There are gemini to http gateways so the content is probably already crawled anyway.
There are gemini to http gateways so the content is probably already crawled anyway.
So lets be clear - there is no way to prevent others from crawling your website if they really want to (AI or non AI).
Sure you can put up a robots.txt or reject certain user agents (if you self host) to try and screen the most common crawlers. But as far as your hosting is concerned the crawler for AI is not too different from e.g. the crawler from google that takes piece of content to show on results. You can put a captcha or equivalent to screen non-humans, but this does not work that well and might also prevent search engines from finding your site (which i don’t know if you want?).
I don’t have a solution for the AI problem, as for the “greed” problem, I think most of us poor folks do one of the following:
Now for the AI problem, there are no good solutions, but there are funny ones:
I should point out that none of this will make you famous or raise your SEO rank in search results.
PS: can you share your site, now i’m curious about the stories
Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.
First the trivial stuff:
These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.
Now for the reasons that really keep me away:
Finally a couple of points on some of the other comments:
First of all, you can assume the server can infer this in a number of ways - there is actually no way to fully block it, but we can try.
The main issue for privacy is that it makes your browser behave in ways that are a bit too specific (i.e. less private by comparison with the rest of the browsers in the known universe).
As for techniques the site can use
By the away not downloading the fonts also makes you “less private”. Some of this is a stretch but not impossible.
Now for a more practical problem. Lots of sites use custom fonts for icons. Which means some sites will be very hard to use, because they only display buttons with an icon (actually a letter with a custom font).
FWIW these two lines are in my Firefox profile to disable downloads and skip document provided fonts:
user_pref("gfx.downloadable_fonts.enabled", false);
user_pref("browser.display.use_document_fonts", 0);
If someone has better/different settings please share.
Finally the Tor browser folks did good work on privacy protections over FF. Maybe their issue tracker is a good source of inspiration https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18097
I don’t quite agree with some of the rationale
Having said this I do understand where he is coming from. And I agree that:
I would like to remind everyone that the GPL pretty much exists because of (1.). If anything we should have more GPL code. In that regard I don’t think it failed us. But we rarely see enforced (in court). Frankly most of our code is not that special so please GPL it.
Finally I think users do know about Open Source software indirectly. In the same way they find out their “public” infrastructure has been running without permit or inspection the day things start breaking and the original builder/supplier is long gone and left no trace of how it works.
Since these days everything is software (or black box hardware with firmware) this is increasingly important in public policy. And I do wish we would see public contracts asking for hardware/firmware what some already for software.
I wont get into the Redhat/IBM+CentOS/Fedora or AI points because there is a lot more going on there. Not that he is not right. But I’m kind of fed up with it :D
I’ve tried a few times in the past 2 weeks. Using a good email account and also with github, no luck though. Maybe its doing some “smart” heuristics to trigger it.
I just retried now, using that temp mail (but no vpn) and got the exact same phone verification. Maybe my IP address is evil :D
I’m a bit of terminal nerd, so probably not the best person to talk about desktop. I don’t have many thoughts with regards to app development or layout for accessibility. What I really would like is for distros to be accessible from the ground up, even before the desktop is up.
The best example of accessibility from the ground up I saw for linux was talking arch, an Arch Linux spin with speech. Sadly the website is gone, but we can find it in the web archive
in particular there was an audio tutorial to help you install the live cd (you can still ear it in the archive):
Here are a few resources, which are pretty dated but I wish they were the norm in any install:
Now going into your points:
How should a blind Desktop be structured?
To be honest I don’t expect much here. As long as context/window switching signals you properly you are probably fine. I have not used gnome with orca in a long time, but this used to be ok. The problems begin with the apps, tabs and app internal structure.
Are there any big dealbreakers like Wayland, TTS engines, specific applications e.g.?
Lots.
