Daniel M. Skube

@daniel

Javascript | Cryptography | Jiujitsu | Freedom

1,566 words

https://keybase.io/dmskube Thank Guestbook
You'll only receive email when Daniel M. Skube publishes a new post

Blasting An Escape Tunnel Through The Walled Garden

Privacy activists have an alternative for every Google product except YouTube.

YouTube defines the long-form, user-generated video market. Which is troubling for privacy-activists & general folk alike. One company exerts near-perfect control over the juciest portion of the world's media diet.

Under pressure from the legacy media, company leadership favors the iron fist to the velvet glove. With a new terms of service, YouTube re-iterates it's right to not just demonetize creators, but remove them wholesale from the platform.

This is an implicit ban on politically-incorrectness. Even worse is the possibility of Google letting foreign governments censor content on American soil. Meeting international demands is expected of international companies, but countries without a Bill of Rights must not be allowed to infringe on ours.

Long-form, user-generated video is too important to leave inside a walled garden. We need an escape tunnel.

Finding Cracks In The Wall

What maintains YouTube's dominance?

I see YouTube as a nexus of 3 features:

  1. Hosting: content must live somewhere
  2. Monetization: incentivize creators to consistently produce high-quality content
  3. Discovery: two-fold:

    - Search: connect users to requested content

    - Recommendation: keep users engaged with relevant, personalized suggestions

Which feature is the wall? It's not hosting; hosting is a commodity. It's not monetization; smart creators know to diversify their revenue across sponsorships, Patreon, branded products, etc. Given the multitude of ways for creators to draw income, it's doubtful their loyalty to YouTube extends past the level of convenience & inertia. So what is the wall?

Discovery is the wall. YouTube is the only meaningful video search engine & maintains this status by never recommending videos outside itself. Viewers don't know where else to find video & creators don't know where else to find viewers. Even if a viewer deigned to use, say, DuckDuckGo video search:

  • the search results would map mostly to YouTube

  • the user still depends on YouTube for recommendations 'down the rabbit hole'

Discovery can bless content with international acclaim or doom it obscurity. Thus discovery leads, viewership & content follow.

Breaking The Wall

What if discovering video was de-coupled from hosting it?

Traditional web search is platform-independent; Google finds the content you seek & directs you to the source. A video-search/discovery service predicated on the open web could route around corporate censorship & empower creators to engage fans directly, on the creator's own site .

But there's a key difference to between web search & video discovery. Web search is like visiting the DMV; the goal is to spend as little time as possible. Video discovery is like visiting a casino; the more time spent, the better.

So as enumerated in the DuckDuckGo example above, rehashing web search as video search isn't satisfactory. A balance must be struck between displaying suggested content from around the web, while not eclisping the site which the viewer is currently on. Some sort of toggle-able overlay of suggestions, perhaps.

Divorcing discovery from hosting doesn't just grant freedom to creators - it gives options to viewers, too. If the concept works, we can assume competiting discovery services will emerge.
Users can vote with their feet as to which service 'discovers' best. As opposed to the natural monopoly over video-recommendation currently enjoyed by YouTube.

A Better Garden, Not Just A New One

We must be careful not to take one step forward & two steps back. If we are to create a new paradigm, it must be an order of magnitude better.

My personal desires are:

  • privacy-respecting: user-supported rather than ad-supported
  • laissez-faire regulation: any content which doesn't violate US law is indexed*
    • users may block content they dislike & subscribe to common block-lists
  • transparency: recommendation algorithms steer the course of public discourse. Open-source algorithms serve the greater good.

(*Except porn, which tends to swallow websites & should be treated seperately)

In Conclusion

There's a million more details to enumerate, but it's better to be published than perfect. If you enjoy the idea, please drop me a DM on Keybase or Twitter.

The Delusion of Innocence: Bitcoin & Mass Shootings

For ~150 years, American schools were free from violence. This is amazing, considering schools offer no means of physical protection greater than a locked door.

Since Columbine, this has changed. Police patrol hallways, tech companies search social media for red flags, and onlookers blame whichever scapegoat fits their political persuasion. If you're on the Left, it's the NRA. If you're on the Right, it's Big Pharma & video games.

Personally, I blame the Department of Education for treating secuity as an afterthought instead of a foundation. But that is the pattern of human nature. We fall prey to the Delusion of Innocence: pretending that which can be abused won't be abused.

