,
16 tweets,
2 min read
Read on Twitter
0/ Achieving trust-minimization is a really hard problem at so many layers of the stack
A thread on a near-invisible layer: the UX
A thread on a near-invisible layer: the UX
1/ So I've been using an app, Lil Snitch, for about 3 months now
LS monitors every outbound internet connection that every app on your computer makes. There are two settings - passive, and active.
LS monitors every outbound internet connection that every app on your computer makes. There are two settings - passive, and active.
2/ In passive, you review all outbound connections every so often. In passive, LS doesn't block you from doing anything
In active, every time an app makes an outbound network request to a new IP address, LS blocks it, and asks you to approve/deny
I've been using active
In active, every time an app makes an outbound network request to a new IP address, LS blocks it, and asks you to approve/deny
I've been using active
3/ After 3 months, I'm much more scared than I ever was
There are soooooooo many services built into Mac OS, and I have no idea what any of them do
There are so many "helper" apps to major apps I use, and I have no idea what they do either
Then, there's the weird stuff
There are soooooooo many services built into Mac OS, and I have no idea what any of them do
There are so many "helper" apps to major apps I use, and I have no idea what they do either
Then, there's the weird stuff
4/ I installed Popcorn Time probably 3 years ago. Watched one movie. Haven't used it since
Turns out, PT has been making outbound network requests for years.
Turns out, PT has been making outbound network requests for years.
5/ And I have absolutely no idea what it's been doing. As far as I know, there's not a key logger (presumably I would have been robbed if there was)
So I uninstalled PT (and I use CleanMyMac for a more robust uninstallation process than default MacOS uninstall process...
So I uninstalled PT (and I use CleanMyMac for a more robust uninstallation process than default MacOS uninstall process...
6/ And the damn PT service was still trying to make outbound network connections
7/ Now, let's consider a totally above-the-board app: Spotify
8/ Spotify and its associated helper apps made no fewer than 12 connection requests to 12 different domains and IP addresses. Why? I don't know. What did each of them do? I don't know
9/ Modern apps are built on the assumption that the cost of making new outbound connections is effectively free. This is practically true, and is pragmatic wrt to scaling out micro services on the back end
10/ But man, it really does scare me when I think about trust-minimization and sovereignty
11/ Let's fast forward a few years and assume that web3 is more or less working: you have a private data store on IPFS, and you control the apps that can query your data
12/ It will be pretty hard to guarantee that the app doesn't send your unencrypted data back out to IPFS
Or if the app touches any trusted server anywhere, then it could be sending your data there too
Or if the app touches any trusted server anywhere, then it could be sending your data there too
13/ Application signatures can certainly reduce the threat model - at least you know you're running the right application (although obviously this requires trusting Apple/Microsoft/Google)
14/ But it still doesn't solve *any* of the problem on the back end - what does the server do with the data?
15/ While I'm super excited about the future of Web3, when you really think about the mechanics of making it *actually* trust-minimized, you realize that it's a *really fucking hard* problem
{fin}
{fin}
