RE: https://hachyderm.io/@jesper_linnet/115854978389856657

@jesper_linnet @sillyCoelophysis

You can get similar texture from an ice cream maker using just water.

Though she may find snow disappointing once she discovers you can make snow out of cream.

@firefoxwebdevs @davidgerard @yoasif @fmasy @Rycochet @zzt

Which is happening because you are shipping feature that you call AI and your new CEO has called Firefox an ‘AI first browser’, because he is completely and totally unqualified for his job.

Stop doing that. And then you can have a useful discussion about any ML models that you are shipping (which, I agree, should be plugins, but so should a lot of things Firefox bundles).

@firefoxwebdevs @davidgerard @yoasif @fmasy @Rycochet @zzt

I didn’t see the poll before this post, but my number one request to Mozilla remains the same:

Stop using the term ‘AI’ anywhere.

It is a meaningless marketing term pushed by the worst parts of the tech industry. Don’t use a catch all for a bunch of unrelated things, name them individually and explain to users why they should care (if you can’t, don’t ship them at all). And make all of them off by default.

Feel free to pop up a dialog saying ‘This page is in a language that you haven’t said you speak, Firefox has optional on-device translation models trained ethically (see here for more information)k would you like to install them? (If you decide not to, you can change this decision later in settings) [ Never install translation models ] [ Never install translation models for this language ] [ Install translation model for this language ] [ Automatically install translation models for any language ]’.

Similarly, if a user hovers over an image with no alt text, feel free to pop up a dialog saying ‘This image has no text description. Firefox has an on-device image-recognition model that is ethically trained (see here for more information) that can attempt to provide one automatically. Would you like to install it? If you do not, you can later install it from settings. [ Do not install image-recognition model ] [ Install image-recognition model ]’.

And, in both of these cases, pop up that dialog at most once.

See how neither of these needed to say ‘AI’? Because they were explaining what the model did and why. This is how you communicate with users if you care about users more than you care about investors and hype trains.

@neil

Most of the harms related to teens accessing these sites come from the engagement-at-all-costs models that drive algorithmic content presentation. This, in turn, is driven by the need to fund these sites with advertising.

A ban on all advertising (in any medium) targeting under 16s would probably do a much better job.

@arcanechat

I don't understand why do you seem so upset,

Because you're spreading misinformation to score marketing points and spreading misinformation about secure messengers gets people killed.

I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-au

So, none after this particular class of attack was discovered and therefore none that include this in the threat model?

@arcanechat

#DeltaChat is for private chatting, so you normally don't put your link anywhere publicly, you could create a dedicated profile for public interactions tho, which, unlike in signal, it is super easy to do and you can have as many as you want,

Okay, so your use case for 'private chatting' excludes journalists publishing contact information for whistleblowers? It excludes union organisation? It excludes protest organisation?

I guess that's fine, but maybe don't claim to be operating in the same space as Signal then.

and notice the use case I am talking here is family chat, not business and public interactions, that is why I said "keep your family safe" I am talking about family chat solution here

Then you need to learn about the concept of an anonymity set. If you have one mechanism for talking to your family and another different one for talking to your union rep, it's really easy for a passive adversary to track when you suddenly start using a different mechanism for high-value conversations.

@arcanechat So there is no way for anyone to use a public identifier like an email address or similar to reach you?

What do you put on business cards or similar if you want people to contact you? An invite link?

@arcanechat

When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.

The root cause is nothing to do with phone numbers. It depends on two things:

• Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
• Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.

If you actually wanted to convince people your system was better you would:

• Show that you don’t issue read receipts (which will put some people off because they are useful).
• Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.

Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.

Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.