Özgür Yazılım Derneği web sitesi
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
oyd-web/public/en/categories/freedom/index.xml

156 lines
35 KiB

<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>freedom on Free Software Association in Turkey</title>
<link>https://www.oyd.org.tr/en/categories/freedom/</link>
<description>Recent content in freedom on Free Software Association in Turkey</description>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Wed, 04 Mar 2020 11:06:00 +0300</lastBuildDate>
<atom:link href="https://www.oyd.org.tr/en/categories/freedom/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>The defense of GnuPG</title>
<link>https://www.oyd.org.tr/en/yazilar/2020/03/the-defense-of-gnupg/</link>
<pubDate>Wed, 04 Mar 2020 11:06:00 +0300</pubDate>
<guid>https://www.oyd.org.tr/en/yazilar/2020/03/the-defense-of-gnupg/</guid>
<description>&lt;p&gt;For several years, there has been an uprasing agains GPG. Every now and then someone writes up a blog post and condemn OpenPG and it&amp;rsquo;s implementations for being too hard to use or too easy to mess up. The GPG side is mostly silent&amp;hellip; So, this article is in defence of GPG.&lt;/p&gt;
&lt;p&gt;Main points made against GPG can be listed like this:&lt;/p&gt;
&lt;ol start=&#34;0&#34;&gt;
&lt;li&gt;GPG is too complicated for &amp;ldquo;normal&amp;rdquo; users&lt;/li&gt;
&lt;li&gt;Because GPG is too complicated it&amp;rsquo;s userbase is minuscule&lt;/li&gt;
&lt;li&gt;Email is inherently impossible to secure so don&amp;rsquo;t even bother encrypting it, just abandon GPG&lt;/li&gt;
&lt;li&gt;Nobody bothers to read emails for &amp;ldquo;normal&amp;rdquo; people so don&amp;rsquo;t encrypt&lt;/li&gt;
&lt;li&gt;TLS has done much more for email security than GPG&lt;/li&gt;
&lt;li&gt;GPG is error prone and security wise it is dangerous for people to use it when actual security is needed.&lt;/li&gt;
&lt;li&gt;For various reasons, only cryptonerds use it and take pride on GPG, so it is lame&lt;/li&gt;
&lt;li&gt;GPG&amp;rsquo;s trust model (web of trust) is broken and only cryptonerds are keeping it alive&lt;/li&gt;
&lt;li&gt;GPG is old&lt;/li&gt;
&lt;li&gt;There are better [insert anything involving app like crypto tools] why bother with GPG&lt;/li&gt;
&lt;li&gt;GPG crypto has [Insert any long term RSA based cryptography&amp;rsquo;s short comings and trust problems] why not use modern crypto&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;During these discussion, these point are mostly assumed to be true;&lt;/p&gt;
&lt;ol start=&#34;0&#34;&gt;
&lt;li&gt;People are stupid and lazy so are the users of encryption tools,&lt;/li&gt;
&lt;li&gt;Since users are stupid and lazy tools should be designed keeping that in mind,&lt;/li&gt;
&lt;li&gt;Designing for stupid and lazy requires stripping people from anything than needed(i.e freedom),&lt;/li&gt;
&lt;li&gt;If security is not absolute it is worthless&lt;/li&gt;
&lt;li&gt;If privacy is not absolute, anonymity is worthless&lt;/li&gt;
&lt;li&gt;If your adversary cannot compromise x of your security then there is no need for GPG even for privacy&lt;/li&gt;
&lt;/ol&gt;
&lt;h2 id=&#34;whats-the-problem&#34;&gt;What&amp;rsquo;s The Problem&lt;/h2&gt;
&lt;p&gt;We name periods of human history by their defining property. That property is mainly what drives human society and culture at that current age. The iron age was shaped by the superiority of iron as a material for weapons and agricultural tools. Today&amp;rsquo;s digitally shaped age is called &lt;a href=&#34;https://www.schneier.com/essays/archives/2012/11/when_it_comes_to_sec.html&#34;&gt;digital feudalism&lt;/a&gt; and it governs our lives. Just like regular feudalism the source of society is controlled by few and generated by many and the feudal lords of ours claim their right to their thrones through their infrastructure.&lt;/p&gt;
&lt;p&gt;We as users are fueling the rise of the digital technologies but handful of companies are controlling and profiting from it. Just like peasants of the middle ages, you are seen as basic people who cannot understand the complex life that only a few selected elites can. It is what you are asusmed to be: simple people who wants simple things, like &amp;ldquo;apps&amp;rdquo; that will give you what you assumed you need and nothing more. It is the same old condescending view of serfs, now given to you by companies, ignorant and arrogant developers and overall by capitalism.&lt;/p&gt;