The Cycle of the Delusion of Innocence:

  • invention invented ->
  • society benefits ->
  • inherent vulnerability is exploited ->
  • society recoils ->
  • secure protocol is appended to invention / new goverment agency created ->
  • repeat;

The Delusion of Innocence affects the digital world as much as the physical. In the beginning of the internet, all communication occurred through HTTP. HTTP is a cleartext protocol; an eavesdropper can read full conversations, and alter messages in transit. Imagine the fun a Russian/Chinese troll-farm would have on a pure-HTTP internet! Luckily, we've wisened-up; most websites are now encrypted via HTTPS. Sadly, the cycle repeats & the next invention will have vulnerabilities of its own.

In his rush to create sovereign money, Satoshi Nakamoto settled for a psuedonymous blockchain, rather than an anonymous one. We now suffer the consequences: blockchain analysis companies threaten to expose HODLers to the wrath of secret police forces, tax authorites, & common extortionists. Cypherpunks are left to decide which will be more effective: appending privacy to a fundementally transparent system, or adopting the latest private-by-default currencies.

To awaken from the Delusion of Innocence is a task unique to individuals - the majority will always prefer blissful ignorance. Your security is your responsibility. The incentives of the Collective rarely align with your well-being. Question, inspect, audit, build.

Build.

Asymmetric Advantage

Cryptography yields an asymmetric advantage to those who use it. Asymmetric how? In a fraction of a second, your laptop can form a secure (read: encrypted) connection with your bank. But if an eavesdropper intercepted the communications, it could take - literally - billions of years before they decrypt the data.

Libertarians love cryptography. Why? For the same reason they love guns: cryptography decentralizes power. Compared to the physical world, where goverments & mobs enjoy near-total control, the digital realm is a bastion of Individualism. Peers converse, unauthorized; information is traded, unhindered; activists gather, unharrassed.

Decentralization is powerful. The American defeat in Vietnam serves as an example. So does Bitcoin, BitTorrent, and the internet itself. Shutting down a decentralized system is like playing Whack-A-Mole: you only win if you unplug the machine. What government can afford to revert to a pre-digital economy?

The Boot-Strapping Problem of PGP

Who verifies the verified?

PGP - by which I mean all variants, open- & closed-source - is powerful yet awkward software. By 'awkward', I don't mean using the command-line interface; CLI-literacy is attainable.

By 'awkward', I mean that obtaining the true public-key of a stranger requires an inordinate amount of trust & hassle. Since there's been some recent controversy, let's pretend Bob wants to download Tor Browser.


Bob isn't security-conscious, but he's trying. This month, he installed a password-manager, switched from Windows to Linux, and even learned a little about using gpg on the command-line.

Bob is concerned about the dismal state of internet privacy, so he downloads Tor. Ever a dutiful denizen of the 'net, Bob also downloads the accompanying .sig file. As he prepares to verify his downloads on the command-line, Bob realizes "Wait! I don't have the public-keys for the Tor Project".

Not one to wait, Bob searches DuckDuckGo for "public keys tor". The first result is from torproject.org, where Bob made his initial download. "Perfect,", Bob thinks, "Straight from the horse's mouth."

Bob thinks again. "If I trust the Tor website so much, why am I bothering to verify the file at all? I can't trust a public-key from the same website I got my files from."

Bob is right. He needs to find an independent source for the keys. Where to now?

Since Bob is already on torproject.org, he press the hyperlink on a key-id. A new tab loads that says pgp.mit.edu. "Oh, the MIT key-server. I can trust them." While waiting for the key-server to load, Bob falls into coma. When he reawakens six-months later, the page is still loading.

To celebrate escaping the coma, Bob vacations in Hawaii for a week. When he returns, the key-server has finally loaded. Error 400: Server Under-resourced; Page Cannot Be Loaded.

"Ironic," thinks Bob, "this key-server is as out-of-date & unaccountable as the academics who maintain it."

So, Bob seeks out the next option that comes to mind: the GNU key-server. Bob goes to keys.gnupg.net and notices the connection is unsecured HTTP.

Bob leaves his house & walks directly into the ocean.


Take care, Bob. You represent us all.

Hopefully, the dark days of HTTP key-servers are all but behind us now. Applications like keybase.io (find me @ dmskube) promise a more secure, less trusting model for what a key-server could be.

Let's hope that innovation in privacy UX keeps apace with innovation in privacy technology. And let's hope against the reverse!