5 Matching Annotations
  1. Jun 2018
    1. IDEAS FOR TECHNICAL MECHANISMSA technique called differential privacy1 provides a way to measure the likelihood of negative impact and also a way to introduce plausible deniability, which in many cases can dramatically reduce risk exposure for sensitive data.Modern encryption techniques allow a user’s information to be fully encrypted on their device, but using it becomes unwieldy. Balancing the levels of encryption is challenging, but can create strong safety guarantees. Homomorphic encryption2 can allow certain types of processing or aggregation to happen without needing to decrypt the data.Creating falsifiable security claims allows independent analysts to validate those claims, and invalidate them when they are compromised. For example, by using subresource integrity to lock the code on a web page, the browser will refuse to load any compromised code. By then publishing the code’s hash in an immutable location, any compromise of the page is detectable easily (and automatically, with a service worker or external monitor).Taken to their logical conclusion these techniques suggest building our applications in a more decentralized3 way, which not only provides a higher bar for security, but also helps with scaling: if everyone is sharing some of the processing, the servers can do less work. In this model your digital body is no longer spread throughout servers on the internet; instead the applications come to you and you directly control how they interact with your data.
  2. May 2016
    1. Noel Gough (2012) writes, “complexity invites us to understand that many of the processes and activities that shape the worlds we inhabit are open, recursive, organic, nonlinear and emergent. It also invites us to be skeptical of mechanistic and reductionist explanations, which assume that these processes and activities are linear, deterministic and/or predictable and, therefore, that they can be controlled (at least in principle).”
  3. Mar 2016
    1. Whilst this has been okay for our initial experimentation and proof of concept, it’s likely that future homeserver work will be written in a more strongly typed language (e.g. Go).

      There can be objections against Go due to its Google backing. Rust appears to follow a less commercial intent, being brought up by Mozilla, and as a systems language compiles down to machine code useful in IoT devices.

    2. End-to-end encryption is coming shortly to clients for both 1:1 and group chats to protect user data stored on servers, using the Olm cryptographic ratchet implementation.

      This would also answer another point of criticism for the redecentralize interview.

    3. options for decentralising or migrating user accounts between multiple servers

      This relates to a point of criticism within the redecentralize interview.