Amazon to take Parler offline, the third tech giant to deplatform the rising social app in days

submitted by Drewski from (reclaimthenet.org)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]tabesadff 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (13 children)

I mean, you're asking me to prove a negative. How does ANYONE who hosts an ordinary website KNOW that they aren't also hosting CP? TLAs can hack into pretty much anything they want, including ordinary web servers, or whatever device you use, hell, how do YOU know that CP hasn't been planted on your device by the CIA? Also, if they can hack into your email account (not really an "if", they can do that easily), they can use it to send CP to others, so now you're distributing it too! The only assurances that any of us have is that TLAs do have limited resources, so they can't go after EVERYONE, and we're not really interesting enough for the CIA to even bother, and even if we were, and never used ZeroNet even once, they have PLENTY of other tools at their disposal. Fuck, they can even hack into someone's car and assassinate them by causing it to crash. Staying off of ZeroNet isn't going to protect you from TLAs if they're after you, but it will ensure that you're only getting info from websites that these TLAs are allowing to stay up on the normal web.

The only way an ordinary person would reasonably have to worry about unknowingly hosting CP is if they go to a zite that allows images to be uploaded by anyone, and where there's no moderation taking place, and that isn't making use of optional files. So in other words, don't go to places like 8chan, and maybe be cautious of clicking random links from people who you don't trust. Same applies to the normal web too! To me, it really seems a lot of these arguments are basically no different from saying "there's some bad websites on the web, so therefore, stay off the entire web".

[–]bobbobbybob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (12 children)

I mean, you're asking me to prove a negative.

Not really. I know that I'm not HOSTING CP, as I don't host any websites. There may be CP on my computer if a TLA has put it there, but that requires a pretty active attack, and does not result in further sharing. Of course, if you invent ever more complex scenarios, it could be that my computer is running web hosting via some obfuscated method that bypasses my local and network firewalls, doesn't show up in my task manager or registry and evades various anti-malware and anti-viral protections, but now we are getting into silly territory.

If I used zeronet, I'd have no idea what i was hosting, and any compromised website out of thousands may have resulted in my machined downloading and then sharing CP without my knowledge or consent. Of course, I'd be responsible, because I would have fucked myself by installing zeronet in the first place, and enabled all the image downloading and sharing protocols.

What I was doing was highlighting the difference in attack surfaces, and the risk profile. Since this is so obvious, it seems to me that zeronet is being deliberately unsafe in not allowing fine control over the site download and sharing settings.

If you were honest with yourself, you'd recognise this increased risk and perhaps share concerns, instead of fanboying it.

Unless you glow....

[–]tabesadff 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (11 children)

Of course, if you invent ever more complex scenarios, it could be that my computer is running web hosting via some obfuscated method that bypasses my local and network firewalls, doesn't show up in my task manager or registry and evades various anti-malware and anti-viral protections, but now we are getting into silly territory.

You're the one who brought up TLA-related scenarios, not me, and I agree, it is in silly territory, which was the entire point I was making.

If I used zeronet, I'd have no idea what i was hosting

You can easily look at every file that ZeroNet downloads by looking in the data directory, it's not that hard, just like you can look at any data that gets downloaded when you visit a normal site, and you can even configure ZeroNet to block certain sites, you can easily delete all the data from any site you visit, etc. You're also not hosting anything unless you're actually running ZeroNet, and again, the risk you're talking about would only be applicable in instances where you visit a site that ALLOWS CP and doesn't use optional files for images with a "click to view" system. All of the criticisms you're making are maybe applicable to certain, specific sites on ZeroNet, but are definitely not representative of the entire thing.

If you were honest with yourself, you'd recognise this increased risk and perhaps share concerns, instead of fanboying it.

