That takes courage to say, after 90% of your comments have to do with (speculations on) me.

Anyway, good riddance.

I specifically quoted the part that I considered bad faith. I am OK with you thinking I am an apologist. I don’t consider it bad faith (although I consider it wrong). What was bad faith was purposefully misinterpreting a sentence that was in a clear context so that you could use it for that patronizing statement.

This was a objectively true from my viewpoint

Nothing to say, it just sounds ironic to me. Again, I have no problem with your subjective judgment.

He was simply wrong for this statement.

And I respect your opinion.

that did more harm than good.

Now we ended up in an argument that has to do with result? I have never said that it was a good move. That it benefit the company or anything like that. What argument are you trying to challenge? I am judging the action based on my own morality, not based on whether it benefit him or his company.

You are just learning, and pointing out your own words is not bad faith

Strike two. Go re-read the sentence. I said that I didn’t know anything about him before this debacle and that I ended up learning about him whole informing myself about it. For your convenience I will quote my own words:

I actually can’t care less about him, and I barely know anything about him. My involvement is very limited to this case, and that is because wanting to understand inevitably forced me to learn certain things and inform myself.

This behavior (patronizing, intentionally misunderstanding other person sentences) for me is clearly a demonstration of bad faith. As usual, your accusation of bad faith did not specify any reason or quoted any part and i challenge you to do that.

Not that it matters to you, but next similar behavior and I will block you and move on.

I agree with you on the principle. In this case I disagree with the premise. Years of actions I think easily out weight that tweet. If that’s the only reason to be suspicious, then I don’t think it’s warranted.

I start to perceive a pinch of bad faith, and an excessive amount of paternalism. Your arguments are mostly ad hominem, so far you didn’t produce much coherent criticism of ideas.

Anyway, you seem to have missed the point that understanding that “leaders” (BTW, you seem to use this term seriously like if we were on LinkedIn) keep their mouth shut is different from understanding my (ours) role into this dynamic.

I don’t need any proof, that was just an example, from a very limited sample of my life which is this alias and that blog. I have nothing to prove or anything to defend from baseless accusations of a random internet person with lacking knowledge (about myself, which I hope you will agree).

You state yourself you are just learning about this which is very clear.

Here is the bad faith I was talking about. A sentence which clearly is out of context used for a very patronizing ad hominem.

If they choose to expose themselves as politically ignorant and supporting positions that are indefensible the consequences is they will lose business. This is all I am pointing out.

Very easy to understand. But why should we (the customers, citizens, etc.) care? My interest is to have that knowledge, it’s the shareholder interest to have the business succeeding, and they take care of that. So why from your words you seem to imply that it’s “better” if they keep their mouth shut (and therefore protect the businesses)?

I get you want to hear their opinions and then play devil’s advocate about them because that is just what you do.

Unnecessary ad-hominem, which is also easily proved wrong. I hear the opinions of Musk, of Bezos (but also of Zuckerberg, of the Nvidia guy, of Altman and many others) and I am happy because with that information I can (and do) distance myself from their companies. In this case, I feel differently and therefore I take another decision. I like to think that I can critically evaluate situations, but if the conclusion I end up with is different from yours it doesn’t mean that mine is wrong by definition.

You are clearly technically minded but you are also clearly not politically minded.

You are clearly wrong about this. I have nothing to prove obviously, but you can easily also see that by just browsing through other posts on my blog, for example this. I will even go a step further and say that the purism and localism (as defined in this book) that emerges from your words is something I explicitly want to distance myself from, because it has proved to be a complete failure in terms of political battles.

I am referring at things like:

It is clear no matter what corner of the Internet we run to as long as it is into the open arm of corporations it is a mistake.

Clearly you feel a kinship with this man because you are also heavily invested in the tech world. You defend him because you also admire him.

I don’t. I actually can’t care less about him, and I barely know anything about him. My involvement is very limited to this case, and that is because wanting to understand inevitably forced me to learn certain things and inform myself. Please don’t assume other people’s positions.

Thanks, I appreciate it.

I felt that was really uncalled for. The whole post elaborates quite a lot in thousands of words, and I feel like your summary is not really accurate. Unfortunately, I have no way to debate accusations that follow a circular logic, so I won’t attempt to do so.

Otherwise please keep that shit to yourself and keep it out of your business if you ever want my money.

I reiterate that I find curious that you seem to prefer ignorance of those positions, as if the reality is suddenly better if you don’t know a problem exists. You would rather pay for Proton not knowing that Andy Yen thinks what he thinks than having more information so that you can choose to stop paying. Obviously just an example, same thing applies to the WaPo or Tesla, or any other similar case.

I think I can agree with that. Unfortunately PGP is the only alternative we have for emails (i.e., the client-side tools would still be doing PGP encryption), which is also the reason why it shouldn’t be used for really delicate communication. The fact that - whatever setup you use - there will always be metadata showing that person X communicated with person Y alone is a nonstarter for certain types of communication.

