Oddbean new post about | logout
Genri 🇨🇺 | 10 months ago (raw) | root | parent | reply | flag +10 
 In fact, delete option is necessary because we only talk about the censure resistance and assume that's privacy, but privacy is have the capacity of deleting your content for security too. There are too many malicious people or repressive parties. We could protect our data from them. We could decide over our data. Otherwise, what's the difference between Nostr and big tech?
fishcake | 10 months ago (raw) | root | parent | reply | flag +1 
 It’s impossible to have a reliable control of data at the same time as decentralized sharing. These two paradigms do not go together. You either have a tight control of the data or you have a decentralized network where no single party controls it. The only alternative I can think of, is if every note is strongly encrypted and only you have the decryption key that you share to specific individuals and have control over how they access your notes.

For all the shit we give big tech, they have a much tighter control and are able to delete “notes” if they choose to do so. This ability comes from them retaining the control and legal agreements with the partners that have access to the same data. 

You can’t have a cake and eat it 🐶🐾🫡
Genri 🇨🇺 | 10 months ago (raw) | root | parent | reply | flag 
 I hope your idea would be implemented in the future

note1h7udsq3utnz0nv59z8yc7yx3rvthehzk9vge9uzk3s7zyf4srqjq8psrtz
M. Dilger | 10 months ago (raw) | root | parent | reply | flag 
 I understand the desire to have control of your data. But fundamentally, the way the universe works, data about you is not actually your data - it belongs to and is controlled by whoever is in possession of it.  And that could be a hell of a lot of people. To delete properly, we would have to control everybody's computers and even confiscate the brain cells of the people who saw the note before you pressed delete.

IMHO we need to make people more aware of the fact that anything you put out into the universe cannot really ever be taken back or undone. There is no time travel to go back in time. There is no way to unsay something (and believe me I have said things that ended relationships that I really wanted to unsay). Be careful what you say because in reality, as it is in nostr, there is no delete.

Email has no delete. And email didn't fail because of it.

In many situations, more speech is the answer. Add more information to clarify whatever you said that was wrong. That is essentially what nostr delete actually is - a message indicating that you retract something.
pjv | 10 months ago (raw) | root | parent | reply | flag 
 Exactly the right take.
unclebobmartin | 10 months ago (raw) | root | parent | reply | flag 
 One day -- probably one day very soon -- a relay owner will be served with a subpoena to turn over all messages on that relay -- even deleted messages (We all know that "delete" does not mean erase).  That will be an interesting day.

CC: Rabble
CC: Genri 🇨🇺
CC: damus
CC: jb55
CC: btcviv
CC: vrod
M. Dilger | 10 months ago (raw) | root | parent | reply | flag 
 I don't see why a relay wouldn't actually delete (unlike a client). My future relay will. Of course they don't have to and can't be forced to so we don't rely on it, but practically speaking deleting is in the relay's best interest in many ways: saves space, saves liability, etc.

If I were law enforcement, I'd just pull all the events over nostr and keep my investigation on the down low. Relays are (generally speaking) willing to serve everything to anybody. I guess DMs have changed that somewhat.
Rabble | 10 months ago (raw) | root | parent | reply | flag 
 The sad part of it is that we probably won’t know. Between 1999 and 2005, and less actively after, I helped run the indymedia.org servers. We got tons of subpoenas and worked with EFF to fight them. Our servers were configured to never log ip addresses or any other PII we could find. Indymedia was something across between an anarchist 4chan, news site, and twitter. 

One thing the court orders often include is language which prevents the recipient from stating publicly they’ve been served. Organizations tried warrant canaries as a way of getting around those restrictions but that only works until the first time you get served. 

We should encourage and enable the easy use of tor in clients and for relay operators. The server part is easy, we should expose onion services with all relays, plus document and promote them. Getting client support is harder, right now you can use the web apps from a tor browser or setup amethyst to use tor. As far as I know none of the iOS apps support it directly yet. Doing this will make nostr:npub1sn0wdenkukak0d9dfczzeacvhkrgz92ak56egt7vdgzn8pv2wfqqhrjdv9have a better user experience as onion services are both faster and more private than connecting from tor through a public gateway. 

It would be great if all relays had clearly accessible privacy policies and they followed riseup’s as a model. They care about privacy. 

https://riseup.net/en/privacy-policy

We should make changes to the relay software so it logs no PII, like ip addresses, by default. Admins can enable those logs for debugging or dealing with a security issue, but they should be off by default. 

We should encourage nostr client developers to use tools and libraries that don’t connect to or log on third party services. I think this is more important for when people are publishing vs consuming. The trade off of using a CDN is probably worth it, but your mileage may vary. 

And when you do get a knock at the door call the EFF or other legal group for representation. Don’t assume your normal lawyer knows the law in this case. 

The EFF has released a legal guide for people running fediverse servers and almost all of it applies to people running nostr relays. 

https://www.eff.org/deeplinks/2022/12/user-generated-content-and-fediverse-legal-primer
M. Dilger | 10 months ago (raw) | root | parent | reply | flag +1 
 Tor is the way. I'm casually working on new relay software - it won't log any PII.  Thanks for the links. Great stuff.
Genri 🇨🇺 | 10 months ago (raw) | root | parent | reply | flag 
 I understand your point, but I am referring to not leaving physical evidence that can be used against you. We all have the right to our security and to remain silent. I don't think e-mails are a good example because they are not designed for the use that is given to social networks. I already said it: the only enemy is not the big corporations because a single person, a political party, can be on your trail to use your data against you, and everything that happens in Nostr is public.

It's very nice that users have to think well before posting because it points more to the responsibility of each one and such, ok, but that's not what I'm talking about. I'm talking about an ethical dimension of the right to silence, to really have my data completely at my disposal, because otherwise I really don't see any difference with big tech because at least they do delete your data at customer level. Something has to be done in Nostr and in web3 in general, some technological solution because the philosophical vision is not enough, people want more practical and precise solutions.
M. Dilger | 10 months ago (raw) | root | parent | reply | flag +1 
 There is no technical solution in a decentralized protocol. I think that is provably so. I'm sorry that nostr cannot provide you this "right".
润碧颖 | 10 months ago (raw) | root | parent | reply | flag 
 If anything posted online is impossible to be erased permanently, then it might be a good approach to advice users the true fact(if it is) , so let themselves to decide what kind of content, writings or posts are appropriate. After all, digital social media is not an exemption for “Lethal Bugs”. Responsibility is for everyone, platforms, users, regulators etc, anyone in this ecosystem.