&lt;p&gt;Today saying &amp;ldquo;what do I understand about computers&amp;rdquo; is equivalent to saying &amp;ldquo;I don&amp;rsquo;t know how to light a fire&amp;rdquo; in stone age! Just because someone might be feeding you back in those days does not mean that you could survive on your own. The same applies to current digital age. Just because someone is doing &lt;strong&gt;stuff&lt;/strong&gt; for you does not ensure your digital survival. There was no easy way to light a fire back then and there will be no &amp;ldquo;press this button&amp;rdquo; easy way to take back the power in the digital age. Whoever claims people &lt;strong&gt;want&lt;/strong&gt; or &lt;strong&gt;need&lt;/strong&gt; only simple stupid apps and whoever denies the fact that we are living in digital feudalism are building a dystopian future where few elite unprecedentedly controls the future. Self determination is never given by anyone but can only be taken by everyone!&lt;/p&gt;
&lt;p&gt;This ideology that &amp;ldquo;people are stupid&amp;rdquo; and &amp;ldquo;people want easy(read: stupid)&amp;rdquo; things dominates today’s end user software development. Good UX does not equal simple. The real meaning in these expressions is; &amp;ldquo;you are too stupid to take responsibility for your self and to understand what&amp;rsquo;s going on, so we as technological elites will take care of you&amp;rdquo;. This is what&amp;rsquo;s the base of almost all GPG related criticism. GPG is too hard for people!&lt;/p&gt;
&lt;p&gt;PGP, the preceder of GPG, was conceived in 1991 and this era was shaped by hackers. Not the hackers that main stream media shows in black hoods and authorities around the world paint as people with no moral boundaries. Hackers are the people who playfully expanded what is available to what is possible. This attitude brought general public; personal computers, GNU/Linux operating system that are now powering almost every backbone in the world, 3D printers etc. PGP was shaped by the empowerment of that era, not the &amp;ldquo;there is an app for that&amp;rdquo; era of today which is shaped by multi-billion dollar cooperation built upon the cultural and technological accumulation of hackers.&lt;/p&gt;
&lt;p&gt;That brings us to the point: GPG is hard for people, but so was the general purpose computers around 20 years ago. Everything requires individual dedication and determination to learn and maintain. What happened with computers is that some people capitalised on the opportunity, poured money into devices and after hundred hours of R&amp;amp;D those computers became &amp;ldquo;easy&amp;rdquo;. The outcome of that process was a loss of the right to fix, more enclosed and restricted user environments and computers that works against us! So those who invested in computers can profit for their investment.&lt;/p&gt;
&lt;p&gt;The same problem exists for encryption. There was no real incentive for capitalists to invest in publicly accessible encryption. Solid encryption would make data impossible for only the user own and this would be counter intuitive to the interest of capitalism. But today there is an incentive: people are afraid of what our digital world has become. They are afraid of their &lt;a href=&#34;https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)&#34;&gt;government&amp;rsquo;s abuse of power&lt;/a&gt;, they are afraid of &lt;a href=&#34;https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold&#34;&gt;companies taking advantage of their lives&lt;/a&gt;, they are afraid that their &lt;a href=&#34;https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal&#34;&gt;involment in democracy will be lost&lt;/a&gt;. People are afraid and there is no better time to sell something. That&amp;rsquo;s why Apple is now selling &lt;a href=&#34;https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute&#34;&gt;privacy as a product&lt;/a&gt; and that is why every communication service regardless their privacy invasive tendencies are &lt;a href=&#34;https://faq.whatsapp.com/en/android/28030015/&#34;&gt;promoting encryption&lt;/a&gt;. What is missing is that people are still an object in this case. Whoever holds the key holds the future and there is no alternative to GPG that gives the user the best self determination!&lt;/p&gt;
