“Can I trust app X?”
Can you trust the company/organisation/people who make it? (What have they done in the past/are doing now?)
Can you trust their business model? (How/when do they make money?)
Is it open source?
Is it decentralised?
If yes to all, yes. Otherwise no.
If yes to all : maybe
Otherwise : no
Can we add another question for the list?
Is it not RSA?
@aral don’t forget: can you trust all potential future owners of the company, its databases and its business partners.
@honiden @aral grim, disappointing, and basically impossible to accept, i will admit. but it is hard for me to see the internet and the commercially motivated mass surveilance it brought as anything other than a curse, a mistake. a pandora’s box that shouldn’t have been opened, even if it wasn’t just monsters that came out, it’s becoming harder and harder to see the costs as worth it.
GPL / CC-BY-SA
but that only applies to software you run on your own devices. when you give your data to a company, you have to trust them not use it for malicious purposes. with GDPR they have to tell that they do it. open tumblr for example, you get a list of hundreds of partners with whom they share your data and the partners also have partners and so on...
@davidak @aral I am not enough of a lawyer to argue the finer points of copyleft vs. e.g MIT,BSD. only that I don’t trust law to serve justice, and it is stacked against the disadvantaged. if it can sometimes be used for justice I won’t complain. Just that i won’t put my faith in high ideals from software people anymore.
the idea behind free software licenses is to use the copyright law for common good, as it gives users rights instead of limiting them
i thought again about GPL vs. MIT. the main difference is that MIT supports closed source. so i could say: if you care about free software, use GPL
even this GitHub site say it https://choosealicense.com/
Many users forget there are real people behind apps.
And real interests that need not meet ours.
@aral It's interesting how some developers invest time in personal narratives to shore up their answer to "can you trust the people who make it?" For example, when you read the many stories that Moxie Marlinspike has posted on his website, are you more likely to feel that you can trust him?
I also think about someone like Ladar Levinson, or the Calyx guy (whose name I forget). They've been tested, and went to the mat, which should count for something.
@aral hm, I’d argue that if it’s open source and decentralized (every single part of it), you don’t even have to trust the company behind it because you (or other independent people) can verify whether it’s trustworthy. Ofc marketing (and therefor money) will play a role in how you will perceive the app and it might skew your sense of trust one way or the other...
@jokke Exactly. The only things you should trust are the ones that you don’t have to trust because the people who built them decentred themselves and designed them so you don’t need to trust them to begin with.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!