Are you running IPFS nodes for unloaders to keep data persisting? From what I understand, as soon as the last available node stops broadcasting, the pinned object is gone.
How do you deal with illegal content? Aka people using this service to host bad content.
Would it be possible to shard the encrypted data across multiple backends (e.g. across multiple providers or across multiple accounts on a single service)? It might be useful/interesting/fun to use erasure coding to increase redundancy and availibiliy.
When Prabhaav mentions it's encrypted client side, we should elaborate and also mention that it's encrypted such that we can't see it, so we have no way of knowing if you are transacting illegal content.
An interesting architectural point is that because you as the user choose your storage provider, you are essentially hosting bad content along with your storage provider. We and Blockstack simply provide you with a means of transporting your data to others without getting in the middle.
Hi djangowithme, thanks for the comment. There are several features like bookmarking/favorites, advanced search, better night mode, better mobile support that are not available on CMC.
There are great templates available for $15. Anyone with basic html skills can download one and change the values between html tags. I'm assuming you tried to make one yourself, which in fact is tough and would require multiple people to pull off.
The website seemed down earlier, and currently its quite slow. Im wondering, if ipfs is distributed then why isnt it able to handle this traffic? Are there more decentralized options?
The website isn't on IPFS yet. A new marketing site published to IPFS is something we want to do but hasn't been a priority (we weren't expecting to have a big influx of traffic).
The application is available on Github[1], and that's the part that uses IPFS.
Buying a facebook speaker, or really any home-speaker for that matter seems like a really bad idea. You give it the ability to record everything in your home for a slight utility.
I see this argument all the time, but these things are less dangerous than smartphones. First off, they ride off your own network so it is easy to see when they are sending data back home unlike phones which can transfer data over harder to monitor 3rd party networks. They are cheaper and lower powered machines so they can't do a lot of processing on device and can't store a large amount of data for later transfer. They are stationary in your home and therefore likely spend a majority of the time listening to nothing unlike phones which might be at their owners side 24/7. They also only have one source of data which is audio as opposed to the other various sensors phones have like GPS. Finally, if you believe that these companies are shady enough that they are lying to their customers about what these smart speakers are doing, why do you think they aren't lying about what their mobile OSes or apps are doing?
All that said, I believe Apple, Amazon, and Google all have worlds more trust in this area than Facebook.
> these things are less dangerous than smartphones
I disagree.
> they ride off your own network so it is easy to see when they are sending data back home unlike phones which can transfer data over harder to monitor 3rd party networks
…if you use a VPN, then you can check for traffic here as well.
> They are cheaper and lower powered machines so they can't do a lot of processing on device and can't store a large amount of data for later transfer.
HomePod has an Apple A8 processor, and Google Home has some sort of ARM SoC. These aren't low-powered machines; on the contrary, they can run 24/7 since they're always powered.
> They are stationary in your home and therefore likely spend a majority of the time listening to nothing
I think this makes them more likely to be overlooked, more than anything.
> Finally, if you believe that these companies are shady enough that they are lying to their customers about what these smart speakers are doing, why do you think they aren't lying about what their mobile OSes or apps are doing
You start off with disagreeing that smartphones are more dangerous as home speakers, then every single subsequent point you make is along the line as "this may not be as bad as smartphones but they're still an issue".
Yes the processor is still strong but it's weaker than smartphones. Yes you can still sneak data past home networks but it's harder than 3rd party networks. Yes they can be more overlooked, but they still have access to less data than smartphones.
None of the points you make prove that home speakers are as bad or worse than smartphones. The original comment wasn't arguing that smart speakers are safe, they were just pointing out the hypocrisy over owning a smartphone and being against smart speakers.
The main issue with smart speakers is that they're in your home and they have access to continuous power, so they're always on. Sure, they might not have all of the processing power of your flagship smartphone, and you can check their traffic, but this doesn't mean that they aren't less dangerous. With smartphones, you can tell pretty quickly if someone's been recording audio in the background: just check to see if your battery is depleting quickly. Smart speakers also have better range than smartphones: they're meant to pick up noise from far away.
I don't know about you but my phone hasn't run out of power in months.
> this doesn't mean that they aren't less dangerous
No one is saying that they aren't dangerous, you're missing the point. What I'm saying is if you carry a smartphone around, that's just as risky. Therefore, it's hypocritical to warn against smart homes unless you also don't have a smartphone.
> Smart speakers also have better range than smartphones
But smartphones are literally next to you at all time, they don't need better microphones.
> Therefore, it's hypocritical to warn against smart homes unless you also don't have a smartphone.
It's not hypocrisy to warn of dangers, regardless of being exposed in other ways. Also, your comment here equates 'smart speakers' with 'smart homes', which are not the same thing (yet).
This conversation can only progress when you consider the actual threat models (like security folks talk about). It seem strange to me to rant about the risks of smartphones vs smart home devices, when the data from both of those is potentially ending up with the same small set of companies.
> I don't know about you but my phone hasn't run out of power in months.
