✨ Feature Suggestion | Comprehensive software comparison page #2344

New Issue

Closed

opened 2021-06-15 13:55:44 +00:00 by ArtificialAmateur · 2 comments

ArtificialAmateur commented 2021-06-15 13:55:44 +00:00 (Migrated from github.com)

Copy Link

While having a clean interface that can suggest one, two, or three software applications for a specific purpose is a great idea for those looking to start in the world of privacy, I'd like to see some more information for advanced users. This comes from my frustrating search to find and categorize all the privacy-focused messaging applications out there, turns out there are quite a few of them, they all have trade-offs, and a lot of these trade-offs can only be found in the nitty-gritty like whitepapers, technical documents, and git issues (including many discussions on this repo!). Instead of just having a user being told whats best for them, what if we include another page that goes into the details of these different software specifications and scorecard them like what the EFF used to do. While other pages exist that include their own scorecards, they are scattered, they lack certain markers, they lack certain software to compare, and most importantly they are not open-source for contribution. This page doesn't have to be front and center, but just an extra page to create a standing catalogue of what is out there and help advanced users determine what is the most private and anonymous software for their threat-model.

I was beginning to create my own page for this information with a table to display at the top, citations to each claim, and possibly an appendix for more complex discussion matters (#2293). However I'd rather contribute to an existing well-known project that have another small independent one where it may not get as much contribution.

Here is a sample unfinished scorecard for messaging platforms: https://cryptpad.fr/sheet/#/2/sheet/edit/CUkoArq1ja21SWr7rQBPeRg7/

While having a clean interface that can suggest one, two, or three software applications for a specific purpose is a great idea for those looking to start in the world of privacy, I'd like to see some more information for advanced users. This comes from my frustrating search to find and categorize all the privacy-focused messaging applications out there, turns out there are quite a few of them, they all have trade-offs, and a lot of these trade-offs can only be found in the nitty-gritty like whitepapers, technical documents, and git issues (including many discussions on this repo!). Instead of just having a user being told whats best for them, what if we include another page that goes into the details of these different software specifications and scorecard them like what the EFF used to do. While other pages exist that include their own scorecards, they are scattered, they lack certain markers, they lack certain software to compare, and most importantly they are not open-source for contribution. This page doesn't have to be front and center, but just an extra page to create a standing catalogue of what is out there and help advanced users determine what is the *most* private and anonymous software for their threat-model. I was beginning to create my own page for this information with a table to display at the top, citations to each claim, and possibly an appendix for more complex discussion matters (#2293). However I'd rather contribute to an existing well-known project that have another small independent one where it may not get as much contribution. Here is a sample unfinished scorecard for messaging platforms: https://cryptpad.fr/sheet/#/2/sheet/edit/CUkoArq1ja21SWr7rQBPeRg7/

👍 1

lrq3000 commented 2021-06-19 16:03:11 +00:00 (Migrated from github.com)

Copy Link

IMHO (and I'm not part of PTIO team, just an infrequent contributor), such a scoreboard leads to several issues:

1. in practice, it's going to be very hard to maintain. You can already see by looking at the PRs list that PTIO, being only operated by non paid volunteers, is infrequently updated currently. Adding more informations will only lead to more burden and even more infrequent updates.
2. the infos in scoreboards are too detailed and not necessary for the "average user" which PTIO is targeting. PTIO is indeed not targeting the power user, so actually too much infos may lead to PTIO be less accessible, and accessibility to the average user is paramount in PTIO's "philosophy".
3. the infos in scoreboards are too detailed which often lead several items to become deprecated very fast. This goes back to the 1st point, as this adds even more burden to update frequently, for very little added benefit to the average user. For example, the "Perfect Forward Secrecy" being set to "No" for Element, which I'm not sure it's true anymore since a room can be set to disallow decryption of messages prior to joining the room, in which case each message seems to be encrypted with its own key.
4. the scoring such as the color coding you used can be very subjective. For example, in "infrastructure", you rated federated networks in yellow, and P2P networks in green. But I'd argue this is unwarranted, these two different network types just have different threat models. For example, if you absolutely need to hide your IP address to the people you discuss with, Jami is actually the worst since it will always reveal your IP address, whereas a federated network such as Matrix would not, and the Element client can even be used through Tor for additional protection, something not possible with Jami to my knowledge.

Don't get me wrong, it's great such scoreboards exist and I certainly find them, such as yours, very useful and helpful (thank you for sharing!), but I don't think that it's in PTIO's interest or philosophy to include them. But that's only my opinion.

