[Dev] [consensus] Features vs. Privacy in nonprism repo
isacdaavid at isacdaavid.info
Tue Oct 4 04:48:32 GMT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Le lun. 3 oct. 2016 à 18:30, Luke <g4jc at openmailbox.org> a écrit :
> - So this puts the nonprism projects at a crossroads. Do we want to
favour accessibility and "features" over "privacy"?
> From my personal opinion, nonprism should provide security and
privacy by default. Users can choose to opt-out of nonprism if they
wish. This is easily done by A) not using nonprism, or B) using
about:config and/or user.js to override the settings.
> Meanwhile, some users have questioned why nonprism is not on by
default, and I think this is a valid point from a security
standpoint. Users may be using Parabola under the impression they
are experiencing the safest possible defaults, and this is currently
not the case.
> Now that everyone is aware of the issues, please discuss. I do not
feel [nonprism] should become "privacy-lite" and libre become "no
protection at all".
I'm for having those `nonprism` packages respect the spirit
of the repo they belong to, even if that means breaking
websites that could undermine user privacy. That's exactly
what using `nonprism` entails. The moment you start making
concessions the moment better informed users of `nonprism`
will complain that hardening isn't nearly as good as it
could be. Maybe this is a failure of communication from our
part, but I can't think of a simpler and more instructive
solution than that post-install notice. Users won't even
need to know in advance what they are doing as they activate
the repo --- and I say it with some regret ---.
I'm also for keeping default Parabola as Arch-like an
experience as permitted by the social contract. Translation:
I'd rather keep `nonprism` opt-in.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev