There are gemini to http gateways so the content is probably already crawled anyway.
There are gemini to http gateways so the content is probably already crawled anyway.
So lets be clear - there is no way to prevent others from crawling your website if they really want to (AI or non AI).
Sure you can put up a robots.txt or reject certain user agents (if you self host) to try and screen the most common crawlers. But as far as your hosting is concerned the crawler for AI is not too different from e.g. the crawler from google that takes piece of content to show on results. You can put a captcha or equivalent to screen non-humans, but this does not work that well and might also prevent search engines from finding your site (which i don’t know if you want?).
I don’t have a solution for the AI problem, as for the “greed” problem, I think most of us poor folks do one of the following:
Now for the AI problem, there are no good solutions, but there are funny ones:
I should point out that none of this will make you famous or raise your SEO rank in search results.
PS: can you share your site, now i’m curious about the stories
Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.
First the trivial stuff:
These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.
Now for the reasons that really keep me away:
Finally a couple of points on some of the other comments:
This is a really nice summary of the practical issues surrounding this.
There is one more that I would like to call out: how does this client scanning code end up running in your phone? i.e. who pushes it there and keeps it up to date (and by consequence the database).
I can think of a few options:
Each of these has its own problems/challenges. How to compel them to insert this (ahem “backdoor”), and the different risks with each of them.
True friendship is indeed to trade ssh keys.
What kind of hardware are we talking about here. Tiny boxes, big boxes? Disks, networking?
Fair point (IP, email, browser session data). Those should not be exposed via the federation in any way. And the existence of the federated network means we could switch instances if we are concerned our instance is a bad actor about this.
I did not mean to suggest the ecosystem is not valuable for privacy. I just really don’t want people to associate federation with privacy protections about data that is basically public (posts, profile data, etc). Wrong expectations about privacy are harmful.
To be fair I do not expect any privacy protections from lemmy/mastodon in general, or from blocking/defederation in particular.
Lemmy/Mastodon protocols are not really private, as soon you place your data in one instance your data is accessible by others in the same instance. If that instance is federated this extends to other instances too. In other words the system can be seen as mostly public data since most instances are public.
The purpose of blocking or defederation (which is blocking at instance level) is to fight spam content, not to provide privacy.
Ultimately you are trusting the relay server to hold your messages If the relay is not trustworthy, it could reveal those messages.
The only exception I know of are encrypted direct messages which are still held by the relay but are encrypted with the recipient’s key. These messages still have a cleartext recipient id (so the server can deliver them).
So, if the relay is well behaved
If the relay server is operated by the forces of evil, then the only thing you can assume is that direct message content is not visible, but they can see the message src/destination/timestamp.
I think the main motivation for nostr is censorship resistence - so if you are being blocked in one relay, you move to another - in terms of privacy/security it does not seem weaker than most other public message forums.
They could serve similar purposes. In terms of maturity nostr is younger. Here are the main differences from the point of view of nostr:
At its core nostr is a basic protocol where you send messages to a relay server and the relay passes them along to other people when they request them. And on top of those messages people implement extensions for features, full length posts, payments, etc. The are notions of followers and subscriptions (like twitter) but those are just tiny messages where you ask the relay for messages from person A or B. The list of specifications is here https://github.com/nostr-protocol/nips
Finally there are a few different nostr implementations for relays, clients and web interfaces. Some of them do not implement all the features, so you may need to shop around a bit if your are looking for some fancy features (check https://github.com/vishalxl/Nostr-Clients-Features-List).
Also some nostr highlights which I think don’t have equivalent in matrix (but deserve nerd points)
As any engineer who does ops can tell you - you did the right thing - the solution is always to roll back, never force a roll forward, ever.
We should totally do pre and post update parties though. Even if the update fails we can have an excuse for drinks and a fun thread.
Depends on what you mean by “secure”, being very loose with the definitions, we have
My personal preference is Simplex.
Reasoning for a few:
Some more food for though though; these protocols support both group communication and 1-1 messaging - privacy expectations for these two are very different. For example I don’t care too much about confidentiality in a group chat if there are 3000 people in there. It might be more concerned with concealing my phone/name/metadata.
In general I consider large group chats “public”, I can try to be anonymous, but have no other expectations. e.g. some people use some protocols over ToR because they do not trust the service (or even the destination) but they try to protect their anonymity.
On a technical note: I don’t think there is any protocol that supports multi-device without some kind of vulnerability in the past. So I would temper my expectations if using these protocols across devices.
I’m not familiar with the other ones that were mentioned in comments or in the spreadsheet.