IMHO (and I'm not part of PTIO team, just an infrequent contributor), such a scoreboard leads to several issues: 1. in practice, it's going to be very hard to maintain. You can already see by looking at the PRs list that PTIO, being only operated by non paid volunteers, is infrequently updated currently. Adding more informations will only lead to more burden and even more infrequent updates. 2. the infos in scoreboards are too detailed and not necessary for the "average user" which PTIO is targeting. PTIO is indeed not targeting the power user, so actually too much infos may lead to PTIO be less accessible, and accessibility to the average user is paramount in PTIO's "philosophy". 3. the infos in scoreboards are too detailed which often lead several items to become deprecated very fast. This goes back to the 1st point, as this adds even more burden to update frequently, for very little added benefit to the average user. For example, the "Perfect Forward Secrecy" being set to "No" for Element, which I'm not sure it's true anymore since a room can be set to disallow decryption of messages prior to joining the room, in which case each message seems to be encrypted with its own key. 4. the scoring such as the color coding you used can be very subjective. For example, in "infrastructure", you rated federated networks in yellow, and P2P networks in green. But I'd argue this is unwarranted, these two different network types just have different threat models. For example, if you absolutely need to hide your IP address to the people you discuss with, Jami is actually the worst since it will always reveal your IP address, whereas a federated network such as Matrix would not, and the Element client can even be used through Tor for additional protection, something not possible with Jami to my knowledge. Don't get me wrong, it's great such scoreboards exist and I certainly find them, such as yours, very useful and helpful (thank you for sharing!), but I don't think that it's in PTIO's interest or philosophy to include them. But that's only my opinion.

👍 3

freddy-m commented 2021-06-21 13:08:10 +00:00 (Migrated from github.com)

Copy Link

As someone who is a part of the PrivacyTools team, I reiterate @lrq3000's points.

in practice, it's going to be very hard to maintain. You can already see by looking at the PRs list that PTIO, being only operated by non paid volunteers, is infrequently updated currently. Adding more informations will only lead to more burden and even more infrequent updates.

We're currently facing some large scale organisational problems, which is why there is such as backlog. Hopefully things will be resolved soon, and we can all get back to working on the site.

As for this issue, I'll be closing it - but feel free to discuss further, and mention me if you have any incredible ideas.

As someone who is a part of the PrivacyTools team, I reiterate @lrq3000's points. > in practice, it's going to be very hard to maintain. You can already see by looking at the PRs list that PTIO, being only operated by non paid volunteers, is infrequently updated currently. Adding more informations will only lead to more burden and even more infrequent updates. We're currently facing some large scale organisational problems, which is why there is such as backlog. Hopefully things will be resolved soon, and we can all get back to working on the site. As for this issue, I'll be closing it - but feel free to discuss further, and mention me if you have any incredible ideas.

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

dependabot/bundler/nokogiri-1.13.6

dependabot/bundler/addressable-2.8.0

freddy-m-patch-3

pr-add_RemoveMyPhone_sponsor

pr-browser_cleanup_1257_1328_1430

freddy-m-patch-2

freddy-m-patch-1

pr-vpn_hated_one_video

cdn

update-nitrohorse-image

promote-metager-to-card

hardware

pr-add_azirevpn

pr-add_mailfence

shop

1673

pr/1658

i18n-simple

sponsorship-edits-nov2019

i18n

ipfs

blacklight447-ptio-patch-3

blog

remove-windows-icons

pr/1147

i18n-testing

add-beautify

No results found.

Labels

Clear labels

🔍🤖 Search Engines

approved

approved, waiting for a PR

dependencies

Pull requests that update a dependency file

duplicate

feedback wanted

high priority

I2P

The Invisible Internet Project (I2P)

iOS

low priority

OS

Operating Systems

Self-contained networks

Social media

stale

A label for stalebot if it gets added

streaming

Anything related to media streaming.

todo

Tor

Anything covering the Tor network

WIP

active work in progress, do not merge or PR (yet)!

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

XMPP

Extensible Messaging and Presence Protocol

[m]

Matrix protocol

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

Browser Extension related issues

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

Correction of content on the website

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

Firefox & forks, about:config etc.

💻 hardware

🌐 hosting

🏠 housekeeping

Anything primarily related to site cleanup.

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

Virtual Private Network

🌐 website issue

*Technical* issues with the website.

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

Domain Name System

🗨️ instant messaging (im)

🇦🇶 translations

Anything covering a translated version of the site

No Label

✨ enhancement

Milestone

No items

No Milestone

Assignees

Clear assignees

jonah

No Assignees

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#2344

No description provided.