&lt;p&gt;So, how is GPG doing while the craze to own the next killer encryption app continiue? &lt;a href=&#34;https://en.wikipedia.org/wiki/Werner_Koch&#34;&gt;&lt;strong&gt;Werner Koch&lt;/strong&gt;&lt;/a&gt;, is the single person maintaining GPG. He was almost about to give up on GPG for &lt;a href=&#34;https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke&#34;&gt;economic reasons&lt;/a&gt; when the &lt;a href=&#34;https://en.wikipedia.org/wiki/Edward_Snowden&#34;&gt;Snowden incident&lt;/a&gt; has chanced his decision. The world&amp;rsquo;s whole server infrastructure and personal freedom rests on his shoulder and he had to ask for help. It is a huge difference in investment/impact ratio when compared to every other encryption tool. GPG exist by determination and not throguh capital pressurae.&lt;/p&gt;
&lt;p&gt;In every &amp;ldquo;GPG is dead&amp;rdquo; cry almost always includes some &lt;strong&gt;killer&lt;/strong&gt; new technology that makes more &lt;strong&gt;sense&lt;/strong&gt; than GPG. Let&amp;rsquo;s talk about them for a while.&lt;/p&gt;
&lt;h2 id=&#34;signal&#34;&gt;Signal&lt;/h2&gt;
&lt;p&gt;A big hit in secure instant messaging. Signal is build upon proprietary software Textsecure and RedPhone that had been once developed by Merlinspike and his co-founder Stuart Anderson. Signal Protocol utilizing &lt;a href=&#34;https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm&#34;&gt;double ratchet&lt;/a&gt; encryption is a game changer for modern connectivity and implemented in several applications. Signal applications and server code is free software but [their developers and business model is not](oyd signal yazısı bağlantısı). It is &lt;a href=&#34;#https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/&#34;&gt;yet another walled garden with no federation&lt;/a&gt; and &lt;a href=&#34;https://moxie.org/blog/gpg-and-me/&#34;&gt;claiming GPG is dead&lt;/a&gt;.&lt;/p&gt;
&lt;h2 id=&#34;matrix-protocol&#34;&gt;Matrix Protocol&lt;/h2&gt;
&lt;p&gt;&lt;a href=&#34;https://en.wikipedia.org/wiki/Matrix_(protocol)&#34;&gt;Matrix protocol&lt;/a&gt; is an open standard for general communication needs. Like &lt;a href=&#34;https://en.wikipedia.org/wiki/Xmpp&#34;&gt;XMPP -Extensible Messaging and Presence Protocol-&lt;/a&gt; it is designed to be implemented widely and serve various modern needs of communication. End-to-end encryption is falling behind and there are still implementation problems but if everything goes well Matrix Protocol could be a modern free future. The only problem is Martix Protocol is that still an instant communication system and the cryptography behind it is specialized only for that purpose.&lt;/p&gt;
&lt;p&gt;##[Insert Any App or Protocol]&lt;/p&gt;
&lt;p&gt;Almost all have some of these short comings:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Walled Gardens do not allow federation&lt;/li&gt;
&lt;li&gt;Non-free dependencies&lt;/li&gt;
&lt;li&gt;Single purpose&lt;/li&gt;
&lt;li&gt;Symmetrical communication while e-mail being asymmetrical&lt;/li&gt;
&lt;li&gt;Opaque key generation and management&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Modern messaging softwares do have merits that are desirable such as &lt;a href=&#34;https://en.wikipedia.org/wiki/Forward_secrecy&#34;&gt;forward secrecy&lt;/a&gt;, &lt;a href=&#34;https://en.wikipedia.org/wiki/Elliptic_curve_cryptography&#34;&gt;recent algorithms with shorter keys&lt;/a&gt;(read: not necessarily more secure) and more frictionless key management(which heavily depends on central key servers and personal data). All these merits are to some degree are desireable for GPG too but these tools different design requirements than GPG. GPG can and will become better at most points. When the case is of single person against a multi-billion dollar industry, this should not count as a fair trial.&lt;/p&gt;
&lt;p&gt;What GPG is offering in exchange is &lt;strong&gt;freedom&lt;/strong&gt;, not just another &amp;ldquo;app&amp;rdquo; that walls its users in and here is why&amp;hellip;:&lt;/p&gt;
&lt;h2 id=&#34;gpg-giving-you-the-total-control-of-your-key-and-identity&#34;&gt;GPG giving you the TOTAL control of your key and identity&lt;/h2&gt;
