyone
> else..

Having followed recent discussions around #youbroketheinternet I fear
that the second half of the sentence was not meant ironically. I
definitely disagree with that "best intentions" statement.

Different views regarding the motives of an attacker can lead to
differences regarding attack models and defenses.

> Having no federation at least doesn't introduce yet another
> huge possibility for security problems and as long as you own the source
> code and aren't forced to use anybody's specific offering it is highly
> inadeguate to call such a software a silo.

In case others are not yet aware: #youbroketheinternet is not only
explicitly opposed to federation but not even interested in
interoperability with federated communication networks. That is their
decision but I do not think that this helps users.

> By conseguence interoperability and "open standards" are no relevant goal:
> They were introduced in order to make companies have their proprietary technology
> speak a common language - but since proprietary technology by design cannot be
> reliably respectful of privacy, we must design our future communication paths
> free of proprietary contributions.

I understand that #youbroketheinternet is not interested in
interoperability and open standards. That is one reason why I am
convinced that it will be far less relevant than some people hope it
will be.

Open standards can be "reliably respectful of privacy". They do not
necessarily contain any proprietary technologies. Maybe SMTP is bad due
to privacy issues especially regarding meta-data. But I think it would
be very wrong to underestimate the effect this standard has had in
enabling worldwide communication using the Internet. And as far as I
know the privacy issues were not built in deliberately.

BTW: Both the Tor and the GNUnet projects even support users of
Microsoft Windows while at the same time informing them that to "Stop
using Windows" is important.

> As long as there is a well-defined and reviewed GNU licensed codebase,

Which license exactly? One which is interoperable with ASF projects?

Cheers,
Andreas



More information about the Standards mailing list