You're free to make whatever criticisms of ZeroNet you want, I just think they should accurate. I even have some criticisms of it myself, I think there are still too many single points of failure that need to be addressed (for example, there's not really any major forks of the code base, and there's also not very many authentication services). I even agree that with certain, specific sites on there, namely, ones that ALLOW CP, there IS a potential problem of hosting it if you visit those sites that ALLOW CP. My point though is that that is a criticism against those sites, not against ZeroNet as a whole, and there's ample moderation tools available that make it so that not every site on there is condemned to becoming a CP haven that forces you to host it in the way you're making it out to be. It all depends on the site owner and what they allow, and ZeroNet doesn't force you to visit or host any sites that allow CP, though it is possible maybe someone could trick you into going to one (a risk I don't think is very likely in the first place, and even less likely if you're taking precautions). It's clear to me that you haven't done much research into how ZeroNet actually works, because if you had, you'd realize it's just like any other p2p network where sure, some content on it may be illegal, and sure, maybe someone could trick you into seeding that illegal content for some amount of time, but as long as you're being careful, that's not going to be a particularly likely risk. If you're willing to accept the risks of something like torrenting, there isn't really much that's fundamentally different with the risks of that and the potential risks of ZeroNet. It seems to me you're just hyping up a lot of FUD.

[–]bobbobbybob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (10 children)

there IS a potential problem of hosting it if you visit those sites that ALLOW CP.

I don't think you really understand the issue at all.

It's clear to me that you haven't done much research into how ZeroNet actually works,

i think that I stopped using it long before you started.

you'd realize it's just like any other p2p network where sure, some content on it may be illegal, and sure, maybe someone could trick you into seeding that illegal content for some amount of time, but as long as you're being careful, that's not going to be a particularly likely risk.

See, this is the bit where I did my due diligence. And where i ran into the issue that is the lack of control of downloading / seeding .

. If you're willing to accept the risks of something like torrenting, there isn't really much that's fundamentally different with the risks of that and the potential risks of ZeroNet.

Absolutely not the same at all. With a torrent, all files in that torrent can be inspected before downloading. Tell me, how many zeronet imageboards have you used? How many times have you looked at the image folder of a website before browsing the front page?

It seems to me you're just hyping up a lot of FUD.

Seems to me you are whitewashing an issue that has turned a lot of people off zeronet. Maybe do a bit of searching with the terms "zeronet" and "CP" to see that the problem has been around a long time and nothing has been done to allow users to mitigate the issue

[–]tabesadff 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (9 children)

I don't think you really understand the issue at all.

I understand the issue, I just don't think it's fair to characterize it as being something that's entirely unavoidable, or that it's so much a problem with ZeroNet as it is with those specific sites on there (though I do agree, ZeroNet could do better in terms of making it easier to have more control over seeding, and as I've said previously, I'd like to see more forks of it). There are ways to use ZeroNet without having much of a risk of that problem, but yes, with any technology, there are risks from bad actors that you need to worry about, and you need to exercise caution when using it.

See, this is the bit where I did my due diligence. And where i ran into the issue that is the lack of control of downloading / seeding .

But you're saying things like "Zeronet auto downloads whole sites", and that's not true, there are optional files which make it so you don't need to download a whole site. You also said "If I used zeronet, I'd have no idea what i was hosting", but it's definitely possible (in fact, even easy) to know what you're hosting, you can see every file that ZeroNet saves on your computer. Please forgive me, but those kinds of statements make me think that you haven't actually looked into these things.

Absolutely not the same at all. With a torrent, all files in that torrent can be inspected before downloading. Tell me, how many zeronet imageboards have you used? How many times have you looked at the image folder of a website before browsing the front page?

With any kind of file that you want to inspect from the Internet, you're going to need to download it before you can inspect its content, how do you think it works otherwise? Also, not every site on there is an imageboard, I personally avoid them since, yeah, I don't really have an interest in going to any sites where there's a potential risk of running into CP. Again, that is a problem with those specific sites on there, not with ZeroNet as a whole, and site owners have plenty of options when it comes to preventing CP on their sites, so it's not an inevitable outcome. I think that might help explain why we have such different views since we probably have very different use cases for ZeroNet.

