Looks cute - internally it sounds like XMPP rosters if we imagine all mail messages/attachments are pulled too.

Some issues at a glance

• no display names is a good thing - but then “name is retrieved from their public profile” does not sound very good
• ascii for local usernames will probably annoy a lot of people, maybe we should just remove the letters and just issue people numbers (i’m not being sarcastic)
• disallowing IP addresses in the remote part by definition sounds unnecessary

I think there are some gaps on the notification side of things - the agent not being able to verify them (and maybe dropping) or conversely accepting notifications that it should not.

What really puts me off here is the unnecessary use of HTTP .e.g discovery moves from DNS to well known file (webfinger?). Not sure what the benefit is, but ok. And the use of a novel authentication scheme makes me nervous.

It was a nice read and I agree with the point that making this pull based helps. But I wish it did not try to invent so much in one go

Hi. Nice write up. Throwing in my two cents.

I would not kill e-mail, only because it is still one of the few distributed messaging protocols out there which is common. I agree with you about the privacy and security issues - and I think about email as a fully public medium (think public mailing lists and so on). Totally unsuitable for second factor and private (1-1) communication though.

Sadly the only way this will change is if more services accept truly decentralized authentication AND they ALSO can implement moderation and spam control that can work with this. So for those of us on the technical side this means contributing for open source projects (e.g. lemmy, etc) with:

1. authentication back ends for TLS client certificates (if gemini can do it why can’t HTTP? browsers used to support this)
2. good moderation tools to prevent abuse that can work with such authentications - this means avoiding storing state on the service for a “sign up”; it can also mean implementing proof of patience/work e.g. a long time ago there was this for HTTP https://datatracker.ietf.org/doc/html/draft-sporny-http-proofs-01

Getting these two things right is hard work. You have implement somewhat annoying things in your interface like 1) your account only becomes active after X time or after approval 2) proof of work or rate limiting of posts, etc. But ultimately this already happens anyway in current systems, it is just opaque (and based on your IP/email/phone).

On another front, communicating privacy compromises about these things is really hard, imagine drawing a big fluxogram with a rule set for someone to follow

1. talking loudly in public -> e-mail/
2. … (insert your chat medium here - with analogy)
3. for really private conversations 1-1 -> SimpleX
4. everything else is rubbish and we have no idea what they do, assume someone is reading over your shoulder

I think there is one thing that we systematically get wrong - we continue to create tools that do both direct messaging (1-1) and large groups which causes people’s expectations of privacy to be wrong (e.g. end to end encrypted means nothing in a group chat w/ 1000 people and public access).

Finally for fun and laughs, try saying no when someone asks for your email/phone - behave like you have neither. Malicious compliance works wonders with this, give them their number as your number.

PS: I am going to steal this quote of yours “imagine paying to have your privacy disrespected” about phones. Hell I’m making t-shirts and stickers.

This was once common, but it’s somewhat rare now in my experience, and the upcoming Matrix 2.0 apparently addresses most (all?) of the remaining causes.

I still see it - usual case is when someone has two clients. One of them will have issues with this.

I consider this a good thing, for the sake of the people who joined or wrote in the chat with the understanding that what they write is and will remain encrypted. If you want to abandon encryption, you can always create a new room.

Disabling encryption in the room did not have to mean decrypt past history. Yes you can create a new room. But for big groups who wants to risk it. The room admins I know steer clear of encrypted group chats because of the previous issue.

No, there is one officially released client for android: Element. Element X is in beta. When it leaves beta, it will take over as the one officially released client.

One would never guess based on the release announcement

This is just plain false.

https://spec.matrix.org/latest/client-server-api/#sending-encrypted-attachments

The docs say it clearly “If encryption is enabled”. Otherwise attachments are just a link, nothing special there.

Yes and No

I consider matrix to be somewhat equivalent to XMPP or public mailing lists. It is potentially decentralized (even though everyone uses matrix.org) and it can host group chats. And for those purposes it is ok-ish, but for privacy it is no good.

