@aral I'm fully behind this idea.
For us Brits who have no idea what the future will look like after our EU withdrawal, do you have any pointers on who we could talk to now about this? Local MP? Is it still worth going to our MEPs?
@gid Well, everything has an effect. But I don’t know. Conservatives: forgetaboutit. Libdems are in Silicon Valley’s pocket. Labour has other ideas (state owned social network, which makes me shudder as hard as is humanly possible). Maybe the greens? I should try to talk to Caroline at some point. But, really, I don’t know.
@aral thank you. I'll try my local Green MEP.
How do "recover my password/account/data" schemas work in casr of E2E encryption?
What if multiple people have access to certain pieces of data shared between them? Does each person have one key for that data?
What about data that is public?
@aral OK - that last question is answered in the text.
@phoe There are various approaches, including having an encrypted backup of your private key that is encrypted by a restore key/password.
Regarding the second question: see how Cabal/multifeed (and my now-defunct Heartbeat) do it: you have one DAG per writer. Access is via sharing the public key (see DAT), contents can be further end-to-end encrypted for private conversations.
@aral Typo in your "about box" at the bottom of your post: "I'm is"
@forteller Thank you :) Fixed!
@aral Interesting - but how do you enforce (1) - obliging data to be held only locally if it can be?
All code to be open source so individuals can check it and sue? Or certification/licencing red tape to validate all software before anyone is allowed to share it?
And 2 looks like it will end up banning stuff like "aggregating locations to calculate traffic congestion“, which can be done ethically but requires anonymous but unencrypted location data.
You can allow anonymous uses but then you're opening an elephant-sized loophole.
I'd much rather give google my public key and 'require' all the data it saves regarding me to be encrypted with that key and the original destroyed.
(ditto all other central services)
If they want access to my data, I will authorise on a case by case basis... maybe.
I can always access my data - but to pass it to others it would have to be decrypted with my private key, encrypted with their public key and passed to them...
Either party can kill the agreement at any time.
Googles location history stuff is great in many ways for the person who was being tracked --- the issue is who has access to that data... I don't want my data deleted, I just want it to be private. The internet can 'forget me', but I still want access to the memory.
This is my personal Mastodon.