Hi Techlore community!
As in my Bio, I’m a software engineer from Italy but born in Ukraine.
In my daily career I’m your usual corporate software developer consultant building stuff for companies but beyond that I’ve been making and growing my own company(called Arasaka… for the ones who know, I’m the opposite of what the lore says!) with a single web app(PWA) providing many services(both online and offline) all within the same place.
I’m not gonna spam here right away any link to it because I want to have a better feel of this community with good privacy expectations!(which I also do enjoy in my daily life)
And I don’t have many words out that talk about my endeavour yet, so I might sound fishy given the little content/context about it elsewhere.
Least to say I’m disgusted by the usual ways companies build and sell services/apps and with my endeavour I hope to put something on the market that’s novel, useful and most importantly privacy respectful
I took a look at your project. Thanks. Appreciate what you’re doing, and your investment of time and energy … I know some services that I’m affiliated with as a privacy consultant answer some very tough questions, and include them on the FAQ. So I’ll go ahead and ask you one…
A) How can anyone be sure that you won’t gain a critical mass, and sell out or termimate?.. i ask in context that given the pace that players such as Google Microsoft appear to be strategic terminating services, in order to plausibly begin “un-privacy by design” implementation…
It is indeed a hard question and a good one.
First of all, I was burned more than once from Google services being shut down or disrupted with automatic crap happening to my data so I come from a will to don’t do that stuff…
I would rather optimize or limit(only quantities, not features) the services offering rather than going full termination, if that wouldn’t be enough and a termination is inevitable I would put up ways for the people to download all their data, so nothing for everyone else is really lost forever.(I do already provide the downloads of every user made content anyway )
Other than that, from an ethical point of view I will pursue and promote a clear vision and values of the company and the offerings(that will include privacy), and foster a strong company culture about the customer(freemium or not) centric approach.
To provide accountability of our operations and have an unrestricted voice, that can confirm or call bullshit on our claims, I would open a public ambassador role where the people that used the services the most(top 5%) can apply and will join our internal communication channels and meetings at their will.
Overall, given that the services are private in nature and the primary nature of joining a service is through signup or invitation links, no public exposure will be available both to outsiders and insiders(like everyone has it’s own bubble of discussions/perspective-exchanges/tools and only the chosen ones can join and participate) and scaling or gaining critical mass isn’t something that’s gonna be publicly perceivable(other than looking up the, publicly available, website privately-hosted analystics).
Did I answer your criticism or did I made you even more critical?
I think it’s a fine line between wanting to grow community/business/ etc…in a way that enhances privacy respect and transparency and accountability.
I actually think Techlore and what Henry has been doing since 2014 is within the scope of the suggested dynamic I mentioned. Just how it is evolved into what it is today in its current form, imho, is a pretty good example of acknowledging both a persons Free Will consent to do anything anybody wants w/o trampling over personality for the sake of confirmation bias, tunnel vision.
Yet, imho, Techlore fosters an atmosphere where there is a trending evolution towards privacy respect and behavior and having kind of a “privacy lab” to check it out… in such as this forum is imho…
(* which does come with its challenges about trying not to be too censoring and trying not to be too harsh and stipulating on others, when a judgment call is required on guidelines, etc. ) .
Even “top cyber security -not privacy- professionals” can be quite tyrannical & ,autocratic in how they perpetuate the very unfortunate totalitarian slants and dictatorial abuses that are rampant, imho. Much of my work in privacy consulting and affiliating, I frequently call out the security profession. I am more often met with an almost appalling response, by the depriving fear mongering professionals.
in your response on your project… understanding people have free will and even if you convert and win over a high amount of usership , they may not even want to contribute in the level of being an ambassador, etc…
Privacy involves Invasion evolves. good opsec review is always a good thing. evolution is inevitable… which direction will you go… is optional?
I can confirm that many security folks like the fearmongering(consciously or not) and often abuse their security claims/believes/facts.
But I believe that their effort will be limited in general because they, quite often, can’t conceive security AND UX(user experience), where the greatest security costs in complexity of a system and how hard is it to understanding in order to use it; meanwhile the greatest user experience costs in brain dead simplicity and intuition of the use of a system where there’s never a final answer to a UX problem because some people will always find something hard in the systems of others…
Other than that I can see the lack of ambassadors and at that point I could only give firm promises and external security auditions(when I can afford them) perpetuing through time, or you have better answers to such problem?
The direction can always swing if there’s no firm leadership and ownership of responsibility, and I don’t count on swinging in the foreseable future.
I hear you. Another frequent buzzword or Buzz theme you may have already heard in cyber security is “complexity breeds less security”.
I think there’s something to that. For conversations sake, I try to make a distinction between privacy and security.
In other words, I respect the fact that we have the dialogue. We can openly talk about these distinctions. I do think evolution occurs here at the Techlore forum. As we meet with others , like yourself, etc.
I respect your response about giving security auditions and admitting the fact when you are just promising. That is wonderful integrity and transparency, in my UX desire. My estimations, is that personal Integrity is actually going to be an increased aspect of what the trust restoration process may look like for privacy and security in the future.
The "try before you buy " security auditiin sounds novel and inviting. Cool idea. If one isn’t onboard w/ you, no harm no foul, type of thing.
On a little bit of a digression, I do think human trust of intent, is an inevitable consequential vulnerability that’s going to have to be mutually accepted for any two people to be successful in a long term committed interest.
At least that’s just something that I see. Imho, at the heart of most of the bad security or privacy Invasion : has been a few human beings who aquired custody of that data . They did the betraying. Data is neutral. People do the trespassing. So at some point privacy or lack there of, is almost a matter of human will, human consent.
Which I’m kind of noticing is more pronounced theme about human will and ethics being discussed around “highly adept cybersecurity professionals” who have big fancy words like cryptography and etc etc around their name
