[sudo-sys] [Noisebridge-discuss] NoiseBridge on Slack + CryptoParty on Zoom?

[John Naulty]

Hey,

I agree with the issues @danarauz is bringing up.

My ideal communication stack is: riot.im for chat, jitsi
<https://jitsi.org/> for conferences, etherpad <https://etherpad.org/> for
note-taking.
In practice, I use all the things   ¯\_(ツ)_/¯
My desire is to help increase adoption of FOSS tools used across society,
from our medical devices (like OpenBCI, OpenEIT, etc), our security devices
(SoloKeys and OpenSK), our communication tools, etc.
So all the words that follow are coming from within that 'context'

Due to an increased presence in 'virtual meetings', I've been wanting to
create my own jitsi server (following the docs here:
https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md ) and
integrating it with etherpad to help the SF NeurotechX meetups migrate from
Zoom (the group also uses Slack, but it will be much harder to migrate them
off of that platform, due to social + historical reasons).

It was actually fairly easy to setup, and I have it running here:
https://meet.dendritictech.com/
If anyone wants access to it, and has a reason like wanting a more secure
platform to host meetings on, feel free to reach out. As well as if you
want technical advice on how to set this up. It should be easy if you have
a credit card or a raspberry pi (or old laptop..etc). Noisebridge could
have a meet.noisebridge.info jitsi service.

I encourage "*going the opensource + self-hosted route*" when possible for
these kinds of organizational tools--especially if it can be conceived of
as an educational and supportive activity. The opensource model also has
advantages of lower operational cost in the long run. And supporting an
opensource project is just a really great thing in general, whether it's
through code/bug/document contributions, hosting, educating, financially
supporting, etc. It's always great to be a part of a cool community.

And just a little message about the sponsors:
Slack runs out of messages in the free plan, which is *information* loss
for the user (but not for slack).
And *privacy* has a cost, Google and Facebook do not profit on scraps--they
feast on the juicy morsels that are us mortals.

Zoom seems to be something else entirely with regards to how they've built
such an oddly persistent insecure service, there are two specific examples
that are etched in recent memory:
- July 2019, APPLE FORCED TO REMOVE INSECURE ZOOM APP -- techcrunch article
<https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/>, initial
post of vulnerability + timeline
<https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5>
- April 2020, ZOOM NOT SECURE -- citizenlab report
<https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/>
You can never fully trust a closed source company, no

The citizenlab report would actually be a great topic probably for the
cryptoparty being held tomorrow on Zoom.


Best,

John

On Sat, Apr 4, 2020 at 10:10 PM Steve Phillips <steve at tryingtobeawesome.com>
wrote:

> The ideal solution is to make Jitsi Meet great!  Until then:
>
> Here's Mozilla's advice on how to make your Zoom gatherings more private:
> https://foundation.mozilla.org/en/blog/tips-make-your-zoom-gatherings-more-private/
>
> Privacy issues with Zoom, some have which have just been fixed (see
> below):
> https://www.eff.org/deeplinks/2020/03/what-you-should-know-about-online-tools-during-covid-19-crisis
>
> Tracking the name of the currently-active window on your desktop was a
> significant one, and Zoom just removed it due to the outcry:
> https://support.zoom.us/hc/en-us/articles/115000538083-Attendee-attention-tracking
>
> Another just-removed privacy-unfriendly feature: Zoom's "Login with
> Facebook" feature used FB's SDK, which was recording info about a user's
> device and sending it to FB --
> https://www.theverge.com/2020/3/28/21197967/zoom-ios-app-code-tracking-facebook
>
> Zoom is responding to the pressure, which is great!  A huge
> privacy-related outcry was unthinkable even 3 years ago, but now they're
> common -- and have impact.  Let's keep the pressure up!
>
>
> > I wish that those NoiseBridge folks that care less for Privacy would
> rethink their position, because, IMHO, NoiseBridge is giving a bad example.
>
> We've urged people to move over, but institutional momentum is a tricky
> thing 😕; hard to get many people to change their behavior all at once,
> which is why Facebook still have over 2 billion users even though almost
> everyone distrusts it.
>
> --Steve
>
>
> On Sat, Apr 4, 2020 at 6:13 PM Steve Phillips <steve at tryingtobeawesome.com>
>> wrote:
>>
>>> Hey Daniel,
>>>
>>> 1. Why is *NoiseBridge using Slack (Corporate),* isn't privacy a
>>>> concern?
>>>>
>>>
>>> I believe the historical reason is that, circa 2015, the people running
>>> Noisebridge's infrastructure were overburdened and people wanted something
>>> that would reliably be up.
>>>
>>> I and James have set up RocketChat at https://chat.noisebridge.info/
>>> but it hasn't caught on. #networkeffects
>>>
>>> RocketChat, Riot, and others didn't exist back when Noisebridge started
>>> using Slack.
>>>
>>> Private conversations are on Slack, and so yes, it'd be great to use
>>> something end-to-end encrypted and open source instead.
>>>
>>>
>>>
>>>> 2. Why is tomorrow's (2020/04/05) *NoiseBridge CryptoParty* being held
>>>> via *Zoom*, when the party itself is about *privacy*?
>>>>
>>> >
>>> > 3. Why not use their open source alternatives?
>>>
>>> It is a public event. The way I think about this is: privacy violations
>>> occur when information you want to be private to certain individuals is
>>> visible to people outside of that group.
>>>
>>> Zoom v. others was discussed internally and I encouraged Kinnard to use
>>> Zoom for this public event because Jitsi Meet doesn't work very well at all
>>> if you either have more than a few people joining, or even 1 person has a
>>> slow internet connection, which is especially common in the global south.
>>>
>>> More good is being done for the world by making the event accessible to
>>> all :-).
>>>
>>> If we want people to use FLOSS software then we need to (1) make it work
>>> well and (2) financially support the people and organizations making that
>>> software so they have the resources they need to make it work well!
>>>
>>> --Steve Phillips
>>> Cypherpunk and privacy activist since 2012
>>>
>> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://lists.noisebridge.net/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-sys/attachments/20200405/7c02973f/attachment.html>