On 2/11/10 3:39 AM, Zooko O'Whielacronx wrote: > Folks: > > It kind of seems like some people in China might be relying on using > the Tahoe-LAFS public demo over unencrypted HTTP and thinking that it > provides security properties like they would get if they ran their own > copy of Tahoe-LAFS locally: > > http://tahoe-lafs.org/pipermail/tahoe-dev/2010-November/005535.html > > Or maybe that's not what they are thinking. There is a large > language/cultural barrier here through which "google translate" > provides merely a glimpse of meaning. As far as I know they have never > read or understood any of my attempts to communicate with them. > > Any suggestions about how to manage this situation? As > shown in the discussion on the tahoe-dev list, we might take down the > public demo entirely or, more likely, try to put some sort of warning > label on it in Chinese.
IMHO, you can't manage it. I wrote about this wrt the Haystack scandal where the unlicensed intellectual worryworts of the net attacked some poor schmuck for mounting a system without being licensed to secure: http://financialcryptography.com/mt/archives/001281.html The dissidents will diss, regardless of what you do. If you scare them away from an open, spyable system like your demo, you don't actually make it safer for them, because they go somewhere else and do bad things. And get themselves in trouble. All you do by stopping them use your product is make it easier on your own conscience; you're not involved. Oh, and you avoid the conscience attack by the vendors of angst and depression, also known as the media :) FWIW. Worse, to figure out what to do professionally, amongst the many different options is going to require a pretty serious risk analysis. And the prognosis for that looks pretty bad, in the sense there are a half-dozen reasons why whatever the risk analysis won't be near enough or complete enough to be worth anything. We don't have enough info to make that work. Which is to say, from where I sit, I don't see our industry having the theory or practice to answer this question. So what to do? It sounds like putting up a warning in Chinese is probably as good as anything. Other than that, your job is clear: you create the software. You're not the support arm of the dissidents. Someone else might do that, or might not. All, IMHO of course :) iang _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
