(Takes a deep breath)

We obviously need to have a talk about the fact that most hackers are pretty socially liberal and personal liberty driven. That means we typically fall in line on ideals with libertarian and civil liberties organizations and pundits.

It seems that some people are just discovering that occasionally techbro and traditional libertarians push things at those orgs to an extreme that not only do we not support and have to call out, but even the good people working there object to.

Frankly it’s gross, and I’m disappointed in a few of you. I donate to ACLU and EFF and I will absolutely call out their rare policies and statements which harm marginalized people.

*Walks off shaking my head at the Proton apologists*

@hacks4pancakes it is gross. I support a lot of liberal-leaning activists and activist groups, but it's maddening when they can't hold two conflicting thoughts in their head at the same time.

@jimmylittle I understand nuance is hard

@hacks4pancakes I think people need to realize a whole host of causes are only useful and helpful if they are in service of humanity/humanism.

I think that untangles this and makes it easier to see when “our team” is wrong.

@hacks4pancakes

Many of us (especially in a Europe) are Socialists.

We don't particularly like fascists either but for sometimes reasons. Some of them direct and personal.

Not everyone in Tech is a free speech absolutist "Libertarian" thankfully.

Oh ok I’m coming back for this: deciding we are on “teams” that are infallible is basest human nature and exactly how we are falling into global nationalism and a ironclad two party system in the US. Call shit out when your friends and coworkers do it. Call your orgs out!

@hacks4pancakes There does seem to be a lot of bending-the-knee/kissing-the-ring going on, and the nicest way to describe it is gross and degrading. But I do sometimes find myself grateful for finding out who people are by them telling us in no uncertain terms.

This is more important than ever, globally. The rise of fascism and nationalism, extreme disinformation, climate change, economic disparity and oligarchy are all becoming normalized politically and socially. It’s very easy to be desensitized and accept the red line being moved further and further.

My people, two of the largest information sharing platforms on Earth now allow full blown hate speech against queer people. Programs that allow disadvantaged people to have a shot are being attacked, billionaires are becoming trillionaires while we struggle to get healthcare. Vigilance.

@hacks4pancakes I dont think I caught what happened with Proton, guess i need to go read up on it, but. What your describing here ive heard called Tribalism. Its what makes sportball fans so hateful toward eachother that it sometimes comes to violence. Its what makes political parties so polar opposite from each other. And for a lot of humanity's history its whats kept groups of people alive.

Our base nature makes us fall in line with people who think like we do. And then stick with them until something big makes us change our minds. Some of us are OK being loners and so we end up taking more objective views on these sort of things. But the bulk of the human race.. Its reallly hard to change.

Those of us who can think freely, do, in fact, as you say, need to call it out when we see it, and we need to be as vocal as we can be without also alienating ourselves from the larger tribes. Becasue if we appear to be too much "outside" of their views... Well.. we're just the opposition.

Let me be clear though, I am NOT suggesting that we all need to be OK with the most radical examples here. Just so we can somehow believe that we might change their minds. I am perfectly fine with being alienated from hate groups for example. But I think there are a lot of people who are floating right now, and maybe just need a good breeze in the right direction.

@gangrif I can explain briefly, the proton CEO has pretty much publicly come out as a fascist, even posting Nazi related symbols. When I and others have called this out, hackers have rushed to their defense because they like proton.

@hacks4pancakes Just sayin', we get the pro-Luigi energy

@hacks4pancakes That’s very generous. My guess would be that if US representatives sat in the European Parliament almost all of them would be on the right and far right. Maybe a couple in the centre and less than a dozen on the left. Maybe someone can correct those figures, but that’s what it sounds like.

@bernardlyons I don’t disagree. I am after all trying to flee.

@hacks4pancakes I’m writing a tutorial on how to migrate off Proton and self host. I asked politely for a refund and was pointed to some buried paragraph on their ToS saying no. They don’t care about their customers, or optics apparently. I’ll take perverse pleasure in knowing every page hit to my guide is another dissatisfied user who wants off their services.

