|
|
|
|
|
|
by platinumrad
3483 days ago
|
|
|
>He also has a history of lying, such as when he used fake WHOIS details to run his "Google anonymiser" thing. And of course, when he was shut down by the registrar, as you do when someone has given you false details, what did he do? He went to the press to whine about the registrar! After he entered a contract in bad faith, something which happens to be a prosecutable offence. That's the sort of person we are talking about here. I hope you will understand if his word does not exactly fill me with confidence. I really don't see why someone should be on my shitlist for lying to godaddy dot com or whatever giant registrar unless you consider fudging identifying details about something that really doesn't matter, especially considering he was very openly associated with the project, some sort of horrible moral offense. I especially find your taking massive umbridge with fudging personal information baffling given how privacy-minded you otherwise seem. >At the risk of sounding elitist, what is his academic background? (I elided the other person because I do not know who he is). Combined with the above, the way you're hand-waving away the other of the two original developers of the protocol really just makes it seem like the position you've taken against Signal is mostly predicated on some sort of grudge against Marlinspike himself. Yes, trashing F-Droid was not a great thing to do and you might see him as someone with a strong penchant for self-promotion, but the way you keep on tying your criticisms to Marlinspike personally really muddles your case. For example, you object to him promoting Signal in a New York Times piece saying it is a generalist publication and posit he's just trying to drum up attention so he can find a buyer, which may or may not be true, but isn't one of the most important goals of a secure messaging application to get people to actually use it and to achieve widespread adoption? The main lesson I've learned from GPG mail is that a perfectly private means of communication is worth very little if I can't actually convince anyone to use it with me. |
|
|
I think I can see where you are coming from. You seem to compare this with, say, opening a GMail account under an alias, if I understand correctly.
However, holding domain names and, at the time, SSL certificates requires a different sort of accountability. I can elaborate on that if you wish, but I trust it won't be necessary.
> especially considering he was very openly associated with the project,
In the same way that Mr platinumrad or Ms at612 are associated with this discussion? By the use of an alias?
> some sort of horrible moral offense.
Yes. And please note he did not just lie to the registrar. When he got caught, he went and whined to some journo who published a piece criticising the registrar without bothering to contrast the information first. It all being presented as if it was the registrar in the wrong, when they were following the rules, which are there to protect the public in the first place. This coming from some bloke who was saying "don't trust Google, trust me. Because."
> I especially find your taking massive umbridge with fudging personal information baffling given how privacy-minded you otherwise seem.
I value my privacy. At the same time, when I enter a contract, I do so in good faith and of course part of it is letting the other party know who I am.
> really just makes it seem like the position you've taken against Signal is mostly predicated on some sort of grudge against Marlinspike himself.
Yes, you are correct. My apologies if that wasn't clear. I question the ethics, motivation, and competence of this one individual, who happens to be closely associated with said project.
> Yes, trashing F-Droid was not a great thing to do
To put it mildly. On an incidental note and more generally, have you ever seen him do a mea culpa?
> [but] isn't one of the most important goals of a secure messaging application to get people to actually use it and to achieve widespread adoption?
I do not know. I would guess not (based on defence experience). But the main point is that him saying "oh sure, it's secure" does not make it secure. He seems to be taking advantage of the public's inherent credulity and lack of awareness of what "security" actually means and involves. We have gone through this discussion already, so for an example of what I consider a better developed and correctly presented security solution, please see the Conversations IM application.
> The main lesson I've learned from GPG mail is that a perfectly private means of communication is worth very little if I can't actually convince anyone to use it with me.
This is a different, and long discussion, but it is probable that the reason why you are seeing that is the other party having mentally (or formally) done a cost/benefit analysis and deciding that their information is not of such value to justify the extra effort to protect it. Rightly or wrongly.