&lt;p&gt;This primary point is so important, the rest seems moot. GPG is the most liberating piece of software EVER. What GPG is capable of and how it is implemented is almost always secondary to the fact that &lt;strong&gt;you&lt;/strong&gt; as the user in need of cryptography &lt;strong&gt;control&lt;/strong&gt; the key. You can export it, expand it, change it, renew it, &lt;a href=&#34;https://github.com/intra2net/paperbackup&#34;&gt;print it on paper&lt;/a&gt;, revoke it. The fact that you own and control your key actually makes it possible for you to build your identity around that key. This is almost like being your own certificate authority and issuing your certificates as you please.&lt;/p&gt;
&lt;p&gt;This comes with the trust problem of cryptopgraphy. If anyone can generate a key with any metadata, then who is deciding on a particular key belong to an individual. The answer is &lt;strong&gt;no one&lt;/strong&gt; and &lt;strong&gt;everyone&lt;/strong&gt;. &lt;a href=&#34;https://en.wikipedia.org/wiki/Web_of_trust&#34;&gt;Web of trust&lt;/a&gt; is an answer to this question for most part. You basically sign keys for people who you know and the people who trust you trusts your friends.&lt;/p&gt;
&lt;p&gt;This implementation is &lt;a href=&#34;https://web.archive.org/web/20131009142806/https://www.rubygems-openpgp-ca.org/blog/theres-trust-and-then-theres-trust-and-then-theres-trust.html&#34;&gt;considered broken&lt;/a&gt; by a lot of people and there is a natural down side of making your social network public. That being said building trust around a key is not easy and nothing is easy if you want to be in charge. &lt;a href=&#34;https://keybase.io&#34;&gt;Keybase&lt;/a&gt; is building a suplemental key trust model by social media accounts and devices, &lt;a href=&#34;https://keys.openpgp.org/about&#34;&gt;Openpgp keyservers&lt;/a&gt; implement stricter rules for key acceptance but it is not open to federation.&lt;/p&gt;
&lt;p&gt;Most people thinks a company or a government should be in charge of the identity of people but that &lt;a href=&#34;https://nakedsecurity.sophos.com/2013/01/08/the-turktrust-ssl-certificate-fiasco-what-happened-and-what-happens-next/&#34;&gt;maliciously failed&lt;/a&gt; many times and cannot be considered an ultimate solution. Even if a new solution comes and makes it easy to relatively trust a key, Web of trust will still be the most liberal way of trust in the light of a hostile digital world when people become diligent enough.&lt;/p&gt;
&lt;h2 id=&#34;gpg-is-so-adaptive-and-comprehensive-one-can-use-it-almost-any-way-required&#34;&gt;GPG is so adaptive and comprehensive one can use it almost any way required.&lt;/h2&gt;
&lt;p&gt;Since GPG is adaptive, with a single key one can manage a lot of applications. You can &lt;a href=&#34;https://github.com/GNOME/seahorse-nautilus&#34;&gt;encrypt files&lt;/a&gt;, &lt;a href=&#34;https://www.enigmail.net/index.php/en/&#34;&gt;encrypt emails&lt;/a&gt;, &lt;a href=&#34;https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2.0-released&#34;&gt;encrypt your incoming mails&lt;/a&gt;, &lt;a href=&#34;https://wiki.gnome.org/Apps/DejaDup&#34;&gt;encrypt your backups&lt;/a&gt;, &lt;a href=&#34;https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work&#34;&gt;sign your code&lt;/a&gt;, &lt;a href=&#34;https://www.linode.com/docs/security/authentication/gpg-key-for-ssh-authentication/&#34;&gt;SSH into servers&lt;/a&gt;, &lt;a href=&#34;https://keybase.io&#34;&gt;prove your identitiy&lt;/a&gt;, &lt;a href=&#34;https://riseup.net/canary&#34;&gt;prove your statements authenticity&lt;/a&gt;, &lt;a href=&#34;https://www.passwordstore.org/&#34;&gt;store your passwords&lt;/a&gt;, &lt;a href=&#34;https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302&#34;&gt;encrypt your Facebook notifications&lt;/a&gt; and even encrypt your &lt;a href=&#34;https://conversations.im/#security&#34;&gt;instant messages&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;All these functions have been added in recent years and more are probablys on the way. You can even encrypt your message and SMS or mail it if &lt;a href=&#34;https://www.dailydot.com/layer8/turkey-cuts-kurdistan-internet/&#34;&gt;all Internet connectivity has been cut off&lt;/a&gt;!&lt;/p&gt;
&lt;h2 id=&#34;gpg-is-single-source-of-concern&#34;&gt;GPG is single source of concern&lt;/h2&gt;
