Hmm... I just realized that if you apply the process of toxicity that nopara describes in #1523710 in a generic way to the spark discussions going on, then there are parallels and this is probably once more a situation where implementation criticism goes toxic, divides people, and then in the end, the user within the divide that actually believes any of these toxic narratives will get victimized, again.
Both the Bitcoiner that falls for this narrative and the one that stay away from but becomes emboldened in their use of other conveniencetech (that has a 99% chance of being at least as bad) risk getting rekt over narrative instead of facts. This has been a problem for very long and the fix ("don't trust, verify") is applicable poorly to users of conveniencetech. People do not really want to be secure, because that takes real effort; they just wanna believe that they are secure and brag to their buddies. Some magic solution that solves everything and you have true freedom now. I hope anyone with half a brain realizes how fucking retarded that is.
After all, if you fall for the narrative that:
we use a monorepo for our all our server code
because of that it is not open source
, which is not even an excuse, and think that this makes it somehow okay, then you are a fucking retard. Especially because there's virtue signaling in that same paragraph about how they contribute to LDK and LND - as if that fucking matters. You can run whatever on a non-attested service endpoint.
As a user, you are depending on a closed source component, hosted as a service. This is the only fact that defines your entire risk assessment: it's a blackbox. For most of us that truly need security, the buck stops there, but let's amuse the thought that there is no other way, just this.
The next step is to figure out which data goes to that service. Everything that goes in there is exposed.
Now, if all your transactions go into the blackbox then all your transactions are exposed. If some key or address material goes in there, that is exposed. Public keys and addresses are sensitive information, from a privacy perspective! Now let's assume that you're not using anything to mask the origin of the connections to that service: then that is exposed too, and linkable to whatever data you submit.
How is it linkable? Example legal path:
Court order: Hey Spark give us all data you have on address <xyz> (response contains IP addresses, timestamped)
No need court order: SELECT ad_id, app, lat, lon FROM purchased_data_from_broker WHERE ip IN (x,y) AND timestamp BETWEEN y AND b;
Optional court order 2: Hey <app> give us all data you have on the account associated with <ad_id>.
You can replace the court orders with data leaks and the popo with your favorite kidnapping organized crime group to construct the less legal path.
Bottom line. If you need privacy, you cannot use ANY service without risk, and even if you roll your own for everything, it probably carries more risk (also because there is a 99.9999% chance that you will trust GPT or Claude and the bot will fuck you up, bigtime[1])
There is always risk. You can minimize and manage the impact of that risk, which takes effort; the opposite of convenience. However, a service that denies being a risk is a massive liability. Don't fall for their lies.
Hmm... I just realized that if you apply the process of toxicity that nopara describes in #1523710 in a generic way to the spark discussions going on, then there are parallels and this is probably once more a situation where implementation criticism goes toxic, divides people, and then in the end, the user within the divide that actually believes any of these toxic narratives will get victimized, again.
Both the Bitcoiner that falls for this narrative and the one that stay away from but becomes emboldened in their use of other conveniencetech (that has a 99% chance of being at least as bad) risk getting rekt over narrative instead of facts. This has been a problem for very long and the fix ("don't trust, verify") is applicable poorly to users of conveniencetech. People do not really want to be secure, because that takes real effort; they just wanna believe that they are secure and brag to their buddies. Some magic solution that solves everything and you have true freedom now. I hope anyone with half a brain realizes how fucking retarded that is.
After all, if you fall for the narrative that:
, which is not even an excuse, and think that this makes it somehow okay, then you are a fucking retard. Especially because there's virtue signaling in that same paragraph about how they contribute to LDK and LND - as if that fucking matters. You can run whatever on a non-attested service endpoint.
As a user, you are depending on a closed source component, hosted as a service. This is the only fact that defines your entire risk assessment: it's a blackbox. For most of us that truly need security, the buck stops there, but let's amuse the thought that there is no other way, just this.
The next step is to figure out which
datagoes to that service. Everything that goes in there is exposed.Now, if all your transactions go into the blackbox then all your transactions are exposed. If some key or address material goes in there, that is exposed. Public keys and addresses are sensitive information, from a privacy perspective! Now let's assume that you're not using anything to mask the origin of the connections to that service: then that is exposed too, and linkable to whatever data you submit.
How is it linkable? Example legal path:
<xyz>(response contains IP addresses, timestamped)SELECT ad_id, app, lat, lon FROM purchased_data_from_broker WHERE ip IN (x,y) AND timestamp BETWEEN y AND b;<app>give us all data you have on the account associated with<ad_id>.You can replace the court orders with data leaks and the popo with your favorite kidnapping organized crime group to construct the less legal path.
Bottom line. If you need privacy, you cannot use ANY service without risk, and even if you roll your own for everything, it probably carries more risk (also because there is a 99.9999% chance that you will trust GPT or Claude and the bot will fuck you up, bigtime[1])
There is always risk. You can minimize and manage the impact of that risk, which takes effort; the opposite of convenience. However, a service that denies being a risk is a massive liability. Don't fall for their lies.
↩