Power corrupts. Unless itās powering #Bitcoin.
WorldCoin: Where finding dead bodies or killing people unlocks all their wealth for instant transfers for bounty hunters. Modern treasure hunting!! What a time to be alive.
My main concern overall is really the white washing of what security you are actually getting, and what you are not as a user. When people canāt understand easily, they may think they have privacy and live in a sane worldā¦ whenā¦
End to end used to mean best possible outcome (assuming the keys used were a sound curve) - and sadly today itās entirely possible for āend to endā to be something else entirely.
The extent of the scam used to (and often still is,) be SSL Certificate providers attaching ā$500,000 encryption insuranceā as part of their sold certificates. A bogus un-claimable feature used for marketing and to trick untechnical users into thinking they were highly secure and safe to use their credit card online (this is largely pre the HTTPS push).
Cloudflare are certainly innovators - but in a very centralising way. Their business moat is tied to protecting and growing their centralised empire. Just like any other company, they can be coerced as a business to do a governments bidding.
Iād almost go as far as marking websites or services that use Cloudflare as not a green lock or add a yellow spy glass - but really, browsers are too broken now, best to instead focus on their replacement.
Discussions online typically live elsewhere to their primary source today.
A few reasons why include who controls the primary source, how long it may be around, where/who hosts the primary content, and in what context is the discussion happening - perhaps different aspects/threads are of interest to different groups.
With Nostr the primary content isnāt tied to a primary host or controller/moderator. Itās a published referential event.
Discussions can occur directly in the same ecosystem. No need for bespoke external platforms comment sections like news articles, blogs, discord, forums, hacker news, etc. to host commentary themselves; the content and discussion can co-exist. Thatās a truely unique and ultimately the winning model.
What will still need development is how to ingest or navigate or collate or filter or ingest the discussions - as itās now lumped into a single pool of inter-referencing discussion.
One approach is to skin the discussion into views and effectively rebuild those external platform discussions directly on top of Nostr - tweaking views to suit. Other approaches will develop over time.
Reminder: Cloudflare is a man in the middle, and decrypts all traffic and re-encrypts it using itās own certificate.
Sometimes this is ok, for example Nostr events are effectively public, and relays can prevent DDOS. However itās important to understand that the green certificate saying valid cert and encrypted in browsers does not mean private or 100% secure or true end-to-end without ease dropping.
Their āmalware detectionā capability is more likely there for dual purpose surveillance. If you mature and roll out systems that mass spy on your population, flipping the switch from passive to active is easy.
If I was the government, Iād pay for a few (secret) contracts.
My issue is they make the devices and OS. And Iām not sure we should (read: please donāt) trust apps directly, to be honest, as they are a target vector.
External signing devices are great. Whatās missing is a layer perhaps where the external signing device says, āhey, your last message to Dave was to pubkey X, itās now Yā or similar - however I favour dumb signing devices.
A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - itās just painful that we canāt trust the OS.
And just to clarify.. youād need the pinned certificate key/fingerprint - itās expiry is not enough to detect a change.
š¶š¾š«” https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Pin the certificate. And there are many other ways to overcome mitm attacks, take a look at IPsec and various key exchange mechanisms it hasš¶š¾š«”
Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and itās expiry?
Itās not even the key exchange exchange security - thatās largely solved. Itās the swap out and zero-visibility attacks.
Iām largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.
I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. Iām unsure how to include them outside of the app itself - which shouldnāt be trusted.
āEnd to End Encryptionā is just marketing without having significant and deliberate tampering detection mechanism.
Examples include secretly swapping out a certificate/key for an identity to middlemen, private key leakage, changes in code to specific safety checks or tampering protection mechanisms, or changes in forward secrecy pre-generated keys, etc.
It would be nice if we had a way to better detect these types of changes and make it very obvious to the identity. As they happen and as part of updates. It would be nose to have a trusted host OS that could help validate.
People seem to assume a single AGI. Iād expect multiple. And for them each to be their greatest enemy.. not humans.
Thatās way off. What isnāt is ML used to manipulate humans - with greater control and less effort than current manipulators (media, propaganda, studies, social, etc).
To change culture you need to bring open people into a new established culture ā or..
You need a journey of 10,000 smaller ātruthsā that you lead people on a journey of acceptance to assimilate them. Some adopt sooner than others.
Governments and media - and more recently āsocial groups/mediaā - have learned this. Itās why history can be rewritten, maps changed, schools curriculum updated, people can believe they will die from something that is statically very rare, and this time will be different or better.. that ātheyā (in power) learned a lesson or something; or worse, know what they are doing.
