@amatecha @matrix @liaizon https://element.io/blog/the-online-safety-bill-an-attack-on-encryption gives an idea of our position. And no, there are no backdoors. Yes, we fund Matrix dev by selling encrypted messaging services to governments, which includes police: if you don’t like that then please feel free to use a different app.
Personally, I've seen projects claiming to be FOSS that try to dictate who can use their software and how, and I don't think they're really Free Software at all. It's highly restrictive software with a shared source license.
- replies
- 1
- announces
- 8
- likes
- 9
That being said, my original point still stands with respect to claiming to be libre but then stacking conditions on top of the use of the software or source code. It might not seem such a problem when you agree with the limitations, but if the shoe was on the other foot and a piece of software required you to accept Jesus Christ as your lord and Savior or agree with the terms of the MAGA movement then the problems with such practices becomes rather clear.
I saw some questions lately about why projects tend to have a dictatorial structure, and the only answer I could come up with is that virtually no projects could start and get up to scale without a benevolent dictator in charge. If another method can work, then it would work, and we'd have those methods in use.
It sort of reminds me of one of those things that discusses the difference between being a boss and being a leader. A boss points and yells and says this is how you're going to do it or else. A leader tries to exemplify good behavior and present a vision for the future and model it so other people want to follow his lead rather than being forced to follow their lead.
The 4 freedoms and particularly the 0th freedom was what I had in mind for sure.
@milan @flbr @element @amatecha @matrix @liaizon They certainly did. But unless you are an encryption expert, we have to take the security of their product on trust. And being funded by governments means I, personally, don't trust them. I don't think that's unreasonable, and I think a lot of folks here feel the same.
@fishidwardrobe
> is not an argument against what i said
No it absolutely is. You said;
> we have to take the security of their product on trust
But we don't. All the software available to us is published Free Code. It can be audited by anyone, including all the independent app devs who maintain forks.
(1/2)
But putting that aside, Matrix is an open protocol. We don't have to use the Element company's software to use Matrix. There are servers and apps implementing Matrix independently of Element, and they are *definitely* checking what goes into the protocol spec, and any security/ privacy implications it might have.
@fishidwardrobe
> two years ago
So? You said it in public and you haven't deleted or edited it, and clearly you still stand by it.
(2/2)
@troglodyt
> taking money from uniformed gangsters isn't a good idea
You think it's better to let them keep it? Seems to me that if you can get away with taking money off uniformed gangsters, you ought to go for it.
@strypey it's been demonstrated multiple times that "many eyes on the code" *does. not. work.* when it comes to cryptography. very few of those eyes are qualified to audit it.
even if it did: my statement stands. **I** have to take their code on trust; I am not a cryptographer.
edit: i just noticed i said "we" not i. are you a crypographer? if so, congratulations, but you are not in the "we" i was talking about…
@fishidwardrobe
> many eyes on the code" *does. not. work.* when it comes to cryptography
Matrix is message-passing, like ActivityPub, not cryptography. Like anyone know has the first clue about building E2EE software, Element devs aren't doing roll-your-own cryptography ( TeleGrab are famously dodgy for doing this). Element, like all Matrix software AFAIK use Free Code primitives maintained by communities of cryptographers.
@strypey backdoors etc would fall under the broad heading of crytography, at least if well hidden.
i'm not especially interested in debating this after two years.
@fishidwardrobe
> i'm not especially interested in debating this after two years
That's fine. Withdrawiing isn't backing down from your position, and doesn't automatically make you wrong. But FWIW the topics under debate clearly aren't any less live than they were 2 years ago.
IMHO the burden of proof is on those who claim Element's funding source makes Matrix as a whole untrustworthy. Just llke claims that funding from US federal govt (via VOA, via OTF) make Signal untrustworthy.
@fishidwardrobe
> this you, friend?
Me:
> That's fine. Withdrawiing isn't backing down from your position, and doesn't automatically make you wrong
I have a right of reply and I was using it. I was explicitly *not* demanding that you continue reply. So who's the sealion? Thanks for the chat, I'll let you see yourself out.