My pet peeve with matrix is that I consider most features to be half baked. And instead of fixing them we just keep pilling up more. Here is a list in no particular order

• encryption regularly breaks in weird ways, usually you see a message that you can’t read
• if you enable encryption in a chat room you cannot disable it
• we now have two official clients for Android (Element and Element X) in the first one encryption breaks in weird ways, in the later there is no way to use Spaces properly
• direct messages between people don’t work well - it is like they are a room with the two people
• privacy wise matrix is weak, leaks metadata, attachments are not encrypted, etc. Do not use if you expect privacy/anonymity. Also I think most groups run without encryption because of the other issues.
• verifying sessions between clients is painful e.g. the client annoys me to verify but then verification does not trigger on the second client

Because of this mess your quality of experience will vary depending on the client and features you use. The web clients are usable.

I don’t really use the video/audio calls so I have no comments on that front.

Just pilling on some concrete examples, awesome-gemini is definitely the best place to start looking. There are both converters for the gemtext format and gateways for the protocols.

For format conversion tools, awesome-gemini already lists a handful of tools.

From the gemini side there are some gateways for specific websites operated by various people

• BBC news gemini://freeshell.de/news/bbc.gmi
• The Guardian gemini://guardian.shit.cx/world/
• Lots of others gemini://gemi.dev/cgi-bin/waffle.cgi

These work pretty well for me. I think there were public gateways to open http pages from gemini, but I can’t recall one from the top of my head.

Some of the gemini browsers support gemini proxies to access http(s) content. You can run it in your own machine. Duckling is the only one I’m familiar (but see the awesome list for more)

• https://github.com/LukeEmmet/duckling-proxy

Conversely, to access gemini pages from a web browser portal.mozz.us hosts a gateway (just place whatever gemini link you want in the box).

One big privacy caveat of using gemini proxies for this is that while this may improve your privacy with regards to javascript/cookies it will reduced it because it makes your behaviour more identifiable from the point of view of the websites you visit (i.e. your proxy is clearly not a browser making it unusual).

I don’t quite agree with some of the rationale

1. I do think users have benefited from Open Source, but I also think that there has been an a decline in Open Source software in general
2. I don’t think contracts are a good analogy here (in the sense that every corporate consumer of the software would have to sign one)

Having said this I do understand where he is coming from. And I agree that:

1. a lot of big companies consume this software and don’t give back
2. corporate interests are well entrenched in some Open Source projects, and some bad decisions have been made
3. he does raise an interesting point about the commons clause (but them I’m no laywer)

I would like to remind everyone that the GPL pretty much exists because of (1.). If anything we should have more GPL code. In that regard I don’t think it failed us. But we rarely see enforced (in court). Frankly most of our code is not that special so please GPL it.

Finally I think users do know about Open Source software indirectly. In the same way they find out their “public” infrastructure has been running without permit or inspection the day things start breaking and the original builder/supplier is long gone and left no trace of how it works.

Since these days everything is software (or black box hardware with firmware) this is increasingly important in public policy. And I do wish we would see public contracts asking for hardware/firmware what some already for software.

I wont get into the Redhat/IBM+CentOS/Fedora or AI points because there is a lot more going on there. Not that he is not right. But I’m kind of fed up with it :D

I’m a bit of terminal nerd, so probably not the best person to talk about desktop. I don’t have many thoughts with regards to app development or layout for accessibility. What I really would like is for distros to be accessible from the ground up, even before the desktop is up.

The best example of accessibility from the ground up I saw for linux was talking arch, an Arch Linux spin with speech. Sadly the website is gone, but we can find it in the web archive

• https://web.archive.org/web/20210116060142/https://talkingarch.tk/download.php

in particular there was an audio tutorial to help you install the live cd (you can still ear it in the archive):

• https://web.archive.org/web/20201206010519/https://talkingarch.tk/tutorials.php

Here are a few resources, which are pretty dated but I wish they were the norm in any install:

• your system can boot up talking, using speakup http://www.linux-speakup.org/speakup.html
• even if the desktop is not fully accessible or breaks, your console or the terminal in your desktop can speak using yasr https://yasr.sourceforge.net/

Now going into your points:

How should a blind Desktop be structured?

To be honest I don’t expect much here. As long as context/window switching signals you properly you are probably fine. I have not used gnome with orca in a long time, but this used to be ok. The problems begin with the apps, tabs and app internal structure.

Are there any big dealbreakers like Wayland, TTS engines, specific applications e.g.?

Lots.