Seems to me you are whitewashing an issue that has turned a lot of people off zeronet. Maybe do a bit of searching with the terms "zeronet" and "CP" to see that the problem has been around a long time and nothing has been done to allow users to mitigate the issue

I'm aware of all the FUD out there, and I'm not saying there is zero danger of that kind of thing at all if you go to certain sites on there (all good FUD has a kernel of truth), all I'm saying is that it is only a problem if you visit sites that allow CP, other than that, the fears about that are highly exaggerated. The solution is to only visit sites that you trust, just as is good practice on the normal web.

[–]bobbobbybob 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (8 children)

(though I do agree, ZeroNet could do better in terms of making it easier to have more control over seeding

yes

there are optional files which make it so you don't need to download a whole site.

expand on this in detail, to prove your argument

I personally avoid them since, yeah, I don't really have an interest in going to any sites where there's a potential risk of running into CP

so you accept that your use of zeronet is heavily limited?

we probably have very different use cases for ZeroNet.

And there is the crux of the debate. Unless you are very much aware of exactly what zeronet does, the safety of zeronet is not assured, neither is the anonymity. SO not a safe replacement system for chan, twitter and facebook style sites AT ALL

and I'm not saying there is zero danger of that kind of thing at all if you go to certain sites on there

The real question is: which sites? does anyone really know?

The solution is to only visit sites that you trust

and how do you learn that trust?

just as is good practice on the normal web.

nope, not an equivalence there, at all. Zeronet is fundamentally a sharing service, not a browsing one. Whole different legal game there.

[–]tabesadff 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (7 children)

expand on this in detail, to prove your argument

An optional file is a file which isn't downloaded unless it is requested by a user. For example, any site owner can design their site so that images on their site are "click to view", so a user will only download an image if they click to view it. It also means that users can choose to delete (and therefore not seed) a single optional file without needing to delete (and therefore not seed) the entire site. I think it would be better to allow more user-control, and make it so any file can be removed as though it were an optional file without relying on a site owner to mark it as such (I suppose you could still do that just through the normal file system, but as far as I'm aware, not through ZeroNet's GUI), but there is always at least the coarse grain option of deleting an entire site to stop seeding it.

so you accept that your use of zeronet is heavily limited?

Sure, just as I accept that my use of the regular web is heavily limited. In both cases, I only use about 6 or 7 sites, and don't have any interest in going anywhere that's likely going to have CP on it. The main use case I have for ZeroNet is that it's one (of several) ways I use to get around Big Tech's censorship of political speech, and for that purpose, I think it is an excellent tool. Maybe it doesn't fully replace the normal web for me, I still am on here after all, but it is something I see as being useful nonetheless.

Unless you are very much aware of exactly what zeronet does, the safety of zeronet is not assured, neither is the anonymity.

Nor is it for the normal web, especially when you venture outside of the 4 or 5 sites that everyone else is on, and for anonymity, there is zero anonymity on the normal web unless you're using something like Tor, and even then, your anonymity can still be compromised, all it does is make it more difficult for that to happen.

SO not a safe replacement system for chan, twitter and facebook style sites AT ALL

Why do you think people are safe from accidentally downloading CP on Facebook or Twitter? It's probably not because nobody has ever uploaded CP to those platforms, it's much more likely because those platforms moderate the content that is allowed on them. ZeroNet allows sites to be moderated as well, just many site owners on there CHOOSE not to moderate them, and further, if someone were trying to create something like Twitter or Facebook on ZeroNet, it can be made so that the only content users see by default is from people who they follow, and that way, as long as you're not following a pedo, you would have nothing to worry about in that case even if there was no moderation taking place.

The real question is: which sites? does anyone really know?

So for one thing, sites such as ZeroTalk that don't allow images are obviously going to be pretty safe from CP since they're just text based. Also, there's some blogs on there that I read where only the site owner is able to upload images/videos, and these are people I trust to not upload CP to their own blogs. As of now, there's sadly not very many sites that I'm aware of which both allow user uploaded media content and also are committed to moderation of the site to make sure that things like CP don't get uploaded to them, but again, that's not really so much a problem with ZeroNet's design as it is a problem of that not being something that it really has much of yet, and I'm sure that would change quickly if it had more normal people on it.

and how do you learn that trust?

I mean, that's going to be something that's going to have a different answer depending on who you ask since a thing like trust is extremely subjective. If, say a trusted friend told me about a site they recommend, I think it likely wouldn't be a problem to visit it, but if I see a link some stranger posted (even on the normal web), I at least would try to do some research about it before I would consider visiting it, and if I can't find any info, or the info I found indicates it might have something I don't want to see, I just won't visit it. For example, I know to avoid 8chan despite having never visited it just because I've easily been able to find information about it online that indicates it's not a place I would want to go.

nope, not an equivalence there, at all. Zeronet is fundamentally a sharing service, not a browsing one. Whole different legal game there.

So IF you are on a site that allows CP AND that site doesn't make use of a "click to view" system with optional files, then sure, you would be at risk of potentially facing more legal consequences by seeding it than what you would for just merely downloading it, but it's also not like downloading CP on the normal web is exactly free of legal risks either. I don't think that the fact that someone can face significant legal risks for unintentionally viewing CP on the normal web is something that's the fault of the web so much as it is with the specific sites that don't take any measures (such as moderating content) to prevent CP from being on them. With that said, I agree that ZeroNet should give more control over seeding to its users, not because I think these "you could unknowingly seed CP" scenarios are particularly likely or unavoidable (maybe we can agree to disagree? seems like it might depend on specific use cases?), but because for one thing, it would do a lot to at least combat the perception of that being an issue, which would give more people peace of mind while using it, and for another thing, I'm always in support of software that puts more control in the hands of its users.

[–]bobbobbybob 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (6 children)

I think it would be better to allow more user-control

I agree. This is the crux, and we agree on it. Lack of user control of file downloads is the main weakness of zeronet and makes it unsafe to use

I only use about 6 or 7 sites

Wow. OK, this conversation is nearly over. I visit hundreds of sites a week. But then I was born long before google, when the intenet really was a lot of people's machines joined together, and we hosted out own websites, and that anarchic joy has stayed with me.

especially when you venture outside of the 4 or 5 sites that everyone else is on

We've established that your use case is wildly limited. You are the perfect consumer, so why you think you have the right to even speak on zeronet safety to anyone who actually uses the internet is beyond me

Why do you think people are safe from accidentally downloading CP on Facebook or Twitter?

Because the entirety of facebook and twitter are not downloaded to my computer regardless of whether or not I actually interact with the files. If I do not visit <profile X>, the associated files are not on my computer. Its quite a simple concept

The real question is: which sites? does anyone really know?

question not answered. Can you go back and read what you write as if you are a third person, and tell me if any of your arguments are convincing or even complete

I at least would try to do some research about it

How? that's a very nebulous response, and We both know the answer to "and how do you learn that trust?" is is "I don't know".

So IF you are on a site that allows CP

Yet again, you show that you don't understand the problem. /u/d3rr care to help on this one?

it would do a lot to at least combat the perception of that being an issue

I don't give a stuff about perception. what matters is the reality. You keep making apples vs oranges comparisons to try and make your point, but the truth is, I can visit a normal website that contains, without my knowledge, CP content posted by someone. If I do not look at the content, it is not on my computer, or, with prefetching, at the most it is in volatile cache and gone with the session. With zeronet, if i visit the same site, I become a CP distributer and continue to share it long after I've left.

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

My armchair non ZN user take: Your point is fair that there's risk here, if you browse anything other than the known 7 safe sites. There is a list of starter ZN sites somewhere.

But, how risky is the risk?

With zeronet, if i visit the same site, I become a CP distributer and continue to share it long after I've left.

Can you show me where the entire ZN site that you visit is downloaded and seeded? I thought it was page by page or url by url. What if there is a 10GB of data site on there, that'd be a crazy huge download.

Good discussion guys, you are Generation Next.

