One of the common misnomers around the migration away from toxic tech stacks is that the options are either 1) services managed by a company or 2) everyone #selfhosting themselves.
-
@JulianOliver thats kindof true. but you really only have to convince a small group and the rest will follow.
No E2EE in Mattermost would be a no go in infra for activism for me. people should and must learn how to protect their communictaion. You should educate not lower the bar.
Make some youtube videos and a good wiki entry and people will use it or ask someone. my experience.We proclaim it as a WhatsApp replacement, and it works well. people help out each other.
@xr1st0ph If a group using WhatsApp &/or Slack &/or Teams trials your alt & they don't bite despite your efforts to educate, you go with 2nd best bc it's better than no migration.
Every week I work with groups on migration plans, educating, & one rule sticks: you cannot force people.
BTW if a group trusts their sysadmin(s), the machine is FDE AES-XTS/LUKS2 and tightly locked down in a rack or on-prem, E2EE affordances at the service layer are practically meaningless in most threat models.
-
@xr1st0ph If a group using WhatsApp &/or Slack &/or Teams trials your alt & they don't bite despite your efforts to educate, you go with 2nd best bc it's better than no migration.
Every week I work with groups on migration plans, educating, & one rule sticks: you cannot force people.
BTW if a group trusts their sysadmin(s), the machine is FDE AES-XTS/LUKS2 and tightly locked down in a rack or on-prem, E2EE affordances at the service layer are practically meaningless in most threat models.
@xr1st0ph You can have E2EE up to your ears and it's futile if the end-point is powered on (even with FBE) & in the hands of adversary. This is by far the biggest threat to frontline activism I see almost daily with those insisting on taking phones to protests. Chats exposed, Signal, MM, Matrix, does not matter. If you don't have a path and means to centrally disable accounts all is lost. Signal is very troubled like this. The group admin removes arrested from the group, but prior chat remains
-
@xr1st0ph If a group using WhatsApp &/or Slack &/or Teams trials your alt & they don't bite despite your efforts to educate, you go with 2nd best bc it's better than no migration.
Every week I work with groups on migration plans, educating, & one rule sticks: you cannot force people.
BTW if a group trusts their sysadmin(s), the machine is FDE AES-XTS/LUKS2 and tightly locked down in a rack or on-prem, E2EE affordances at the service layer are practically meaningless in most threat models.
@JulianOliver normally people who fight for a good cause never despite anything imho and xp.
thats true and this is why you use matrix. the element admin app is exactly for that: remove all tokens and shut down the app for a specific user. even if someone has now access to the phones storage, its all E2EE with no way of getting those messages. you can even deice forceing a reset of all messages.
-
@JulianOliver sure. but something like this adds up in DevOps and administration. How anyone can tell this will work next year? or the apps will get this limit to? i will definitly not compiling android and ios apps by hand everytoime an update hits. how to distribute?
Shouldnt this be taken in concideration when using such a fork?@xr1st0ph All the official apps work fine. I use patched MM server (the MM Go binary) on a bunch of instances.
-
@xr1st0ph All the official apps work fine. I use patched MM server (the MM Go binary) on a bunch of instances.
@JulianOliver thats not my why of doing things. out activists and i go the extra mile. but i think its great that it works for you.
-
@JulianOliver thats not my why of doing things. out activists and i go the extra mile. but i think its great that it works for you.
@xr1st0ph We work very hard at this, and have been at it for years. Nonetheless, you may be better at convincing groups to use tools you think they should use than we are.
We find trying to convince folk is not always the wisest end game. Rather, a compromise is sometimes necessary for a successful staged migration away from jurisdictionally or materially compromised services, with outcomes of higher platform morale, so lower chance of regression &/or splintering, & better overall org opsec.
-
@xr1st0ph We work very hard at this, and have been at it for years. Nonetheless, you may be better at convincing groups to use tools you think they should use than we are.
We find trying to convince folk is not always the wisest end game. Rather, a compromise is sometimes necessary for a successful staged migration away from jurisdictionally or materially compromised services, with outcomes of higher platform morale, so lower chance of regression &/or splintering, & better overall org opsec.
@JulianOliver THIS!
Are you interrested in a videocall? taking this further? I would love to learn something about your work.
-
@JulianOliver normally people who fight for a good cause never despite anything imho and xp.
thats true and this is why you use matrix. the element admin app is exactly for that: remove all tokens and shut down the app for a specific user. even if someone has now access to the phones storage, its all E2EE with no way of getting those messages. you can even deice forceing a reset of all messages.
@xr1st0ph I am well aware. This is a feature I like both in MM and Matrix.
I am not the one to convince.
-
@xr1st0ph I am well aware. This is a feature I like both in MM and Matrix.
I am not the one to convince.
@xr1st0ph In summary, Mattermost also has its problems, in particular the dumbing down of finer-grained admin controls to push people to Enterprise. The seat limit is also absurd and patronising.
Matrix with Element (X) however has UX issues that while not a big issue for those more enthusiastic about tech, they can be total breaking points for the tech and/or migration averse. Some of the gripes here I heard verbatim from climate activists we trialed on Matrix: https://xn--gckvb8fzb.com/giving-up-on-element-and-matrixorg/
-
One of the common misnomers around the migration away from toxic tech stacks is that the options are either 1) services managed by a company or 2) everyone #selfhosting themselves.
