what are they copy/pasting between? and when did i ever say it doesn't exist? that isn't my argument at all - my premise is a user who is only aware of Primal and uses that single client.
if you take issue with that premise, that's fine, but say so and we can adjust.
once you suppose additional clients, you concede that you have to use other sources of truth that DO VERIFY, in order to temporarily be safe TRUSTIing Primal. this is my entire point.
it is stupid easy to run multiple apps and verify them against each other - literally just copy/paste
a small subset of users doing this protects everyone, they will sound the alarm if any app is malicious
.....and if an app is truly malicious, then the set of users who _only_ use this app won't ever see the news that their app is malicious - because it is malicious and hides that information.
Remember how the rest of the whole internet works?
well now your theoretical escalated significantly
this risk is not unique to primal
malicious actors could do similar at app or relay level, unless every user is verifying client code and running their own relays
honestly this is starting to feel like bad faith from you and it’s disappointing
I completely agree about the app level. Any popular open-source client could quietly add a censorious cache layer and try to sneak it past the eyeballs of reviewers. And any "single client" users would be at risk of never hearing about this news if they've already installed the censorious update.
You're correct there that this is a threat to all software everywhere. That's the level playing field of "threat" that everyone tries to rise above. And in my mind, the shared game then is to try and add features and positive user experience above that line **without** adding new threats unique to one client or service.
The tradeoff is going to be different for everyone, and given the absolute shit state of the rest of the internet, and the potential for open protocols and censorship avoidance, **my** tolerance in that trade-off is very strict.
I've said in almost every note: Primal can completely dissolve even this suspicion, and I do honestly believe they will eventually (I've seen them do similar before!), by allowing the user to bypass the caching server if they desire. I don't actually think Primal (or you) are bad actors, but I do worry that powerful bad incentives are guaranteed to manifest themselves with success and the best way to beat them is to tie your own hands behind your back before they ever appear. Once a project is on the wrong side of that curve (bad incentives accelerate faster than honesty can hold at bay), the game is over and everyone loses (except those with the investment exit). So you have to head it off early. And community pressure can help with that, if done right.
I _want_ to be doing that right - so I'm also disappointed to hear that you think this is bad faith from me. I'd like to correct it if possible, for everyone's sake.
> starting to feel like bad faith
i take this very seriously and defer to my interlocutor on it generally. i don't mind if you have a negative impression of me personally during this (prefer otherwise, but i'll accept it), but i am very committed to having my argument stand on its own as valid and good-faith.
what do you need from me to dissolve the bad faith accusation? i'm motivated to get there and get back to the core of the argument to see where we disagree. my hunch is that we just feel difierently about the tradeoffs and the severity of the risks, and i would be content to let it lie peacefully there, once established.
🤝
You’re asking the right questions. But I’ve lost faith in getting any valuable answers to your questions. 🫡
keep the faith. we're all on the same team
> my hunch is that we just feel difierently about the tradeoffs and the severity of the risks, and i would be content to let it lie peacefully there
yes 🤝