[–]bobbobbybob 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (1 child)

Can you show me where the entire ZN site that you visit is downloaded and seeded?

https://zeronet.io/docs/faq/#what-happens-when-i-access-a-site

to quote:

Initially, a file named content.json is downloaded, which holds all other filenames, hashes and the site owner's cryptographic signature.

The downloaded content.json file is verified using the site's address and the site owner's signature from the file.

Other files (html, css, js...) are then downloaded and verified using their size and SHA512 hash from content.json.

Each visited site then becomes also served by you.

So, in order to make sure there is nothing shitty you ahve to examine content.json

With social sites that host user content, like image boards, chat rooms, etc, that content.json is dynamically updated, or contains sweeping includes.

https://zeronet.io/docs/site_development/content_json/

It really isn't designed with user security in mind, more from the angle of keeping websites up and defeating censorship.

but using the blockchain with user generated content....

https://www.bbc.com/news/technology-47130268

Forum Advice:

Many ZeroNet users are highly concerned about child pornography and the possibility of unknowingly hosting it on their computers, due to the way ZeroNet functions. One solution to this problem--and this is the approach that I have taken over the last six months--is to not go to zites on which individual users are allowed to post pictures or videos. If you never visit a zite, your computer will not host its content. Period. That means avoiding zites like 0Chan and ZeroMe.

lol. Just don't go to any sites that host images well, fuck me, might as well use a text browser in the first place.

I should also mention that there are various zites containing lists of malicious zites. A zite called "ZeroNet Moderated Directory" was just created this month to provide links to zites that have been screened for content. Right now, the list is small, and the owner of the zite has not made much of an effort to explain the criteria that he uses to screen zites. All he has said is, "All submissions will be checked to ensure they are operating and contain content, We WILL NOT list Sites with no content, Test sites, Hate sites, CP sites or any Cruelty to animal sites." The ZeroNet Moderated Directory can be found on ZeroNet here: http://127.0.0.1:43110/18QPAtqyoxriNcNAi4mkCHyoLENwTEbFyw/Directory.html .

so back in 2019, there were already a lot of sites you didn't want to go near.

Zero-net is an answer, but i'm not sure what the question is.

[–]tabesadff 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Wow. OK, this conversation is nearly over. I visit hundreds of sites a week. But then I was born long before google, when the intenet really was a lot of people's machines joined together, and we hosted out own websites, and that anarchic joy has stayed with me.

We've established that your use case is wildly limited. You are the perfect consumer, so why you think you have the right to even speak on zeronet safety to anyone who actually uses the internet is beyond me

Alright, good for you if you that's what you do, but you realize you are in a very small minority of Internet users out there, right? I was also somewhat exaggerating, obviously I use more websites than that, but it's not like I feel the need to go clicking on every random link that people post on the Internet since that's obviously risky, and I do at least like to check out additional information about sites before I visit them, especially if they're ones I didn't learn about from someone who I trust, and if I can't find any info about it, or I find out bad things about it, I don't visit it, and frankly, I don't feel like I'm missing out on very much by not seeing the "thoughtful" political discussions that are happening on 8chan...

Because the entirety of facebook and twitter are not downloaded to my computer regardless of whether or not I actually interact with the files. If I do not visit <profile X>, the associated files are not on my computer. Its quite a simple concept

OH MY GOD! It is like you are INTENTIONALLY ignoring everything I've said about optional files. Sites on ZeroNet which force people to download the whole thing are SHITTY SITES that aren't designed very well (even from just a performance perspective, it's a bad idea). That's a problem with THOSE SITES. It is entirely possible to design sites on ZeroNet which don't force people to download content that they don't request. Why do I keep explaining this most basic fact over and over again when you refuse to understand it? You should probably do a little bit of research on optional files before so confidently claiming that it would be impossible to create a Facebook or Twitter-like service on ZeroNet which doesn't download content that's not requested by the user!

question not answered. Can you go back and read what you write as if you are a third person, and tell me if any of your arguments are convincing or even complete

How? that's a very nebulous response, and We both know the answer to "and how do you learn that trust?" is is "I don't know".