&lt;p&gt;Being in control of your key also enables you to use and tie wide array of possible uses to your key. You can use it for SSH, sign your code, use it as a trust source for your actions, use it to encrypt anything and store them anywhere without the fear of loosing your access to the data. While utilising this wide range of options you don&amp;rsquo;t have to deal with multiple softwares and keys. One key backed up safely will handle &lt;strong&gt;EVERYTHİNG!&lt;/strong&gt; The size of that key or what other marginally safer algorithm does not matter much.&lt;/p&gt;
&lt;p&gt;You only have to keep one key file that is basically your identity and need only worry about that. Every dedicated app will generate a purpose built key for their functions and if you are not willing to take care of it either your key will be uploaded to a server or you will loose your data if you ever loose your devices. A GPG key on a &lt;a href=&#34;https://www.yubico.com/&#34;&gt;Yubikey&lt;/a&gt; or a smartcard will manage all your identity and encryption needs. It is convenient.&lt;/p&gt;
&lt;p&gt;One of the basic criticisms of GPG is around it&amp;rsquo;s use of long term keys and lack of forward secrecy. This is actually a feature not a bug. One can be &lt;strong&gt;certain&lt;/strong&gt; that a GPG key will decrypt a data that has been encrypted with it in the &lt;strong&gt;future&lt;/strong&gt;. Most of the given practical examples to support this critisim are around how NSA stores every ciphertext and if ONE DAY a key is compromised then the whole communication will be too. This way of thinking misses one fundamental point. Not everyone is an active target of the NSA and just because something is possible it does mean that it is going to happen. Suggesting abandoning GPG because a compromised key will lead to decryption of all past ciphertext is like deleting every email the moment it has been read since loosing your password to you email account will lead to every plaintext of your emails. Anyone who needs a NSA level of security will probably know how to handle keys or can find more suitable tool for them selves. There are 8 billion other people on this planet who needs daily protection from less capable adversaries such as corperations, employers, etc.&lt;/p&gt;
&lt;h2 id=&#34;gpg-is-not-platform-bound&#34;&gt;GPG is not platform bound&lt;/h2&gt;
&lt;p&gt;GPG is not an &amp;ldquo;app&amp;rdquo; that you download and use as it allow. Even conceived as an email encryption tool, GPG is not exclusively build for that purpose. You can simply use GPG as you please on any platform that is capable of transmitting text and data. The use of GPG is not bound to email and the privacy and security problems associated with email is not directly GPG&amp;rsquo;s problem. GPG can and is mitigating a lot of problems email posses not creating new ones. Not encrypting email does not make email any safer or private to use and there are no alternatives yet.&lt;/p&gt;
&lt;p&gt;This fact is also under heavy criticism. The main suggestion is that one can advise someone to install just &amp;ldquo;x&amp;rdquo; and it would simply work but with GPG there are a lot of confusing options or GPG&amp;rsquo;s UI is bad. &lt;a href=&#34;https://openkeychain.org/&#34;&gt;Openkeychain&lt;/a&gt; has changed most of that UI shaming and became the most user friendly GPG client and Kleopatra as an GUI is crossplatform and quite easy to use (&lt;a href=&#34;https://www.reddit.com/r/kde/comments/f5q24n/germany_approved_gpg4kde_and_gpg4win_for_the/&#34;&gt;it is even accepted as secure by Germany&lt;/a&gt;. They are relatively easy to use compared with other options. Comparing a walled garden encryption service with GPG and finding GPG not user friendly is improper because the main goal is totally different.&lt;/p&gt;
&lt;h2 id=&#34;gpg-e-mail-is-not-dead&#34;&gt;GPG e-mail is not dead&lt;/h2&gt;
