We are proposing—as starting points—responsible AI bot principles that emphasize transparency, accountability, and respect for content access and use preferences. These are a launchpad for a larger conversation, and we recognize that there is work to be done to address many nuanced perspectives.
  • vacuumflower@lemmy.sdf.orgEnglish
    2·
    3 days ago

    They need.

    We (as me + unidentified crowd of people) need cryptographically ensured identity of our counterparts and contents of their messages. We don’t need nice (“responsible”) bots.

    But then, about cryptography, we also need to learn one other thing - everything can be hidden in the open, and randomly taken FOSS developers are not our friends, especially when working for DARPA-funded, corporate-funded, Chinese government-funded and other such projects.

    This means that a good system should involve distrust not only in cryptography implementations, but also protocols, schemes and algorithms. The only common thing in such a system would be its structure of data. I personally want that to be entities linked to entities without hierarchical paths, and tagged. Like some unholy mix between a non-hierarchical linked filesystem and Twitter. Then there can be smart contracts and deltas and such, to allow editing posts, delegating rights in groups and such.

    All cryptographic verification and data exchange shouldn’t specify protocols and algorithms, that should be tag content. A checksum tag consists of “merst-3791:1234566789008”, where MERST stands for “Middle-Earth royal standards tower”, or with some other first part (the algorithm) and the second part (the value). Similar with signature tags and public key tags and what not.

    A post identity being the checksum means that if you, when receiving a post archive from your friend on a USB stick, verify it successfully, then the post is valid, otherwise not. Might also have a different checksum for that plus tags.

    You might use something else for exchange of updates. Just that something should be pluralistic.

    When the data structure is the only thing defining the common system, you can have all kinds of interoperability, similar to early e-mail traveling via Internet and UUCP and Fidonet and AppleTalk networks, using e-mail gateways and virtuously set up mail servers. Because in e-mail there’s a message and there are addresses\identifiers of its authors and addressees. It was designed when the frog was less boiled than now. It’s gateway-friendly architecturally. Made very long ago, as one of the oldest kinds of applications, less touched by strategic interests.

    The Internet and the Web being a monoculture mean that there are probably a few backdoors intentionally put in the open and stored by American special services till a better time to use, in popular TCP/IP stacks, in operating systems, in browsers, in TLS protocols, in common encryption algorithms, everywhere.

    Also notice how the “impartial and principled” famous people like Bruce Schneier love that “don’t roll out your own crypto” rule. It’s correct when it’s formulated as “everyone can devise a cipher they themselves can’t break”. But that’s not what the popular message says, an d wording is important, it’s both the message that says “trust me and don’t try” and the emotion that says “if you trust me, you can’t be deceived”. And people who think they can’t be deceived are fucked in everything they do.

    I attribute to this tendency also the situation with cybersecurity, where in the 00s lots of things worked over unencrypted connections, and that was normal, but at the same time computer crime was far less harmful than now. Because people back then knew they are not safe, casually encountering situations teaching them of that. People now think they are safe, while most of their communications are just as secured as in 00s, only the balance is different - they are protected firmly from their neighbor, but naked before Zuck, Brin, American special services, and anyone who could put a backdoor in the open. Before much of the Silicon Valley, one can say. And people who think they are safe do all kinds of stupid things.

    Getting back to the “don’t roll out your own” mantra, Soviet computer industry would probably work better if they did the opposite and made a ban on copying Western designs. And Soviet computer industry was the main thing that could have saved the USSR itself.

    And don’t tell me how US had better education and bigger resources and so on, Buran was expensive, but better than anything US built to that moment, but most of the expenses were not due to ambition, but due to inefficiencies in planning, as in money going into sand - agricultural produce rotting, while being in demand someplace else, expensive things used for bullshit purposes and cheap things used for important purposes, lots of some produce laying stored someplace in enormous numbers while needed elsewhere, building a few models of tanks with all components incompatible, but functionally equivalent, and so on.

    In general, “don’t roll out your own” seems to be the American message to the rest of the world, and those who follow it are abused. Seems to be a clear enough pattern to learn from.

    And there’s another, the “given enough eyeballs all bugs are shallow” line. It’s like saying that given enough people in the town all streets are safe. “Enough” is not the amount we can realistically reach even with Linux. There are not enough eyeballs. There are backdoors in the open which nobody looks at for long enough to find them. And this is too a false safety feeling factor, people believe FOSS software to be far safer than proprietary software, while in fact it’s just a bit safer, and considering that psychological factor, it might well be more dangerous.

    Openness and collaboration are good when treated correctly, it’s just that they are not. “Smarter people did all this before you, and you are being luddite for willing to replace their work” is not a good approach, yet it’s communicates from all corners, by corporate and FOSS people alike. Meaning that, sorry, most of FOSS is contaminated.

    Oof, I wrote a rant.