I don't understand your argument here. If your smart speaker 100% maxed out its CPU and sensors for a month, would you notice? Probably not. I guarantee you would if your smartphone did, though, unless you keep it constantly plugged in.
> But smartphones are literally next to you at all time, they don't need better microphones.
I'll chalk this one up to individual preference. Personally, my phone is usually not near me at home (e.g. downstairs) since I have access to my computer, which I prefer using instead.
>…if you use a VPN, then you can check for traffic here as well.
This is conditional on the assumption that the device is doing what it tells you it is doing. Like the point in my previous comment, if you believe the device is lying to you about when it is recording, why do you trust that it isn't hiding non-VPNed connections from you? Smart speakers can not physically transfer data themselves and can only forward data over WiFi or Bluetooth.
>HomePod has an Apple A8 processor, and Google Home has some sort of ARM SoC. These aren't low-powered machines; on the contrary, they can run 24/7 since they're always powered.
The A8 is a 4 year old processor and the HomePod is by far the most expensive and powerful of these devices. Maybe I was downplaying their potential processing power too much, but the fact still stands that a modern smartphone is much more powerful than a modern smart speaker.
>I think this makes them more likely to be overlooked, more than anything.
And phones aren't overlooked when they spend almost 24/7 within a few feet of the owner?
I am not saying these devices don't present any potential issues. I am just pointing out that the risk is lower than the one we have already accepted by using smartphones. Stressing over compromised smart speakers is like stressing about whether you locked the door to the third floor balcony while not caring that the front door is unlocked.
> why do you trust that it isn't hiding non-VPNed connections from you
Ahh, so you don't trust the operating system itself, rather than the apps running on it. In this case, you're free to physically turn off cellular data on your phone (e.g. by removing the SIM) and connect it to Wi-Fi.
> The A8 is a 4 year old processor and the HomePod is by far the most expensive and powerful of these devices. Maybe I was downplaying their potential processing power too much, but the fact still stands that a modern smartphone is much more powerful than a modern smart speaker.
Sure, but you don't need a whole lot of processor power. What you need is a reliable power source, which is something that a smart speaker has.
> And phones aren't overlooked when they spend almost 24/7 within a few feet of the owner
While smart speakers don't have to even be within a few feet of the owner to work.
>Ahh, so you don't trust the operating system itself, rather than the apps running on it.
The argument against any of these devices is that they are compromised either by a third party or by the actual device maker. Google and Apple make the OSes installed on almost every mobile device. If you don't trust Google's or Apple's smart speaker why do you trust their OS?
>In this case, you're free to physically turn off cellular data on your phone (e.g. by removing the SIM) and connect it to Wi-Fi.
That isn't a valid solution became it is hindering a device in such a way that it can't perform its most basic duty. Real people don't put a SIM into their phone only when they are expecting a call and take it out as soon as the call is over.
>Sure, but you don't need a whole lot of processor power. What you need is a reliable power source, which is something that a smart speaker has.
What do you think the average smartphone uptime is per day? I am willing to bet it is approaching 24/7. A majority of phones probably are hooked up to chargers a couple hours a day and they all have access to the battery any time they aren't/
>While smart speakers don't have to even be within a few feet of the owner to work.
And neither do phones. The range of smart speaker microphones is likely within an order of magnitude of the range of smartphone speakers but the average distance between a smart speaker and its owner is going to be several orders of magnitude higher than the average distance between a smartphone and its owner.
> That isn't a valid solution became it is hindering a device in such a way that it can't perform its most basic duty.
This isn't intended as a permanent thing: it's just a spot check on the traffic.
> A majority of phones probably are hooked up to chargers a couple hours a day and they all have access to the battery any time they aren't
The issue here is that any sort of processing is very noticeable on smartphones, since it will either cause the battery to deplete very quickly or charging to take a long time. It's basically impossible to get away with performing computation without it showing up in battery statistics.
Smartphone radios use quite a bit of energy. So, they can't be used to record 24/7 without the drain becoming really obvious.
These things send back full audio to be processed by design. So, it's not a question of possible it's up to the provider what they want to do with the recordings the device is directly sending.
The fundamental difference is that a smartphone will record and send the data remotely only when you have applications or malware to that effect. So you still have nominal control.
Smart speakers are sending the audio to the mothership by design, it's the way they work in normal operation.
> these things are less dangerous than smartphones
They're also orthogonal to smartphones.
> why do you think they aren't lying about what their mobile OSes or apps are doing?
Why do you think everybody thinks that? And why frame it that way from the get go, to what the companies themselves are doing today, and/or to what the widgets do in isolation? It's another vector of attack for all sorts of actors, present and future, including the companies themselves.
> All that said, I believe Apple, Amazon, and Google all have worlds more trust in this area than Facebook.
They're not the baseline, the baseline is none of these devices. And for me, those all have worlds less trust than entities I trust, and the difference between them and Facebook is pretty much irrelevant in the big picture.
Thank you, sometimes I feel like I’m nuts for seeing all these people run to install always on mics in their house.