&lt;p&gt;GPG is still one of the most used cryptographic tool on Earth. GPG is seamlessly securing package management of GNU/Linux distros which secures whole Internet servers. &lt;a href=&#34;https://protonmail.com&#34;&gt;Protonmail&lt;/a&gt;, a secure e-mail startup implemented Openpg in their system which boosted GPG usage for e-mail to another level even though their key management is centralized. &lt;a href=&#34;https://www.thunderbird.net/&#34;&gt;Thunderbird&lt;/a&gt; and &lt;a href=&#34;https://www.enigmail.net/index.php/en/&#34;&gt;Enigmail&lt;/a&gt; have plans to merge and create an almost seamless &lt;a href=&#34;https://blog.thunderbird.net/2019/10/thunderbird-enigmail-and-openpgp/&#34;&gt;encrypted e-mail client&lt;/a&gt;. Even &lt;a href=&#34;https://pgp.cs.uu.nl/plot/&#34;&gt;strong set of GPG keys on keyservers are grown&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;This is why GPG is one of the most liberating piece of software that has ever existed in digital age. You and only you get to choose how you are going to use it and nobody, not the server, not the owner of the &amp;ldquo;app&amp;rdquo; and not the government have any say in it.&lt;/p&gt;
&lt;p&gt;GPG is not a definitive or end-of-all encryption tool. It does fill a good portion of security and identity problems of people and priotize &lt;strong&gt;freedom&lt;/strong&gt; of the users. People may not seem to care about their freedom much today, yet anytime someone &lt;a href=&#34;https://www.bbc.com/news/world-middle-east-27330745&#34;&gt;restricts their access to a function&lt;/a&gt; of an app or to the app itself, they realise they &lt;strong&gt;do not own&lt;/strong&gt; the tools that they need to survive this digital age. To stop people from using GPG there is no way; no server to ban, &lt;a href=&#34;https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute&#34;&gt;no coorperation to pressure&lt;/a&gt;, &lt;a href=&#34;https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation&#34;&gt;no single medium to outlaw&lt;/a&gt;. GPG survived the first &lt;a href=&#34;https://en.wikipedia.org/wiki/Crypto_wars&#34;&gt;Cryptowars&lt;/a&gt; and it will be there when the one thousandth &amp;ldquo;app&amp;rdquo; bites the dust because behind GPG there is an idea and ideas are bulletproof.&lt;/p&gt;
&lt;h3 id=&#34;further-reading&#34;&gt;Further reading&lt;/h3&gt;
&lt;p&gt;&lt;a href=&#34;https://signal.org/blog/the-ecosystem-is-moving/&#34;&gt;https://signal.org/blog/the-ecosystem-is-moving/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/&#34;&gt;https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html&#34;&gt;https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/&#34;&gt;https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://blog.filippo.io/giving-up-on-long-term-pgp/&#34;&gt;https://blog.filippo.io/giving-up-on-long-term-pgp/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://blog.gtank.cc/modern-alternatives-to-pgp/&#34;&gt;https://blog.gtank.cc/modern-alternatives-to-pgp/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://www.swalladge.net/archives/2020/02/19/goodbye-pgp/&#34;&gt;https://www.swalladge.net/archives/2020/02/19/goodbye-pgp/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html&#34;&gt;https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://web.archive.org/web/20190301083529/https://blog.whiteout.io/2015/02/25/pgp-theres-life-in-the-old-dog-yet/&#34;&gt;https://web.archive.org/web/20190301083529/https://blog.whiteout.io/2015/02/25/pgp-theres-life-in-the-old-dog-yet/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://protonmail.com/blog/pgp-vulnerability-efail/&#34;&gt;https://protonmail.com/blog/pgp-vulnerability-efail/&lt;/a&gt;&lt;br&gt;
&lt;a href=&#34;https://web.archive.org/web/20131009142806/https://www.rubygems-openpgp-ca.org/blog/theres-trust-and-then-theres-trust-and-then-theres-trust.html&#34;&gt;https://web.archive.org/web/20131009142806/https://www.rubygems-openpgp-ca.org/blog/theres-trust-and-then-theres-trust-and-then-theres-trust.html&lt;/a&gt;&lt;/p&gt;
</description>
</item>
<item>
<title>Stop Saying Freedom is a Private Matter</title>
<link>https://www.oyd.org.tr/en/yazilar/2020/03/stop-saying-freedom-is-a-private-matter/</link>
<pubDate>Tue, 03 Mar 2020 09:06:00 +0300</pubDate>
<guid>https://www.oyd.org.tr/en/yazilar/2020/03/stop-saying-freedom-is-a-private-matter/</guid>
<description>&lt;p&gt;There is a wide spread misconseption about freedom. Almost everyone think freedom is theirs(!) to decide. So many sentences starting with &amp;ldquo;my freedom&amp;rdquo; are being heard, one may simply get convinced that everybody has some sort of freedom pouch they hang from their belt.&lt;/p&gt;
