Content pfp
Content
@
1 reply
0 recast
2 reactions

William Allen pfp
William Allen
@williamallen.eth
Is the desire for e2e/zero knowledge encryption (Skiff, Proton, Signal etc) a stated preference with a much smaller TAM vs the revealed preference of 'just good enough' or 'the devs will add it later' encryption?
3 replies
0 recast
4 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Part of the stated vs revealed preference of E2EE, ZK, MPC, and other cryptographic approaches, hell, even cryptocurrencies, is that the value delivered has to be greater than the investment. With Signal, a lot of heavy lifting is done to make it as usable as possible, and even then, there are still rough edges.
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Part of this is because it is incredibly difficult to retain the security guarantees by smoothing some of those rough edges. Part of it is because a more holistic solution is required (PKI, such as Apple's iCloud Keychain infrastructure and Advanced Data Protection, has now enabled equivalent security with easier use)
1 reply
0 recast
4 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Building that holistic solution doesn't happen overnight, and while significant engineering expense went into the new iMessage security features, it still remains limited to iMessage. Revealed preference: if you can't talk to Android users over iMessage, what do you do? Downgrade security.
2 replies
0 recast
3 reactions

Cassie Heart pfp
Cassie Heart
@cassie
The thing is, people don't realize how crucial the privacy and secrecy guarantees of strong encryption are, until they don't have it but need it. (See women's health care restrictions being passed that have lead to overzealous AGs requesting medical records from out of state)
3 replies
1 recast
15 reactions

Cassie Heart pfp
Cassie Heart
@cassie
So ultimately, the revealed preference will be like water: taking the path of least resistance. And similarly, until something holistic emerges that makes E2EE, ZK, MPC, etc. all as accessible, intuitive and abundant as water, people will continue to live in the drought of cryptographic accessibility.
2 replies
5 recasts
9 reactions

Agost Biro pfp
Agost Biro
@agostbiro
^ this + the really interesting thing for me is how advanced cryptography enables novel applications. E.g. a decentralized dating app where devs can build mini apps with users’ data without getting access to it. Users come for the functionality, but get strong privacy, since it’s not possible to build without it
1 reply
0 recast
1 reaction

Agost Biro pfp
Agost Biro
@agostbiro
(Devs will come since, given a choice, they’ll invest in a decentralized platform over a centralized one after the Facebook/Twitter/Reddit debacles of the past decade)
1 reply
0 recast
1 reaction

Cassie Heart pfp
Cassie Heart
@cassie
My response to that is that the devex has to be at least as good as what they’re accustomed to. Web3’s adoption rate has been abysmal compared to other technologies, and this 100% has to do with devex and UX on the user-facing side. Devs will come if you make the switch a no-brainer and let them use tools they know
1 reply
0 recast
1 reaction

Agost Biro pfp
Agost Biro
@agostbiro
Imo that depends on what type of app they’re building. Are you trying to get devs to build a website on decentralized infra? Then the infra & tooling better be as reliable & smooth as modern web stack. But if the use case is shg completely new, friction is acceptable for early adopters
1 reply
0 recast
1 reaction

Samuel ツ pfp
Samuel ツ
@samuellhuber.eth
this. I learned Solidity because I wanted to do the new thing - Smart Contracts - though I am not going out of my way with some semi decentralized thing breaking the DevOps/Infra Flow I know. If it's 100% decentralized k8s or similiar functionality we talk again.
2 replies
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
What about decentralized AWS? 😄
1 reply
0 recast
0 reaction

Samuel ツ pfp
Samuel ツ
@samuellhuber.eth
AWS has EKS ;) also if we just talk EC2 then awesome. As long as I can get some network layer going to get my cluster up I am gucci. K8s API Security is something I somehow need to take care of then. As I don't trust the nodes but they have everything in plaintext :/ K8s API Server has power :O Load balancing though..
2 replies
0 recast
0 reaction

Samuel ツ pfp
Samuel ツ
@samuellhuber.eth
even a challenge if you have one static ip and domain to get it right with failover IPs and the likes if your infra provider doesn't have a Loadbalancer service. I know keepalived exists but you need to write custom API hooks to integrate your provider... DevEx sucks there.
0 reply
0 recast
0 reaction