I don’t like the 1 second of buffer the iPhone has for Siri with Hey Siri disabled - but LOL if I’m going to install a single purpose always listening microphone for gimmick reasons.
Agree, Apple had the least incentive to monetize your data. Amazon will use your data to sell stuff, but they probably not going to share that to others. Google and FB are all advertising companies that they relies on reselling your data for targeting, with FB being the more aggressive one for you know, growth.
Neither FB nor Google "resell" your data. They use your data to put you into categories. Advertisers choose which categories to advertise to, and if your data puts you into one of those chosen categories then you're shown the ad.
You will be amazed how flexible they allow advertiser to specify the criteria, and how easy that with a handful filters they can target as niche as tens of people in the same area as a cohort.
I'd suggest you turn of all the personalization ads option they provided so that you can avoid to be precisely targeted
3+ years ago, their Graph API provided much more information than it does today. App developers (CA, in this case) used that open API to get information about the app user's friends, and then stored that data on their own servers (which is and always was against Facebook's Terms of Service).
>>>(which is and always was against Facebook's Terms of Service)
Nobody reads TOS.
Car analogy: leaving you car in a bad neighborhood, unlocked, key in the ignition, door open, with a "do not steal or we will send you a threatening letter demanding our car back" note.
To the GP's point, the fact that Facebook has stated recently that it will reduce the information provided to third party apps shows that there was still a bigger leak than it cared to admit all along.
That doesn't make sense. By your reasoning, Google is reselling your location data by allowing Android apps to access it after getting your permission.
Apple makes it pretty clear that they don't use the data that hits a server to identify you:
> When we do send information to a server, we protect your privacy by using anonymized rotating identifiers so that searches and locations can’t be traced to you personally.
A much more nuanced and detailed explanation of what I was trying to share. Thanks for that. Wordsmithing isn't my strong suit. Your wording is exactly my sentiment, and better stated.
That's the right order though I am not sure about the last two. I once listened to a Microsoft exec give a talk on privacy issues regarding Bing, etc. He admitted that for privacy conscious folks Apple was best followed by MS, followed by Google, then FB. He described how there were intense fights within Microsoft regarding whether they should show targeted ads based on email content on Hotmail and the side that wanted to show targeted ads lost out. A large part of the reason was that even though it was a free service, any hint that MS was contemplating going through emails could mean a backlash from giant corporate customers using MS's email products. For Apple, leveraging data has never been a major aim. They do as much as possible locally unlike Google/Amazon which do as much as possible on the cloud. Again, differing cultures of companies born in different eras.
People who use these seem completely oblivious to the fact that you're wiring your home. The important part is these things are always on, always recording, and often sending data back home. You can't monitor all of that, and your phone doesn't do that. Stop with the disingenuous phone argument.
I'll wager with you that if we randomly stopped individuals on the street with Android phones we'd be able to find a significant portion of individuals who have "Ok Google" enabled. (I'll concede that this piece of functionality can be disabled.) That said, I'll also wager that for those with the "Ok Google" functionality disabled that at least one application on their phone has the microphone permission enabled. I'll even wager that if you own an Android phone you have at least one application with the microphone permission enabled.
Additionally, I can disable the microphone on my home device if I wish with the push of a button. If I'm in public I can't walk around asking every stranger within earshot to "disable their phone's microphone".
Now, explain to me, in the case where "Ok Google" is enabled; how isn't the phone always recording if "Ok Google" works (or "Hey Siri" for that matter)?
Given everything covered, is it still "disingenuous" to say that a cell phone is minimally as risky as putting any of the devices mentioned in a home if not more due to the inability to control the devices of others?
Sure. Let's even leave aside the whole corpus of data you need to make a even remotely useful voice assistant.
But if you think there will be people willing to self host and maintain a whole voice assistant service, you're off your rocker.
It's just like saying "Why doesn't everyone just use Tor and PGP?" Because it's an enormous pain in the ass and really only accessible to technical users.
I think you shouldn’t rush to judge the utility; consider that other people might find uses for a voice assistant that doesn’t require “a vast corpus of data” to function.
But moreover, if you need to call me “off my rocker,” you’re not engaging in good faith.
I can only imagine the SNL fake commercials for this. People are already half-convinced that Facebook is listening through the existing app; every couple of weeks I see friends posting weird coincidences between real-life conversations and Facebook ads.
After hearing people talk about finding very personal things in their archive like audio recordings, I tried downloading mine. I was almost disappointed to find that it essentially just outputted my public facebook profile. Nothing remotely unusual about the data, but i'm sure there's much more that they wont admit to or hand over.
Facebook know what I visit a site with an embedded tracker. This isn't in my data dump, but things like "interest in X" are. Do they really use the tracking to influence those scores, then throw away the data?
If that were the case, then they are not complying with the existing European rules giving "data subjects" (me) the right to see data about them.
They would be allowed to remove all identifying information from the ping, e.g. retain a date, approximate location and so on, but not an identifier than links to my account.
