Re: [libreplanet-discuss] Free software is not trusted software

[bill-auger]

On Sun, 27 Jan 2019 20:51:59 +0100 Julian wrote:
> Trustability ranks can be adjusting for not trolling people.
> Deffining/ ranking software" quality" and user safety are different
> things. Quality can be very arbitrary.

that was not to say that the rankings can only be intended for shaming
(and shaming is not the same as "trolling", BTW) - it was only to say
that shaming is the only common goal that it could be used for
successfully; and i dont think that is anyone's goal - as you pointed
out yourself, the common goal of "quality" is arbitrary; but then you
seem to be indicating that "trustworthiness" is not arbitrary -
"trustworthiness" and "safety" are not only arbitrary, but so totally
subjective as to be barely definable - i will say it again for clarity,
the word "trustworthiness" is applicable only to people, but not
inanimate objects such as computers - merely the use of that word in
this context is arbitrary and imprecise on the face of it - likewise, i
dont see how the word "safety" could be used sincerely to describe the
sorts of everyday computing activities that most people engage in

i have no doubt that the intentions here are sincere; but the words you
are using are so vague as to be dubious and nearly inapplicable to the
discussion - if the proposed methods or intentions are just as vague and
inapplicable, this would be a fatally misguided misadventure - so please
let us use appropriate words to describe those plans and intentions

for example, you could "trust" (or mistrust) a person to respect your
"privacy"; but *only* if that person had previously promised to do so -
no such promises are the default condition or obligation; just a common
courtesy, by convention, in some societies - when you interact with a
web server, that is someone else's computer, and that person is free
to do as they wish with the data you give them, as far as copyright and
patent laws permit - the owner of that computer alone, sets the
behavioral norms in the context of that computer's usage and any remote
users of it - they have no obligation to protect "your" data, nor to
keep that data, or your interactions with their service, a secret
(except for certain very specific data mandated by specific laws, such
as banking and medical records) - therefore it is completely
unreasonable to hold the opinion that one should be able, by default,
to "trust" every other computer operator in the world (who is, in
reality, a total stranger, BTW) to do these things of which they are
not obligated, and may not even be the norm of their culture - in some
cases, that computer operator will make some "community promises" in
the form of formal "privacy statements" - only then could words like
"trust" be applicable - that trust would only be applicable to what is
explicitly promised in the formal document (as expressed by that
computer's owner, not the desires of any remote user); and it is
arbitrary and different for every service on the internet - there
simply is no way to define nor hold any party to any universal standard
of "trustworthiness"

the word "safety" implies "danger"; as in: "a hungry lion is chasing
you" - "safety" does not mean: "there is no one spying on you" - the
correct word for that is: "privacy" - nor does it mean: "no one will
use your credit card numbers to buy a lady gaga CD without your
permission" - the correct word for that is: "fraud" - neither of those
bear any resemblance to being eaten by a lion - i think most people
can agree what "safety" means in the context of power tools, weapons,
and wild animals - with those tangible objects, there are objectively
verifiable consequences to their untrained misuse, that most sane
people would readily agree upon without argument; but regarding
computer use, there simply is no objective criteria that would be
important to everyone - whatever "safety" means to you in the context
of computers, it is not likely to mean the same thing to any other
person - again, it should be obvious that the majority of computer
users do not see them as "dangerous" and are not "afraid" of them in
any way - that is not because they are blind or ignorant - it is
because computing is not actually "dangerous" by any realistic
definition - therefore, any standards of "safety" that such a committee
draws is arbitrary, fitting only the personal concerns of its authors,
possibly omitting the concerns of some users, and not generally
applicable to any program, service, or user

it is simply not possible to accurately guage such subjective concerns
with a pre-defined, one-size-fits-all criteria; but if such a ranking
system was to be applied at any scale, it could be only feasible with
some pre-defined, one-size-fits-all criteria, and applied by some
automated mechanism (such as that goofy system i described yesterday) -
there would be hardly enough time to apply those criteria automatically
to a small percentage of projects in existence; the problem is
completely intractable if each project is to be guaged manually by the
distinct, time-consuming, hand-picked, criteria that would be
accurately suitable for that particular program or service

so even if this were feasible, i think the end result would be, the
qualifying of projects by criteria that is too generic to accurately
describe any of them; and if people give any credibility to the
rankings, developers would start spending valuable time fitting their
software and development methodologies to satisfy those generic
criteria, which may not be appropriate to their project - cargo-cult
development, if you will, which is counter-productive toward any goal
other than populous approval