Some times your screen reader breaks and its nice to have a magic key that restarts the screen reader, or the entire desktop. Or you just swap into a virtual console running speakup/yasr and do it yourself :D
TTS engines are probably ok. Some times people complain about the voices, but I think it is fine as long as it reliably works, does not hang, responds quickly.
Specific applications are tricky. The default settings on a lot of apps wont work well by default, but that is not surprising.
I do think that a lot of newer apps have two problems
I can give you two good-ish examples, both Vim and Mutt can work very well with a terminal screen reader, but it is a lot of work to configure:
I think you can find similar examples in desktop apps too.
What do you think would be the best base Desktop to build such a setup on?
no idea to be honest. Gnome use to have support. I suppose other desktops that can be remote controlled could be changed to integrate speech (like i3 or sway).
Would you think an immutable, out of the box Distro like “Fedora Silversound”, with everything included, the best tools, presets, easy setup e.g. is a good idea?
I have never used Silversound. But the key thing for me is to be able to roll back forward to a working state.
How privacy-friendly can a usable blind Desktop be?
I think it should be fine. People with screens have things like those Laptop Screen Privacy Filter, people using audio have headphones. Depending on your machine you can setup the mixer so that audio never uses the external speaker.
I don’t recall the details but you can also have some applications send audio to the external speaker while others use your headphones (provided they are a separate sound card, like usb/bluetooth headphones).
Also, how would you like to call it? “A Talking Desktop”?
Urgh, Shouting Linux.
This is a really nice summary of the practical issues surrounding this.
There is one more that I would like to call out: how does this client scanning code end up running in your phone? i.e. who pushes it there and keeps it up to date (and by consequence the database).
I can think of a few options:
Each of these has its own problems/challenges. How to compel them to insert this (ahem “backdoor”), and the different risks with each of them.
True friendship is indeed to trade ssh keys.
What kind of hardware are we talking about here. Tiny boxes, big boxes? Disks, networking?
Ultimately you are trusting the relay server to hold your messages If the relay is not trustworthy, it could reveal those messages.
The only exception I know of are encrypted direct messages which are still held by the relay but are encrypted with the recipient’s key. These messages still have a cleartext recipient id (so the server can deliver them).
So, if the relay is well behaved
If the relay server is operated by the forces of evil, then the only thing you can assume is that direct message content is not visible, but they can see the message src/destination/timestamp.
I think the main motivation for nostr is censorship resistence - so if you are being blocked in one relay, you move to another - in terms of privacy/security it does not seem weaker than most other public message forums.
They could serve similar purposes. In terms of maturity nostr is younger. Here are the main differences from the point of view of nostr:
At its core nostr is a basic protocol where you send messages to a relay server and the relay passes them along to other people when they request them. And on top of those messages people implement extensions for features, full length posts, payments, etc. The are notions of followers and subscriptions (like twitter) but those are just tiny messages where you ask the relay for messages from person A or B. The list of specifications is here https://github.com/nostr-protocol/nips
Finally there are a few different nostr implementations for relays, clients and web interfaces. Some of them do not implement all the features, so you may need to shop around a bit if your are looking for some fancy features (check https://github.com/vishalxl/Nostr-Clients-Features-List).
Also some nostr highlights which I think don’t have equivalent in matrix (but deserve nerd points)
Depends on what you mean by “secure”, being very loose with the definitions, we have
My personal preference is Simplex.
Reasoning for a few:
Some more food for though though; these protocols support both group communication and 1-1 messaging - privacy expectations for these two are very different. For example I don’t care too much about confidentiality in a group chat if there are 3000 people in there. It might be more concerned with concealing my phone/name/metadata.
In general I consider large group chats “public”, I can try to be anonymous, but have no other expectations. e.g. some people use some protocols over ToR because they do not trust the service (or even the destination) but they try to protect their anonymity.
On a technical note: I don’t think there is any protocol that supports multi-device without some kind of vulnerability in the past. So I would temper my expectations if using these protocols across devices.
I’m not familiar with the other ones that were mentioned in comments or in the spreadsheet.