Okay, how do YOU trust that any normal website won't have CP on it? If you go to as many websites as you claim to, then surely you must be an expert on this! There's nothing about the design of the Web itself that prevents CP from showing up on websites any more than there is for ZeroNet, so why isn't it very likely for the average web user to run into CP on a daily basis? The answer is with the websites themselves, every website I use has a TOS and engages in moderation of user generated content that violates that TOS. Is it perfect? No, there's always a risk someone could upload CP to one of those websites, but it's not something I live in constant fear over because the risk is very minimal when active moderation is taking place, something that's completely possible to also do on ZeroNet, but there are some shitty websites on there that CHOOSE NOT TO, and some of those shitty sites also CHOOSE not to make use of optional files. So AVOID those kinds of sites, which is something most people would want to avoid on the normal web too!

I don't give a stuff about perception. what matters is the reality. You keep making apples vs oranges comparisons to try and make your point, but the truth is, I can visit a normal website that contains, without my knowledge, CP content posted by someone.

Firstly, all of what you're talking about is entirely conditioned on the premises that 1) you visited a site that has CP on it and 2) the site's design was shitty enough to not make use of optional files, and in that specific situation, which I don't think is very likely for someone to encounter unless they're either seeking it out or are extremely careless about the links they click on, but sure, in that specific situation, there's an increased legal risk when compared to the normal web. Why I'm saying it's more about perception is because I think the likelihood of an average Internet user who doesn't just go around clicking on every damn link they see running into CP is pretty low, and the fear of it is pretty exaggerated. It's just like with terrorism, is it a real threat? Absolutely! Is it a really bad thing if you are a victim of it? Yes! Does going outside increase your risk of dying in a terrorist attack? Sure! Should we be living in constant fear of terrorism to the point where we're afraid to go outside? I don't think so, and I think the threat of it is extremely exaggerated.

If I do not look at the content, it is not on my computer, or, with prefetching, at the most it is in volatile cache and gone with the session.

Not exactly true, ordinary websites are also fully capable of forcing you to download images that you never see (not even talking about pre-fetching, you can make a site with images that take up zero pixels, and site visitors will still download the whole image without being aware of it, and if you think that's a terrible way to design a website, I AGREE, in fact, that's one of the major points I'm making!), and also if you're talking about things that are stored in browser caches, those are saved on disk, so it's not exactly that volatile.

With zeronet, if i visit the same site, I become a CP distributer and continue to share it long after I've left.

You're only seeding while ZeroNet is running, and you can also delete all the files ZeroNet stores on your computer, which will automatically make it so they're not seeding (you can't seed content you don't have). The files that ZeroNet stores aren't magic, unremovable files, they're just like any other file. Now, ZeroNet's GUI could be improved to make it so users have more options available about which content to seed and it should also allow users to delete non-optional files from a site on a per-file basis instead of a per-site basis, but nonetheless, there is a course grain option of deleting a whole site if you don't want to be seeding it.

[–]bobbobbybob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Why do I keep explaining this most basic fact over and over again when you refuse to understand it?

You are not listening. As a user, I want to chose what I download. I don't want to leave it to the site creators. If I cannot control it myself, then that means I have to inspect every single fucking site to make sure it is ok. That's the issue, that's the problem. You even acknowledge it is a problem. Stop pretending that it isn't. And stop with the "but everything is a risk, so this larger risk is just the same" bullshit.

ZeroNet's GUI could be improved to make it so users have more options available about which content to seed and it should also allow users to delete non-optional files from a site on a per-file basis instead of a per-site basis,

yes. this is the entirety of it. Zeronet could be improved, but it hasn't been. Until it is, it is a far greater risk than normal browsing, so it can fuck off. Just like whitewashing simps like yourself should. We agree on the core issue, you just pretend that it isn't a problem, whereas I've had a lot more experience and recognise that issues like this can become very expensive in the long run. In the corporate world you don't hand-wave away security risks, you spend money and time on fixing them