&lt;p&gt;Freedom is defined by -like most things- their dialectic conterpart. Like shadow cannot exist without light, freedom cannot exist without an opressor. If there is nothing to be &amp;ldquo;free from&amp;rdquo; why would be there a need to define it? An opressor can be a person, an institution or even physics itself such as gravity. There is no distiction. Restricted by a public rule or gravitational pull, the result is the same; you cannot exert full authonomity. This fact makes freedom a public resource we all share, use and advance together.&lt;/p&gt;
&lt;p&gt;Gravity is one opressor we all indiscriminatly share togetter. We cannot jump as well as we like or we fall if we slip. Just because there is someone on an aircraft flying does not mean he has some sort of personal freedom from gravity. The person on the aircraft is defying gravity in expense of all the other ground dweller&amp;rsquo;s budget; airpolution, explotation of workers who builds the aircraft, occupying limited airspace, ext.&lt;/p&gt;
&lt;p&gt;The idea of freedom also one integral part of being a homo sapiens sapiens. Humankind did not invent tools influenced by a black extraterestial monolith[1] but pure need for fending natural opressors. Weather, predetors and every environmental hazzard is narrowing what one can achive and to widen freedom one need to fight them back. That is the reason imprisonment is a punishment and enslavement is never had been truely consented.&lt;/p&gt;
&lt;p&gt;You do not have a freedom to use propriority software and services! You do not have a right granted to you to choose enslavement of yourself to overlords of our digital and now physical existence. Saying so is either a sign of ignorance or not being a homo sapiens sapiens at all. There is no freewill when there isn&amp;rsquo;t totally acceptable two alternatives and in a time where almost every single code and device is controled by handfull of corperation you don&amp;rsquo;t get to choose freely.&lt;/p&gt;
&lt;p&gt;If you are oblivious to the fact that there is an alternative to digital enslavement, you are excused from this discussion. But for those who know free software, free hardware, right ot fix movements exist and how they strugle to get self determination and power back to people you do not get to choose enslavement! Every propriority software you install, every walled garden you get in, every public resource depleting online service you use, when there is an alternative, you actually strip every other person on this planet a bit of their freedom, feed it to your overlords and use what is left on the plate for your own greed!&lt;/p&gt;
&lt;p&gt;There is no denying or walking around it. This happened before in human history. People stood up for their life and what we know as freedom and rights are build upon their struggle and pain. If you decide to dispose your freedom, you should know that there is a price tag comes along.&lt;/p&gt;
</description>
</item>
<item>
<title>Authoritarianism Through Coding: Signal</title>
<link>https://www.oyd.org.tr/en/yazilar/2020/03/authoritarianism-through-coding-signal/</link>
<pubDate>Tue, 03 Mar 2020 07:06:00 +0300</pubDate>
<guid>https://www.oyd.org.tr/en/yazilar/2020/03/authoritarianism-through-coding-signal/</guid>
<description>&lt;p&gt;This isn&amp;rsquo;t a theoretical piece about freedom and digital technologies. This is a real ongoing trend that is at best observed around secure messaging application Signal by Open Whisper Systems and it&amp;rsquo;s founder Moxie Merlinspike. His view and management of Signal reflects a wider trend that jepordises world&amp;rsquo;s freedom.&lt;/p&gt;
&lt;p&gt;Signal is a secure messaging software that has changed the field a lot. Signal is built upon propriety software Textsecure and RedPhone applications that had been developed by Merlinspike and his co-founder Stuart Anderson. When Twitter acquired Whisper Systems, it releases both software under free software licenses. Merlinspike left Twitter acquired Whisper Systems, founded Open Whisper Systems and merged -once the private property of himself- TextSecure and Redphone into Signal.&lt;/p&gt;
&lt;p&gt;Signal is free software. &amp;ldquo;Free as in freedom&amp;rdquo;, their client and server code is licenced under GPLv3 and AGPLv3. This makes the code and only the code itself pro-freedom. Just because the code it self free does not necessarily make the coder &amp;ldquo;free&amp;rdquo; as well and that is the problem we face today!&lt;/p&gt;