@hacks4pancakes Dammit...

I mean really.. Dammit. This all makes me wish I never stopped self-hosting all of my services... At least when I ran my own email I knew I generally agreed with the morals of my host.. :P

Seriously though, thanks for filling me in. Now I have enough data to go dig deeper. I dont use proton for anything other than a single account for the defcon group I help organize.. so im not terribly impacted personally.

Im really getting sick of every tech company suddenly showing how terrible they truly are recently. These are the companies that we've all trusted to host the infrastructure that the world operates on. Its just infuriating.

@gangrif @hacks4pancakes it feels like everything everywhere has gone to shit with no relief in sight.

@sycophantic @gangrif every techbro who was held back by HR and PR just basically got a green light to be himself, as a corporate policy. At least we can see who people are

@hacks4pancakes @sycophantic @gangrif well somehow I wish that Silicon Valley would have been in France. The riots would have been glorious. But unfortunately tech bro culture will just go into overdrive and we in the rest of the of the planet will feel it 😟

@simonzerafa not even close, even when our interests converge

@StrangeCulprits @hacks4pancakes I can empathize with the urge, I really can. And then I remember that we founded this country on the belief that violence is not the way we want our society to work.

I don’t yet believe we have reached the point where armed uprising is the right choice. Short of that, I continue to look to the principles of Rev. Dr. Martin Luther King Jr. and others, and aim to honor the memory of Rep. John Lewis in finding good trouble to get into.

YMMV.

@purp @StrangeCulprits I genuinely appreciate the sentiment but pride was a riot. MLK was shot. We massacred much of the indigenous population.

@purp @StrangeCulprits @hacks4pancakes

what country are you talking about? one founded through genocide? and built by slaves? or one in imaginationland?

@hacks4pancakes

Everything libertarian is a subversion of democracy, and that has always been libertarian's purpose.

@hacks4pancakes @gangrif I apologize in advance, I am not a tech person and so my opinion is an outsider's view, but: Do these fanboys think every CEO of every company that makes a product or service that they like, actually, personally, writes the software or connects the wires or creates and designs new ideas and inventions, and is the means of production? The conflation is not only stupid, it's dangerous authoritarian-enabling.It's like the putrid fallacy of The Great Man theory of history, that erased the complexity and cooperation of thousands of anonymous people necessary for the success of every endeavor. It's why democracy is now at great risk, because we forgot it's not single individuals who protect or change societies, it is the effort of millions of unnamed unrecognized individuals who do the hard work.

@pattykimura @gangrif look at the huge number of people who think Elon is a brilliant technologist and inventor.

@kevinrns @hacks4pancakes
Libertarians have a childish ideology. When I held those views I was a child, and even still I'm embarrassed by them.

@AeonCypher @hacks4pancakes

Mum can I have the salt?

STOP TRYING TO ENSLAVE ME WITH YOUR NEEDS!!!

@hacks4pancakes @purp @StrangeCulprits The Revolution was a revolution. Peaceful action should be the first choice, but if things get bad enough, we do need to consider other choices.

From the Declaration of Independence:

"That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."

@hacks4pancakes holy shit I had no idea. Thanks for the heads up

@guppyur do your own research but it’s basically even more blatant than Zuck

@hacks4pancakes Let the great unmasking begin…

@hacks4pancakes the good actions -> good person causality is so simple yet people consistently spin this backwards

@sk3w people have a multitude of motivations

@pattykimura @hacks4pancakes @gangrif

there is this myth of the genius/inventor founder. it's a total myth. with almost no exception, the "talent" founders have is promotion and getting revenue. they are far more likely to trend towards snake oil salesman rather than techie. but they are as good at selling this "vision" to actual talented techies, who wind up working for the founder. it's how things do get built, assuming there is anything substantive under the hype.

the whole VC funding model has poisoned silicon valley and much of tech.

