undefined | Better HN

0 pointsyieldcrv2y ago0 comments

“allegedly” aside, is this the only way to tackle the CSAM problem? I get a whif of a false dilemma here but I’m not sure if I have a blindspot

is requiring Oauth from Facebook, Google or Github for hosts something meaningful, necessary or the obligation of Jitsi Meet to do at all

0 comments

salawat2y ago

No, it isn't. Jitsi is free to offer a signup and run an LDAP directory of their own. They do not need to federate with FAANG.

If they still wish to do any sort of reporting or eavesdropping on content, something they claim to be specifically impossible, yet somehow they've unearthed, that is their perogative I suppose.

Personally, I think <insert law enforcement authority> of some sort has made rumblings or threats about them daring to run an uneavesdroppable open comms service, so once again, nice things cannot be had, and everyone is happy to torch the ability to low-frictionly connect between arbitrary people because of the CSAM boogeyman, which no evidence has been brought forth to assert the existence of. In fact, there's been no evidence brought forth that there is any sort of worthwhile reason other than "Jitsi wants in on monetizing user's contact meta info".

xulres2y ago

In every thread someone comes with "but is this the only way to tackle the problem?" Noone ever even makes a suggestion so I guess yes it's the only way.

yieldcrvOP2y ago

that’s mentally negligent.

the only people that have to identify problems and solutions are founders that are grifting for capital or customers. and that’s sad.

the rest of rational actors can see a false dilemmas from afar without knowing what the third and fourth and fifth possibilities are.

in this case its pretty obvious that “privacy for hosts, or not via FAANG Oauth and an unaccountable change in the terms of service to further distance from privacy” is a false dilemma while also not preventing anonymous CSAM rooms on their service.

seanhunter2y ago

It's not mentally negligent, "is this the only solution?" is a weird standard that for some reason gets brought up in the specific instance but isn't something we apply to other problems.

Is MFA the only solution to the auth problem? No.

Is having a firewall the only way to prevent unauthorized traffic on your network? No.

Is docker the only solution to how to package software in containers? No

Is git the only DVCS? No.

Is git-flow the only way to manage branching and pull-requests? No.

Is Rust/Python/Javascript the only programming language? No.

Are relational databases the only way to persist important data? No.

etc etc etc...

We normally expect for difficult problems to have a variety of solutions with different tradeoffs and in particular, for really hard problems involving adaptive human adversaries, a lot of time we rely on applying multiple levels of "solution" in order to give us defense in depth and a chance to really crack a particular problem.

yieldcrvOP2y ago

personally I think its weirder how CSAM (or a mere rumor of it in this case) gets people to not question anything

when without that rumor the criticism of the change would be criticism

“is this the only solution” is actually just me being diplomatic on a topic people are emotional about, as its clearly not the only solution, but even that is met with deflection

maybe thats the reason this “weird standard” is only noticed on CSAM mitigation discussions, because people know they cant be frank to you

1 more reply

bradleyjg2y ago

It’s only a false dilemma if there’s a third, etc. possibility. You can’t just assume that every problem has a magical happy solution that requires no tradeoffs.

yieldcrvOP2y ago

I agree, so here are several

3. the same signup requirements for the participants instead of just the host

4. phone number verification for the host and participants

5. a credit card for the host and participants

6. some kind of deposit for the host and participants

7. discriminating against Tor users

8. including Apple ID in the list of auth services

9. it actually not being Jitsi Meet's obligation at all and authorities continue to prosecute the criminal action of the participants by doing actual investigations

10. ...

2 more replies

j / k navigate · click thread line to collapse

0 comments

salawat2y ago

No, it isn't. Jitsi is free to offer a signup and run an LDAP directory of their own. They do not need to federate with FAANG.

If they still wish to do any sort of reporting or eavesdropping on content, something they claim to be specifically impossible, yet somehow they've unearthed, that is their perogative I suppose.

xulres2y ago

In every thread someone comes with "but is this the only way to tackle the problem?" Noone ever even makes a suggestion so I guess yes it's the only way.

yieldcrvOP2y ago

that’s mentally negligent.

the only people that have to identify problems and solutions are founders that are grifting for capital or customers. and that’s sad.

the rest of rational actors can see a false dilemmas from afar without knowing what the third and fourth and fifth possibilities are.

seanhunter2y ago

It's not mentally negligent, "is this the only solution?" is a weird standard that for some reason gets brought up in the specific instance but isn't something we apply to other problems.

Is MFA the only solution to the auth problem? No.

Is having a firewall the only way to prevent unauthorized traffic on your network? No.

Is docker the only solution to how to package software in containers? No

Is git the only DVCS? No.

Is git-flow the only way to manage branching and pull-requests? No.

Is Rust/Python/Javascript the only programming language? No.

Are relational databases the only way to persist important data? No.

etc etc etc...

yieldcrvOP2y ago

personally I think its weirder how CSAM (or a mere rumor of it in this case) gets people to not question anything

when without that rumor the criticism of the change would be criticism

“is this the only solution” is actually just me being diplomatic on a topic people are emotional about, as its clearly not the only solution, but even that is met with deflection

maybe thats the reason this “weird standard” is only noticed on CSAM mitigation discussions, because people know they cant be frank to you

1 more reply

bradleyjg2y ago

It’s only a false dilemma if there’s a third, etc. possibility. You can’t just assume that every problem has a magical happy solution that requires no tradeoffs.

yieldcrvOP2y ago

I agree, so here are several

3. the same signup requirements for the participants instead of just the host

4. phone number verification for the host and participants

5. a credit card for the host and participants

6. some kind of deposit for the host and participants

7. discriminating against Tor users

8. including Apple ID in the list of auth services

9. it actually not being Jitsi Meet's obligation at all and authorities continue to prosecute the criminal action of the participants by doing actual investigations

10. ...

2 more replies

j / k navigate · click thread line to collapse