Checkout passage: https://github.com/FiloSottile/passage which has done part of this by using age instead of pgp. I used it for a while, and last I checked there was sadly no android app (the pass android app hardcoded too much PGP to be a useful base, so I was told), but the work is def there.
Nice! But I can't really use it until it works on Android too (with hardware keys). I'll definitely try it out though.
> the pass android app hardcoded too much PGP to be a useful base
The original one did not. It leveraged the OpenKeyChain external app which basically handles all the PGP stuff. So there was no PGP code in the app. Similar to how it's done on a PC with the gpg suite
But someone rewrote it with an internal library which also removed Yubikey support.
It appears that the public side of X is sent as the first part of the handshake, without any login info yet, and can be verified as part of B, thus a varying X would be easy to detect... I think.
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.
Assuming the cryptography does what they say it does (am not a cryptography expert, so I can't verify that part), this would completely disjoin a search request from any account info. The account generates several "search tokens", and for each search request, one of those tokens is spent. The tokens are generated on-device, and until spent, never leave the device, so in theory there's no way for Kagi to know which account generated the token just from the token alone. This doesn't fix fingerprinting or IP associations (though the plugin for Firefox and Chrome supposedly takes efforts to try and limit fingerprinting too), but this isn't any better/worse than simply using Google or Duckduckgo, and functions on Tor if you really want some privacy.
Again, not sure on how the tokens are proven legit without ever sharing them, but there's probably some ~~zero-knowledge proof~~ stuff going on that covers that.
Edit: Not zero-knowledge proof. Seems to be Blind Signature?
> This doesn't fix fingerprinting or IP associations
It solves the problem of using a paid service without compromising customer’s privacy which is a breakthrough. The rest are different problems and they are universal issues with various existing solutions as you already pointed out.
Part of a library's primary purposes is the preservation of history and culture. In the modern cycle, one of a company's largest competitors is their own history and back catalog. Destruction of historical artifacts is becoming necessary to ensure customers keep coming back, as we have reached a point of diminishing returns at most corporate scales. If a corporation's motive is to destroy history, and a library's goal is to preserve, there is no compromise.
The sought damages is $621 Million. Internet Archive reported having about $7 Million in assets and $30 Million in revenue (for those who accidentally read over that, revenue is before factoring in costs, which for IA budgets around $37 Million annually as well.) (EDIT: in 2022. I've been rewriting this a few times and forgot to re-add that part in the final comment)
If the suit is found in favor of UGM and enforced at full effect (not impossible, but Hachette v. Internet Archive was not either), then IA will be on the hook for the full $621 Million. You can guess how that ends.
But even if they don't enforce at full effect (and given Web Archive has been successfully used to provide evidence against UMG and Sony multiple times now, they have a pretty strong incentive to get it burned down), a sizable portion of the 400,000 recordings are from disks that quite literally broke down after capture. Those disks are the last copies of those recordings. Ever. Should UMG and Sony succeed, it is a very safe assumption, given they already confirmed they don't have those recordings (and based on that, don't want them), that those recordings immediately become lost media.
Probably they're thinking "This person brought us something that is about to be extinct, our job is to keep things from going extinct."
The entirety of IA is the idea that culture and history are to be preserved for future generations. The job of these big companies like UMG is to make as much money as possible, and destroying history eliminates a core competitor, themselves. IA's existence is poking the bear (just look at how often the Web Archive's existence is used by others to show off back actors in companies). Compromise left a long time ago.
>a sizable portion of the 400,000 recordings are from disks that quite literally broke down after capture. Those disks are the last copies of those recordings. Ever.
Somewhere, there was a critical failure of risk assessment and management.
As I mentioned in a sibling comment, the entirety of IA's existence is a "critical failure of risk assessment" now. Their existence forces companies to deal with the one competitor they can't beat, their past selves. The question we begin to ask here is "This is the only place that was able and ready to accept and preserve these otherwise permanently lost works. Do we let copyright ensure the destruction of itself, or is culture and history more important?"
In the course of preservation, the Rule That Shall Not Be Violated(tm) is that anything which would lead to significant and irreversible damage or destruction of the artifact is off limits. Especially if the artifact is irreplacable.