The risk of technology is always abuse. And the role of government is to remain in power at all costs.
Control culture and you control the near-term future.
Australia has 65,000 police officers. Many are murderers.
Per 100,000 population, it wouldnāt be hard to argue (I have no hard data to share), that there are more murders per 100,000 in the active police force than the general population. What a successful institution - and one wonders why people fear and mistrust the police?
The secondary reason is timing. And it aligns how funny things happen when the value of $1/1Ā£/1ā¬ in a currency drops below a certain threshold.
A $1 cheeseburger becomes $2. Then $3.50, followed by $5.50.
Instead of the population doing math in fractions of a whole unit - a dollar/euro/etc, suddenly they are doing math without decimals to interpret somethings cost/cheapness.
Itās a huge shock to the brain when this happens as the difference between $0.25 and $.50, and then $1 and $2 are the same %, yet perceived as different.
The USD, Euro, Pound, AUD, NZD, etc are all recently breakaway from decimals (cents) mattering. Cents have become rounding units and insignificant.
At the time I naively expected this global government spending to balance out - if all countries roughly spend the same GDP to pay for these Covid-made decisions.
What I didnāt appreciate then, that I do now, is that while some countries fair better post Covid than others relatively, but in a negligible way (ultimately there were no clear winners,) is just how much they would kick off true runaway inflation.
I find it hard to see how this isnāt a state that persists for the next years, perhaps beyond, and ultimately the final straw for ācontrollingā fiat.
Itās important to understand that a small decrease in inflation _growth_ doesnāt mean a reduction in current or future prices compared to the previous value of money. It just means itās not getting as bad as fast (alleged deceleration) - by that metric which is most certainly gamed and inaccurate.
Prices will never return to previous values. Thatās how inflation works and run away inflation takes off.
https://twitter.com/ITVNewsPolitics/status/1681686884714414081?s=20
While some recent government spending was costs tied to Covid (the virus itself), the majority was tied to bad policy, lockdowns, propping up their broken economy (due to lockdowns), paying for vaccines, and funding military conflicts.
This is all taken out of the countries GDP - possible financial growth. Itās not paid for and itās debt that that will last decades and inflation that hides who is paying for everything. Taxes arenāt funding this. They were already spent and allocated in budgets.
A decrease in your wealth is funding these bad decisions, mismanagement, and the consequences they had. The same story is happening (largely) globally.
Itās important to understand that a small decrease in inflation _growth_ doesnāt mean a reduction in current or future prices compared to the previous value of money. It just means itās not getting as bad as fast (alleged deceleration) - by that metric which is most certainly gamed and inaccurate.
Prices will never return to previous values. Thatās how inflation works and run away inflation takes off.
https://twitter.com/ITVNewsPolitics/status/1681686884714414081?s=20
The reason why large corporate fines donāt work, is because the legal cost to fight them is a fraction of a potential fine halving the amount or the delayed payment value for decades that decreases its real cost.
Simply put, larger and larger fines do not work to prevent or disincentivise behaviours that in the current system are punished by court settled damages and fines. The cost to fight damages legally is far far smaller than the likely savings by fighting. (E.g a $5B fine can become $2.5B with a 20 year delay on payment, with legal costs far below that).
Why does this matter, itās means there is a practical cap on how large fines can effectively become and weāve hit it. It means that legal costs are much much smaller than the cost to not fight large fines - effectively making the original fines worth far far less than intended - and hence the actual punishment far far less significant.
We will need another mechanism to replace or augment fines if we actually intend to have a mechanism to punish bad actors (corporations). Fines alone are broken. Limiting ability to sell product, criminal liability, forced company shutdowns/split-ups/receiverships, etc are all possible extensions. I donāt have an opinion on best approaches as yet.
Thiel has been staying on message for quite a while. Here is another discussion with David Graeber from 2014: https://vimeo.com/112197123
Thanks. Iāll have a listen.
Iād wager our āaging populationā isnāt a root cause problem either, and instead a reflection of our inability to build efficient systems that scale. Intuitively, having more, greater experienced people, should result in accelerated innovation and efficiency - we are going the reverse.
Weāve failed to leverage efficiency at scale (outside of capitalism), while dawdling at managing population growth and increases consumption. Recycling is one such great fail - and it continues to be a joke - we donāt even design for it or have strategies.
Thanks for recommending. Solid discussion around the topic.