• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: August 15th, 2023

help-circle

  • I think self-hosting a simple, static web site on a Raspberry Pi would be a good project.

    • There’s something satisfying and motivating about creating a website from scratch and publishing it for everyone to see.
    • It’s a good starting point for interested students to dive in even further, by updating the website, self hosting other things, or learning to program.
    • Learning to host a website touches on many fundamental technology areas:
      • Basic linux commands, which introduces concepts like directories, executable files, and the root user that are applicable to all OSes.
      • Basic networking, answering questions like: How does the internet work? What really is “the cloud”?
      • Basic security, covering things like defense in depth and social engineering. I think for this one I would ask the question, “What would we need to do if this website accepted personal info?” as a way of talking about the enormous technical and legal complexity of securing data.

    Overall, I think a practical, interesting project is a great way to make lessons concrete and engaging, and this particular project would an excellent springboard into a variety of topics that are fundamental to the invisible technology that underpins everything we do day to day.



  • It sounds like your main concern is that once your inbox is decrypted by your local device it could be used by Proton to train Scribe or for some other (perhaps nefarious) purpose.

    For the first point, I think the technical challenge of creating a distributed machine learning algorithm, which runs locally on each user’s device and then somehow aggregates the results, is much more difficult than downloading and using an existing model like Scribe does currently, but I agree that it is theoretically possible. If Proton ever overcomes that challenge and offers that feature, I hope they handle it as I suggested above for Scribe: an option to disable it the first time you use it. As long as I could disable it, I would consider the risk minimal. As it stands today, I consider the risk negligible.

    For the second point, it’s true Proton could program their app (or their website) to send your decrypted inbox elsewhere. (That’s true of every email provider, unless sender and receiver have exchanged PGP keys, since email is a plaintext protocol.) I trust that they don’t, based on my assessment of the available info, including discussions like this. I certainly consider them much more trustworthy than Facebook/Meta.

    As a general point, I think a lot of security/privacy for services like Proton comes down to trust. It’s important to keep Proton honest and to keep ourselves informed. I’m glad we have communities like this to help us do that.