Signal would be my recommendation.

Sure, it does. Which depending on what their goal is, may be perfectly fine.

They have always been actively almost exclusively on reddit (where they engage) anyway, they will keep doing so I assume.

The problem is that those arguments are not falsifiable. If not one, but two completely reasonable explanation cannot convince you of someone motivations, nothing can. However, I don’t care if Musk did or did not a Nazi salute. His actions speak much louder (in a bad sense) than the aesthetic that he decides to adopt. Proton donation pattern for example would be a strong indicator to measure intentions.

but it was a wildly tone deaf one if so

Maybe. But also maybe people are allowed to have different cultural references, and in a global context (i.e., the internet) we should expect diversity. I - for example - had never heard of this 88 thing, and I would definitely not think about it at all the next time I create a username, and I didn’t think it when I went to a barber shop that has that number in the name. Likewise, I wouldn’t call anybody writing “Merry Xmas” tone deaf for missing the reference to the X MAS of infamous history (and just recently in the news). For some people it’s apparently impossible to see their culture as non-universal (at the cost of sounding stereotypical, folks from US have particularly this problem after decades of cultural hegemony).

for a party that’s steeped in all of the same memetic game playing, you cant ignore the dog whistles

This all happened before Musk/Bannon salute. Just to specify it.

Thanks for the response, despite the fact we disagree quite substantially.

I think it’s OK that different people have different points of view. Everyone’s opinion also should fit within a broader (political) praxis and strategy that they support.

There are a lot of CEOs out there that don’t decide to get all political. They don’t do this because they have an image or brand to protect. Maybe I just like a good illusion though.

This is something I particularly disagree, as you probably have already read. Ignorance on once’s position doesn’t mean that position doesn’t exist. I appreciate Jeff Bezos for example writing that memo (just yesterday’s published), compared to acting the same way without my full knowledge.

He is no political scientist

If this was the criteria to comment on politics, honestly we should shut down everything (including Lemmy) :)

It’s not a problem of complexity, it’s a deliberate choice of not wanting to do that, because it is synthetic content disconnected from the community.

This comment is a perfect example of why I have written https://loudwhisper.me/blog/proton-fediverse-burnout/

The 88 thing is the complete tip of the iceberg for me. I can’t honestly imagine the thought process needed to reach a conclusion that a Taiwanese guy (8 is a lucky number) born in '88 would put that number as a dog-whistle (which is not really part of his own cultural landscape) for Nazis, while dealing with a PR issue.

It’s like looking at a crashed car, tire marks on the ground and suggesting it must have been a sharknado and not a car accident.

(Re)Posting and not engaging with the community is not free publicity, is bad publicity. They don’t have the resources (according to them) do to the latter, and therefore they choose not to do the former.

In case of proton free means “subsidized by paying users”. No big mystery on how they make money.

They specifically said they don’t want to do automated posting, to avoid writing and not interacting with the community. I see no value in them doing this, considering we can get the same content via RSS, blog page or email newsletter. Presence makes sense if it means presence. If it means a bot reposting content, anybody can do it, but the value is very low.

Yes, that’s absolutely true. Assuming a full PGP flow, (e.g., proton to proton) even in that case the recipient and other metadata (in tuta, excluding subject line) is still visible to the provider.

Hopefully the more people move to secure providers, the more the general case will be transparent PGP, but we are a long way from there…

I can see a threat model already from 2014.

Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective. From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example. On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.

I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.

I guess you disagree and that’s fine.

Well, yes-ish.

An organization with resources to coerce or compromise Proton or similar wouldn’t have trouble identifying individual users “well enough” (trivially, IP address). At that point there is absolutely nothing stopping a package distributor to serve different content by IP. Not even signatures help in this context, as the signature still comes from the same party coerced or compromised.

Also most people won’t (or are unable to) analyze every code change after every update, which means in practice detection is even more unlikely for OS packages than it is for web pages (much easier to debug code and see network flows). The OS attack surface is also much broader.

In general anyway, this is such a sophisticated attack (especially the targeted nature of it) that it’s not relevant for the vast, vast majority of people. If you deal with super sensitive data you can build your proton client directly, or simply use the bridge (which ultimately is exactly like other client-side tooling), so for those very rare corner cases where this threat is relevant, a solution exists. Actually, in those cases you probably don’t want to use mail in general. So my question is, who is the threat actor you are concerned about?

All in all I think that labeling “insecure” the setup for this I think is not accurate and can paint a wrong picture to people less technically competent.

They wrote that they don’t want to “write and forget” but engage with people (as they do on Reddit, for better or worse). I think it’s opinable, but it sounds reasonable to me. What is the value of having an official account which just reposts one-way communication already published on the blog and on the newsletter? Anybody can build such a bot, but it’s not “presence” the way I interpret it.