There is however an often overlooked 3rd option of community-scaled infrastructure. Here a group identifies their needs, plans & deploys to meet them. Much like a community garden, that infrastructure has people skilled & dedicated to its upkeep in providing for that group, working bees & skillshare as needed.
1/n
@JulianOliver
There are organizations doing community IT infrastructure in various forms: @datacoop @deuxfleurs @konstellationen and several others. There's a matrix room for exchanging ideas, anyone working on something like this DM me and I'll get you in touch with the admins. -
[...] This is not possible without a re-distribution of expertise, away from where it is largely held captive by the gov, corp and military sectors, often in high-paying jobs.
And not just stuffing services behind a public IP either, & hoping for the best, but deploying with security and server design best practices in mind. Without doing so, the infrastructure will in time be compromised &/or rot out, losing the morale of the membership.
This is a big part of why we're running the trainings
Ethical managed services by a coop or company can meet many needs, however a desire for increased autonomy & privacy will sometimes become a tension.
Activist communities attract adversarial pressure, so are strongly encouraged to self-host. They should do so in a jurisdiction as resistant as possible to cross-border warrants relative to their operating context. A frontline movement hosted on managed services implicates the org providing their stack, & risks downtime for those hosted adjacently
-
One of the common misnomers around the migration away from toxic tech stacks is that the options are either 1) services managed by a company or 2) everyone #selfhosting themselves.
There is however an often overlooked 3rd option of community-scaled infrastructure. Here a group identifies their needs, plans & deploys to meet them. Much like a community garden, that infrastructure has people skilled & dedicated to its upkeep in providing for that group, working bees & skillshare as needed.
1/n
This site is handy too:
European alternatives for popular services | European Alternatives
We help you find European alternatives for digital service and products, like cloud services and SaaS products.
European Alternatives (european-alternatives.eu)
-
This site is handy too:
European alternatives for popular services | European Alternatives
We help you find European alternatives for digital service and products, like cloud services and SaaS products.
European Alternatives (european-alternatives.eu)
@gemlog Yes it is. I sometimes share that with those that are comfortable with managed services.
-
@gemlog Yes it is. I sometimes share that with those that are comfortable with managed services.
@JulianOliver
Thank you for doing that.
We all need to hope together. -
Crystelle, co-director of Nīkau, said an interesting thing on this, noting that across history so many human cultures have necessarily localised expertise to meet the needs of their group, building in resilience - whether carpenter, physician, mason, blacksmith, gardener, hunter etc.
She argues that today, with a dependence on complex technical infrastructures readily abused by power, communities need to incorporate system administration & infosec into the skillbase held by the membership.
-
One of the common misnomers around the migration away from toxic tech stacks is that the options are either 1) services managed by a company or 2) everyone #selfhosting themselves.
There is however an often overlooked 3rd option of community-scaled infrastructure. Here a group identifies their needs, plans & deploys to meet them. Much like a community garden, that infrastructure has people skilled & dedicated to its upkeep in providing for that group, working bees & skillshare as needed.
1/n
@JulianOliver We shouldn't forget intermediates between self-hosting and megacorps. Mastodon is an obvious example: I'm not hosting this instance. (Thanks @Larvitz ). signalapp@mastodon.world is run by a non-profit foundation. @nextcloud comes quickly to mind. It's for-profit, but it has user-friendly principles. A similar description applies to @openstreetmap and Bandcamp.
-
R relay@relay.mycrowd.ca shared this topicR relay@relay.an.exchange shared this topic
-
@JulianOliver We shouldn't forget intermediates between self-hosting and megacorps. Mastodon is an obvious example: I'm not hosting this instance. (Thanks @Larvitz ). signalapp@mastodon.world is run by a non-profit foundation. @nextcloud comes quickly to mind. It's for-profit, but it has user-friendly principles. A similar description applies to @openstreetmap and Bandcamp.
@alison @Larvitz @nextcloud @openstreetmap Yes it is good such ethical and managed services exist. They can meet many needs and we (Nīkau) often recommend various providers in this space.
There are many needs they can not meet however, like those of frontline activism, organisations with stricter privacy requirements or those needing more scalability and flexibility as they grow. It is for such cases that we offer training and do server deployments.
-
@JulianOliver We shouldn't forget intermediates between self-hosting and megacorps. Mastodon is an obvious example: I'm not hosting this instance. (Thanks @Larvitz ). signalapp@mastodon.world is run by a non-profit foundation. @nextcloud comes quickly to mind. It's for-profit, but it has user-friendly principles. A similar description applies to @openstreetmap and Bandcamp.
@alison @JulianOliver @nextcloud @openstreetmap I totally agree. There are several ways to escape megacorps without actually self-hosting stuff.
There's cooperatives (like German Hostsharing e.G.), hosted services from freedom-oriented parties (Posteo, Codeberg, Proton etc.), managed solutions like masto.host, that host your own Mastodon instance for you and many more.
There's also community built services by makerspaces or local hackerspaces etc. There's all shades of grey between big-tech and self-hosting.