Recording the audio off of those disks should not have happened if it was already understood or reasonably expected that doing so would lead to their destruction. Whoever gave the OK on that exhibited a critical failure of risk assessment and management.
> why don't we see HN crying about the need to show a national ID ... when buying a mobile phone?
Mmm, very possibly because there are at least a few ways to get a phone without using any ID. I picked up a used phone about a year ago, and use Tello. Tello had 0 info on me for years, only an old UPS box that I got the card delivered to. I eventually gave them my first name so Caller ID was correct, but short of that or putting in a correct address if you want 911 support, there's no reason to need any valid info with them. They don't do credit checks, just prepay.
> The solution is secure boot plus attestation
That's the second option they presented "Closing the platform". The issue with all these options is that it consolidates power, and thanks to already partially consolidated power, any option selected will, by necessity, obligate everyone to partake, whether or not they are ok with it.
> The average normie user does not care about anonymity, nor privacy, on the Internet.
It's true that often "normies" don't care (or at least think they don't care, but that's a completely different point I don't feel like trying to make), and it's also true that often "normies" don't want the status quo changed. But often "normies" also ignore when people are kidnapped due to their heritage being revealed. Is it acceptable to actively create a hostile environment for people already disadvantaged? Do we gain something worth their safety? Who gains from this higher level of scrutiny?
If we look at the smaller web, most sites never get enough traffic to be under active threat, and passive threat is easy enough to quell using honeypot forms and questions. Maybe the "normie" internet is the problem. Passive people passively consuming. "Normies" love watching stolen content, and praise thieves for harassing anyone who points out that what their doing is wrong. "Normies" enjoy watching someone livestream themselves flying down a highway at 100 mph over the speed limit.
I think maybe we should acknowledge that what we're defending with things like hCaptcha is not actually worth defending. Maybe the "normal" internet does need to be deprecated over "small" internet? We did pretty good before with things like Wikipedia. The "small" internet from before had a lot of chaff, but good things have grown from it, and a lot of it still exists as a "small" internet. Maybe it's ok that we have a lot of "crap content", so long as the internet can keep changing?
I think maybe it's easier to realize you don't care when working apart from a company structure. I suspect most people don't care nearly as much about the company as the company would like. There's a constant push for "Corporate Family" and what not, which at large scales stops being a two way street and def becomes more indoctrination. Being separated def allows one to start viewing their relationship with work from a third party perspective, and often can show the unhealthy lines.
But of course companies that implement these indoctrination practices really don't want that, and will do whatever it takes to keep that control in place.
> they affect less than a hundredth of a percent of Android devices, and do not matter.
2 reasons I can confidently disagree:
1. Unlike desktop platforms, most android devices cease receiving "official" updates long before the chipset stops receiving updates, thus maintaining them requires an alternative rom. While most people will just buy a new phone, the percent usually on the fence about something like switching from Windows to Linux are gonna be pushed harder into looking into alternatives.
2. Well over 1% of desktop users use Linux. Even if you debate the methods to get the current 4%, there's simply no debate on at least 1%.
The two combine to suggest that, on android, there's a very good change that more than 1% of android users are using some rom, and all roms help each other.
Don't screw up your otherwise valid argument by trying to "put tech nerds in their place" like that. These roms do matter, even if the judge 100% didn't "screw up". Everything else you said is both true and important, and probably matters more than what parent wanted, but it doesn't diminish the value of the roms, just suggests that parent was misguided.
I would contend that even if 1% of users were to notice or care that their phone didn't get the latest security updates anymore, the vast majority of those users wouldn't do anything at all to remedy that issue.
Look, most Android devices are held by people who would be hard-pressed to tell you which model of phone they have, and almost certainly can't find the place to see what version of Android it is running.
Most people will use their tech until it breaks and then get something new and use it until it breaks, which is why automatic updates are pushed so aggressively now.
My personal opinion of roms is that because they do not offer freedom to the masses, it is elitist to focus on them. And insofar as choice in the ecosystem is, roms are actively harmful: They've wasted decades of volunteer developer-hours protecting Android's control of the ecosystem, when those developer-hours could've been invested in real mobile Linux or another option not encumbered by Google's proprietary stench.