@hacks4pancakes thank you for commenting on this Lesley, appreciate your wisdom as always 💙

@sycophantic @hacks4pancakes And quickly. Its like the recent election gave everyone balls to be assholes again.

@gangrif @sycophantic @hacks4pancakes

I'd say less 'balls' - conservatives tend more towards the cowardly - and more "permission, because their team is In Charge" so if someone -does- object to their behavior, they're the ones Making The Rules which means they can say it's OK.

@sycophantic@infosec.exchange @hacks4pancakes@infosec.exchange @gangrif@social.undrground.org it's exactly that.

@gangrif @sycophantic @hacks4pancakes If I may paraphrase Glinda the Good: They were assholes all along.

@gangrif @sycophantic @hacks4pancakes

This has specific implications, in that they will absolutely the fuck fold if you can show them that they're not the ones In Charge in a given context.

They will -whine like fuck- tho.

@gangrif @sycophantic @hacks4pancakes

'cuz that's the thing - conservativism is an outwardly-directed sense of identity, dependent on the social structure they're in.

It doesn't allow for a well-grounded interiority and sense-of-self.

So what they crave is -permission- from someone who is In Charge - witness how popular fundamentalist religions, which are all about saying they're In Charge and have a clear set of Rules are with their like.

Which has any number of obvious weaknesses, but you know how that goes.

@gangrif @sycophantic @hacks4pancakes it gave them permission to do it openly rather than behind the scenes. They were always arseholes.

@greycat @hacks4pancakes @sycophantic @gangrif

In hacker circles there's a certain flavor of hacker that bases their entire identity on being contrary to whatever is going on at the moment. I'm sure you've all met that guy. I've been to plenty of hacker gatherings where people try to out asshole each other.

While being a Trump supporter gives you license to be the worst version of yourself a lot of hackers turned Trump supporters were also the same lot who liked to "do it for the L0Lz"

I'm vexed about this proton thing because I went in whole hog with them. I am really beginning to think that hosting my own email is the only answer.......JFC

@jackgangi @greycat @hacks4pancakes @sycophantic
Yea, ive done the host your own thing, and it got to be a lot. Its why I dont anymore. I really dont want to go back. :P

@jerry
Any chance of there being a
mail.infosec.exchange ?
Maybe even do it as a for profit with a reasonable subscription fee?
I'd be in. And I'm pretty sure you count as a trusted admin.

@gangrif @jackgangi @greycat @hacks4pancakes @sycophantic

@johntimaeus I have thought about that on and off for a long time and one of the hangups I have is that the server really needs to be zero knowledge - and I am not aware of any selft hosted mail server software that supports that but hopefully I'm just not aware of the options... @gangrif @jackgangi @greycat @hacks4pancakes @sycophantic

@jackgangi@hackers.town @hacks4pancakes@infosec.exchange @sycophantic@infosec.exchange @gangrif@social.undrground.org yeah i'm not super keen on the idea either, but...

@jerry @johntimaeus @jackgangi @greycat @hacks4pancakes @sycophantic i'm not sure where to start anymore. my last solution of choice was Zimbra. which from what i understand is now dead or no longer open source. it did not focus on zero knowledge though. and needed a beast of a server because... java

I may be game to help figure out a solution if you're serious though.

@gangrif @johntimaeus were it not for my hangup about encrypted mail storage using, I would use probably use iredmail.

@jerry

Even leaving aside the Zero Knowledge bit, just having an email address that doesn't scrape data and has a "delete my data" button is worth more than a little bit. I deletes in backups are problematic, but I think it could be done with a little staring at.

I keep my current hosting mainly for those features. I don't think I can burn the backups for a single user, but if things go wahoonie shaped, I can burn a domain down -- including deleting backups.

That and even though I'm paying too much, they've been good to me and don't fall down often.

And also I'm too damn lazy to research alternatives and go through a migration to save about $50/year.

@gangrif @jackgangi @greycat @hacks4pancakes @sycophantic

@jerry @gangrif

It's a really hard problem when you get down to it. Shared storage, with individual encryption, and no view from the server side.