Some times your screen reader breaks and its nice to have a magic key that restarts the screen reader, or the entire desktop. Or you just swap into a virtual console running speakup/yasr and do it yourself :D

TTS engines are probably ok. Some times people complain about the voices, but I think it is fine as long as it reliably works, does not hang, responds quickly.

Specific applications are tricky. The default settings on a lot of apps wont work well by default, but that is not surprising.

I do think that a lot of newer apps have two problems

1. they are not configurable or scriptable at all, there is only one way to do things and no way to customize it. Opening tickets to patch each and every feature is not feasible.
2. They frequently go through breaking release cycles that nuke old features, so you need to relearn all your tricks on the next major release and find new hacks

I can give you two good-ish examples, both Vim and Mutt can work very well with a terminal screen reader, but it is a lot of work to configure:

• with vim you need to disable all features that make the cursor jump around and draw stuff (like line numbers and the ruler)
• with mutt every single string in the screen can be customized, so you even insert SSML to control speech and read email

I think you can find similar examples in desktop apps too.

What do you think would be the best base Desktop to build such a setup on?

no idea to be honest. Gnome use to have support. I suppose other desktops that can be remote controlled could be changed to integrate speech (like i3 or sway).

Would you think an immutable, out of the box Distro like “Fedora Silversound”, with everything included, the best tools, presets, easy setup e.g. is a good idea?

I have never used Silversound. But the key thing for me is to be able to roll back forward to a working state.

How privacy-friendly can a usable blind Desktop be?

I think it should be fine. People with screens have things like those Laptop Screen Privacy Filter, people using audio have headphones. Depending on your machine you can setup the mixer so that audio never uses the external speaker.

I don’t recall the details but you can also have some applications send audio to the external speaker while others use your headphones (provided they are a separate sound card, like usb/bluetooth headphones).

Also, how would you like to call it? “A Talking Desktop”?

Urgh, Shouting Linux.

Ultimately you are trusting the relay server to hold your messages If the relay is not trustworthy, it could reveal those messages.

The only exception I know of are encrypted direct messages which are still held by the relay but are encrypted with the recipient’s key. These messages still have a cleartext recipient id (so the server can deliver them).

So, if the relay is well behaved

• messages are confidential between you and the relay
• direct messages are only delivered to the recipient and are encrypted
• most other messages are visible by anyone that can connect to the same relay
• btw the relay can enforce a list of people that can connect (i.e. a private server) or just make it harder via proof of work (to discourage bots)

If the relay server is operated by the forces of evil, then the only thing you can assume is that direct message content is not visible, but they can see the message src/destination/timestamp.

I think the main motivation for nostr is censorship resistence - so if you are being blocked in one relay, you move to another - in terms of privacy/security it does not seem weaker than most other public message forums.

They could serve similar purposes. In terms of maturity nostr is younger. Here are the main differences from the point of view of nostr:

• In nostr there is no registration, your identity is your public key that you generate by yourself (lose that and you cannot recover it). You can connect to a bunch of different nostr relays with the same key, or use different ones.
• AFAIK nostr does NOT do end to end encrypted for group chat. But it does support end to end encryption for direct messages
• nostr does not do video/audio calls
• nostr does not host your images/files, you just put some URL in your messages

At its core nostr is a basic protocol where you send messages to a relay server and the relay passes them along to other people when they request them. And on top of those messages people implement extensions for features, full length posts, payments, etc. The are notions of followers and subscriptions (like twitter) but those are just tiny messages where you ask the relay for messages from person A or B. The list of specifications is here https://github.com/nostr-protocol/nips

Finally there are a few different nostr implementations for relays, clients and web interfaces. Some of them do not implement all the features, so you may need to shop around a bit if your are looking for some fancy features (check https://github.com/vishalxl/Nostr-Clients-Features-List).

Also some nostr highlights which I think don’t have equivalent in matrix (but deserve nerd points)

• message expiration dates - the relay removes them after the deadline
• nostr has builtin proof of work to dissuade spam by forcing the client to do some computation before posting
• you can do reposts across relays or share relay addresses to people in another relay

As any engineer who does ops can tell you - you did the right thing - the solution is always to roll back, never force a roll forward, ever.

We should totally do pre and post update parties though. Even if the update fails we can have an excuse for drinks and a fun thread.

Very timely article and a good reminder for us to 1) release our software under strong copyleft licenses and 2) do not invest our time in software that does not do .1