&lt;p&gt;Open Whisper Systems led by Moxie Merlinspike, who is behind Signal, is and was never behind freedom. This has been seen in the light of LibreSignal (&lt;a href=&#34;https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165&#34;&gt;https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165&lt;/a&gt;) debate where a fork of Signal client is build without unfree dependencies and published on the F-droid free software repository on Android. After much debate about federation, the claimed server resources and freedom, followed by legal trademark threats Libresignal has been removed from F-droid and so was anybody&amp;rsquo;s chance of using Signal as a secure messenger who doesn&amp;rsquo;t use Google services. &lt;a href=&#34;https://wire.com/en/blog/axolotl-proteus-encryption-protocols/&#34;&gt;Wire&lt;/a&gt; case is just another example.&lt;/p&gt;
&lt;p&gt;This approach is not only a threat to free software it is a recurring threat to human kind!&lt;/p&gt;
&lt;p&gt;To prove this bold claim one needs to look at one recent blog post from Open Whisper Systems and a presentation made in 36C3 by Merlinspike.&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://signal.org/blog/the-ecosystem-is-moving/&#34;&gt;Signal&amp;rsquo;s blog post&lt;/a&gt;
&lt;a href=&#34;https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/&#34;&gt;Matrix&amp;rsquo;s blog Post&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;The main points of his claims can be listed as follows:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Decentralized systems are harder to build&lt;/li&gt;
&lt;li&gt;Decentralized systems are harder to evolve&lt;/li&gt;
&lt;li&gt;Decentralized systems are harder to secure&lt;/li&gt;
&lt;li&gt;Decentralized systems are becoming concentrated in predominant provider anyways&lt;/li&gt;
&lt;li&gt;If users don&amp;rsquo;t trust their app provider they have the freedom to use something else&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;While his claims are true up to a certain point they are only superficial. Through these points Merlinspike claims that, centralized services are superior in modern times!&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/&#34;&gt;anyone who is interested in the depth of this debate can start reading Martix&amp;rsquo;s answer to Merlinspike at the link here&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;It is really unnecessary to explain in depth why this type of thinking is dangerous when a simple change in words can tell more than 1000 page work. Let&amp;rsquo;s rename the object and compare his digital dystopia with one that has occured several times through-out analog human history and which once again recures today;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Democracies are harder to build&lt;/li&gt;
&lt;li&gt;Democracies are harder to improve&lt;/li&gt;
&lt;li&gt;Democracies are harder to secure&lt;/li&gt;
&lt;li&gt;In democracies power is becoming concentrated in predominant hands anyways&lt;/li&gt;
&lt;li&gt;If people do not like their democracy provider (country) they have the freedom to leave and go another provider.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;One doesn&amp;rsquo;t need to think hard to see what Merlinspike is advising. He claims democracies suck because of the hardships of human organization and proposes autocracy to manage the world in favour of the helpless people occupying it. Why? Because democracies are inefficient and people don&amp;rsquo;t want that!&lt;/p&gt;
&lt;p&gt;If he had given the same statement about democracies and governmental politics as he gave about federative systems it would have provoked outrage! People died for freedom, they are still dying and struggling around the globe. Then someone comes and stomps over every ideal which human society ever build up until this point in history and proclaims themselves the world leader! Think about it!&lt;/p&gt;
&lt;p&gt;The example given is bad but why are Merlinspike&amp;rsquo;s claims about decentralized systems not considered bad as well? Because digital freedom has not yet been lost and won by blood or are we still asleep? Just because code is free, it doesn&amp;rsquo;t necessarily mean that the coders mind is also free! Freedom is not just a license, it is an ideal in any condition that we must stand for!&lt;/p&gt;
</description>
</item>
</channel>
</rss>