#12

Great points of discussion and suggestions @blacklight447 & @a553d43c-f7fa-483a-8.

It’s good to hear PTIO is still planning to pursue the project.

I have some ideas on how this could be done fairly easily, and I’ve always been happy to volunteer my time – many hours already. I agree with @a553d43c-f7fa-483a-8 that public display in full transparency is critical to trust and to prove to the public that all decisions are made objectively. Surely, there would be space in a reddit Wiki, for example, if PTIO doesn’t want to house the info on its own server.

Since you are in the middle of creating the important foundation policies @blacklight447 , maybe we should focus on those and plan to revisit this project in a few weeks. Just ping us when you are ready – or one of us could bring up the topic again to find out if you are ready to move forward.

Thanks for all the work you are doing on policies @blacklight447 !

2 Likes
#13

I’m definitely of the mindset of keeping things in-house, so to speak, rather than continuing to rely on third parties.

Probably not on the main website like blacklight was saying, but we could setup another site for this purpose. Maybe we need a PrivacyTools Wiki for documenting everything about the tools we recommend and our organization and stuff :man_shrugging:

5 Likes
#14

As a developer concerned with the direction the AI industry is headed, I actually like this idea. I do feel like simpler software wont be able to answer more complex questions:

Ex. Software that doesn’t have a database ( certain open source projects ), wont be able to answer questions about how that data is being used. => Because there is no database present to misuse.

( I operate in such a way, where I don’t need a database. )

Privacy software can come in two varieities:

– Ones that operate without a database.
– Collects data, but that data is hosted on your computer.
– Software built in smaller components, that stores the data it does collect on your computer, and only collects data for specific limited domains. But otherwise does not collect data, except for the data it needs to self-train on.

( I work on the third use case. )

2 Likes
#15

@LizMcIntyre just to give you an update on this, I’m currently working on building https://wiki.privacytools.io/, which we can use for this information, among other things.

I will have to work out the best way to collect this information in a clear way on the site, but I think we’ll find a solution that works well.

1 Like
#16
#17

Is there anything to say about this yet or should we set another future bump?

I am behind of time for an unknown period once again.

1 Like
#18

Hi. Just following up on the project “Questions to Ask ALL Privacy Services.” BTW - it’s gotten a new acronym courtesy of @a553d43c-f7fa-483a-8 : QtASK

Is Privacytools ready to move forward with this project QtASK @jonah @blacklight @Mikaela?

The PTIO subreddit community recommended questions are located here. The first step would be to review the questions, make recommended additions/changes/deletions.

Thanks!

3 Likes
#19

Note @a553d43c-f7fa-483a-8 made a recommendation that was not merged into this thread. I think it’s a good idea, so I’m posting it below:

I think a good first step would be to host the questions and the answers on the PTio wiki, if you want I can create a page, you or staff member can do it if you all think it’s better that way.

@jonah @Mikaela @blacklight447 Would it be OK for @a553d43c-f7fa-483a-8 to create the page suggested at the PTIO wiki?

1 Like
#20

Question, is there a PDF or Epub version of the questions? I was considering putting out a privacy related service, and thought it be great to go ahead and get some of these knocked out of the park.

( I used to be more hesitant to trust Machine Learning, but I feel like there are ways of making it more privacy respecting. )

1 Like
#21

One question that might be pertinent: if relying on external third party services for transport, are such services open or closed source?

For example, in my case, I use SyncThing as the transport layer for the data-based mind-scanning operation. So none of what is actually transferred actually enters the main internet, outside of devices you’ve specifically chosen to hook up with it.

But if such a service is reliant on say, a public NextCloud the situation might be different. Not really sure how to resolve that issue.

My service is meant as a more private alternative to say…Lifenaut.

1 Like
#22

I don’t see why not.

While I don’t consider myself as the right person to make decisions on this subject, I haven’t had much success getting attention here as seen above and in the wiki room and I am not sure if I asked somewhere else also. In the wiki I have seen read-receipts from both @blacklight447 and @jonah so I think they are aware of this question.

The wiki room can be found from #wiki:privacytools.io in Matrix and #wiki#privacytools.io@matrix.org using the XMPP bridge. There is also a new room #dev:privacytools.io / #dev#privacytools.io@matrix.org for website issues / content development, but I think the consencus is that this should be in the wiki.

3 Likes
#23

Thanks for this information @Mikaela ! There are so many places where PTIO is discussed, it’s hard to follow. Can anyone access these discussions or are they restricted to PTIO Team Members?

#24

The questions are final recommendations at this point and are still open to suggestions/refinements/additions/subtractions. I’d love to see these or some variation of these questions put in use.

PTIO has offered to host QtASK and use the questions to evaluate privacy services objectively, but there’s no reason others couldn’t adopt them, too. The sooner the better! It’s actually unfair (and unwise) that we’ve asked just a few companies these questions. We should want to know about the ownership and data processing of ALL privacy services.

#25

Yes, the only restricted one is #team:privacytools.io if it still exists.

1 Like
#26

As a status update on the wiki, there is a new policy that all official pages related to PrivacyTools begin with PrivacyTools: so I think there is now even less of a issue (if there ever was one) with creating a QtASK page.

1 Like
#27

So if I create the page, should I add “PrivacyTools:” at the beginning or not? Because I am not a part of the staff but I think the project is going to be adopted as official?

I think it looks really ugly without a space after the “:”.
Example: “PrivacyTools:Whistleblower Protection Policy” instead of “PrivacyTools: Whistleblower Protection Policy”.

1 Like
#28

[matrix] @jonah:aragon.sh: PrivacyTools organization-related pages are now gonna start with PrivacyTools:

[matrix] @jonah:aragon.sh: so we can differentiate between say, a page named Email covering email providers, and a page named PrivacyTools:Email which might include information on our @privacytools.io email addresses.

So…

No. Because it is not related to PrivacyTools as an organization. This is more for our internal policies 'n such, such as: https://wiki.privacytools.io/view/PrivacyTools:Whistleblower_Protection_Policy

That’s just how Mediawiki works. Like pages like this on Wikipedia: https://en.wikipedia.org/wiki/Wikipedia:Protection_policy (the Wikipedia prefix denoting it is WP policy and not a WP article).

1 Like
#29

Mmm, I get it now, I think it was used for “official” articles uploaded by someone of the staff or something like that.

I see, Wikipedia has a horrible sense of aesthetics then. (?

Well, I will try to create the wiki page today.

2 Likes
#30

I created the basic structure, I need some feedback, though.

https://wiki.privacytools.io/view/Questions_to_ask_all_privacy_services

3 Likes
#31

Hi @a553d43c-f7fa-483a-8 - Sorry for the late reply! Just seeing this now.

Fantastic! Thanks for doing this! Feel free to use the original wording you posted in the second half of the page.

Here’s some feedback: At least 2 of the organizations you listed as having answered the questions did not answer them completely. For example, Infinity Search and C. Templar did not provide critical ownership information. I’m not sure PTIO should give space to companies that don’t answer in full. At least there needs to be a red flag warning IMHO. (Ownership is perhaps the most important question.)

Dan Arel wrote about this in a post about Brave that points out how critical ownership is to trust:

Brave is basically malware to sell the companies cryptocurrency and ads. Their main investor is Peter Thiel if you need a reason not to trust them. The dude sits on Facebooks board and creates tools for ICE. Also, people forget but when Brave was questioned about their product on Github, they requested to be removed from PTIO because they didn’t want to face scrutiny. …