The three-digit RFC authors didn't really take this kind of thing into account.

@johntimaeus @gangrif I feel like there has to be a somewhat elegant solution using public key crypto, but it would require rewrting the smtp and imap/pop servers

@jerry

The server side shouldn't be too hard (he said pretending that imposter syndrome doesn't exist).

It's the client software and priv key storage that I don't even want to consider.

Sounds a lot like rolling my own crypto, and I've heard that may be bad.

@gangrif

@hacks4pancakes As Hemingway wrote, “There are many who do not know they are fascists but will find it out when the time comes.”
The time is upon us, and the tech bros are flexing, both literally and figuratively, in the rush of what they see as a new age.

Not people in my thread still trying to whatabout the Proton CEO, imma have a drink and block yall

@hacks4pancakes

@hacks4pancakes

wow. is that a dessert, a cocktail, or both?

@paul_ipv6 yes

@StopTheSweepsPDX @purp @StrangeCulprits @hacks4pancakes I think they mean the one built on a colony the Puritans went to because their rights to religious freedom were being infringed by governments that prevented them from burning Catholics.

@hacks4pancakes Proton disappointed me more than Meta. I never expected any moral backbone from Zuckerberg, but from Proton.

@hacks4pancakes That is important: look how people behave when they believe being nasty carries no consequences. Remember that when you make decisions.

@hacks4pancakes Milwaukee?

@hacks4pancakes I really wish there were more than 3 companies that I could work at that weren't overtly evil or dumping money (and our climate) into worthless LLMs...which I guess makes them evil too. ::sigh::

@eagerpebble @hacks4pancakes If you want to do ethical stuff with tech, you don't look to get hired by a "tech company" but a company doing something positive and worthwhile that needs IT staff or programmers etc.

@johntimaeus @jerry @jackgangi @greycat @hacks4pancakes @sycophantic

Cherry picking a user out of backups to delete them would be hard, unless backups were stored per mailbox.. Which could be possible... But maybe ugly.

You could maybe cover that with policy though? Keep only a few weeks of backup in rotation, and then policy says that even after you delete your account, it may exist in backup until it rotates out. That's the lazy solution anyway.

Or... just dont keep backups of users email? The old sysadmin in me says that sounds crazy, but if its a blind service... that might actually be a selling point?

@gangrif @jerry

So many bad possible answers to one problem!
Keeping the mailbox encrypted under the per user key is best. Can't recover what you can't decrypt.

But handling and passing keys appropriately is hard.

@jackgangi @greycat @hacks4pancakes @sycophantic

@johntimaeus @jerry @jackgangi @greycat @hacks4pancakes @sycophantic

I learned a long time ago, even bad answers are worth talking through.

@johntimaeus @jerry @jackgangi @greycat @hacks4pancakes @sycophantic

But yes, the thought crossed my mind. If all of the data is encrypted with the user's key, i dont have that key, or i dont have the ability to unlock that key, then even data in the backup is useless to me except to provide it to the user.

@johntimaeus @jerry @jackgangi @greycat @hacks4pancakes @sycophantic

For some reason my brain can never resist a problem to solve. Ive started looking for email systems that encrypt on-server. Mailcow keeps popping up. and its containerized. I like it already.

Then you need a mail client that also encrypts.

Problem is, these all depend on gpg, which in my experience has always put the burden on the user, and their recipients. Generally email sent and received off-server would have to be un-encrypted as practically no one in the world is willing to deal with gpg keys.

I also don't know how you'd avoid this with literally any other encryption technology. The recipient is always going to have to be aware of the encryption, and how to decrypt. No one seems to want to do that.

@gangrif @johntimaeus in my mind, the way proton works (which I’m sure it not how it actually works) is that at account creation, an public/private key pair is created. The private key is stored encrypted using the user’s hashed password as the decryption key. When the smtp server writes files to the email directory (assuming not using mbox) and encrypts using the public key. When the user connects through imap, the imap server uses the hashed password it’s provided from the user to decrypt the private key and use that private key to decrypt the mail files for the user. There’s an exposure on the server because the imap process has the private key in memory for some time. I think proton mitigates that by forcing you to use a local relay so the decryption of the private key and mail files happens on your own computer (or in your browser).

It would require a bunch of work to keep track of mail files without being able to decrypt them, but that seems manageable.

❝ what country are you talking about? one founded through genocide? and built by slaves? or one in imaginationland?

exactly.

it’s absolutely ahistorical to say fascism is on the rise.

fascism is and has been, the United States #1 export. forever.

fascism is the globalization of the very American and genocidal Manifest Destiny with a pocket full of neoliberal capitalism.

@StopTheSweepsPDX @purp @StrangeCulprits @hacks4pancakes

@blogdiva @StopTheSweepsPDX @purp @StrangeCulprits @hacks4pancakes

Fascism is only on the rise because amerika "won" the cold war. Little did they know, but this spelled the beginning of the end of human life on earth.

@blogdiva @StopTheSweepsPDX @purp @StrangeCulprits @hacks4pancakes America is a profoundly violent society, and always has been.

Moreso even than other Western nations.

Because denying basic healthcare to people in a wealthy nation is violence.

Think about the places in the world where you might see someone carrying a gun while obtaining their food.

Ukraine. Gaza. Afghanistan... And America.

America's core value is freedom.

Freedom to do what?

Harm others.

It's a nation built around allowing others, and the community, to be harmed at the whims of individuals.

A chunk of its 2nd largest city was just burnt down because individuals profit from toxic fossil fuels.

That's violence.

Its economic and legal systems are built around conflict and competition, rather than cooperation and mutual aid.

It was built on violently stolen land.

Its economy was built with violently stolen labour.

Slavery was violence.

The trail of tears was violence.

Jim Crow was violence.

Redlining was violence.

Police officers killing unarmed Black men is violence.

Hoarding wealth and living in a multi-million-dollar mansion while countless are homeless is violence.

The right to bear arms is the right to the tools of violence.

It has the largest military in the world to do violence.

It has nuclear weapons to do violence.

@jerry @gangrif @johntimaeus

"so the decryption of the private key and mail files happens on your own computer (or in your browser). " - this a periodic reminder that browser-based clients download the code required to "securely" handle the user keys from the same entity (in this case Proton) that we want to hide the keys from...

@hacks4pancakes Never thought thermite would be used in cocktail preparation…

@fuzzface @hacks4pancakes There are lots of useses beyond cutting & weilding tubular transport infrastructure......... For example, this symbolic middle-finger martini!

@hacks4pancakes dang xD wow what a drink? What was it butterscotch ice cream Sunday?

allegedly the wealth disparity between the wealthy and working classes is even bigger now than it was during the french revolution.

I'm not against seeing heads roll.

@jamon I'd be intertested in seeing a modern email self-hosting guide. I ran my own mail server but when our colo decided to pack up the servers and move them across the country without notice, I quickly begged for and signed up a Google Workspace accounton the "free forever" plan, which they've actually honored.

But if I could easily self-host and integrate with my Nextcloud instance, that might be an interesting thing to try.

@ktneely honestly https://github.com/LukeSmithxyz/emailwiz looks great. Anything I come up with is going to match that broadly speaking. The proton specific bits will be mainly around using their bridge app to make a backup using IMAP

@hacks4pancakes @gangrif
I had been working on moving my email to #Proton but when this news came out, I stopped. Now looking for an alternative alternative.

@godzero @hacks4pancakes @gangrif Read there statement here: https://www.reddit.com/r/ProtonMail/comments/1i2nz9v/on_politics_and_proton_a_message_from_andy/?rdt=61193
#proton

@muzicofiel @godzero @gangrif Such a terribly useless non-redaction

@godzero @hacks4pancakes @gangrif The only similar alternative is Tutanota I believe.