Not sure what malicious use would be. I haven't ever seen the type of drama where someone says something, deletes it, and then denies ever saying it and gets into arguments with people about it.

Ultimately, advantages are subjective for different people. You value posts existing forever but many people prefer the opposite. Signal is popular partially because of the disappearing messages feature. I think especially on the right, people will increasingly value privacy over convenience. I think we are probably heading into a very totalitarian, technocratic future where it will be more and more dangerous to have right wing views.

Personally, if I see a very interesting post online, I sometimes just save it in a document on my computer. If scuttlebutt implements the delete message feature, it would be nice for them to also have a save message feature that saves the message but not the username. Or allow users to just remove their identity from messages that they don't want associated with themselves any more. Similar to how reddit shows [deleted] for the username after someone deletes an account.

Patchwork and apps like it could agree to not show deleted messages in their user interface. That way, if someone was making backups, it would be harder to read deleted messages. It would still be possible, but the person doing it would need to know how to decrypt them. Don't know if that would be a desired feature by the community or not, but it would be a way to get the delete feature as complete as possible.

I can see why people would want that feature, but it wouldn't change that somebody would have the ability to memory hole something, which isn't desirable, since it can be used maliciously and thus has the ability to harm trust.

If I can't trust for everything to remain there forever, there's no big advantage over centralized solutions.

Luckily, by design, all the content I see ends up saved on my computer, so with a differential backup, it should be trivial to go back in time and read memory holed posts.

GDPR only applies to personal data. Whatever you posted is still fair game. Especially if it was under a pseudonym in the first place. It's different from the "right to be forgotten".

Also, on a technological level this process isn't automated. Someone has to go in there, make sure it's your data and delete it manually from the database. It could be automated in the future, but it wasn't in the past and without building everything from scratch again, it also won't be in the future.

Also, I'm an IT guy from Europe that is very fortunate that no one ever asked for shit to be deleted. But on the bright side, even if somebody did, there's still no way for them to verify that we actually deleted everything. So reasonably, all we have to do is to no longer expose their information and nobody would be any the wiser.

I think the main advantage of decentralized over centralized is that other people can't memory hole your posts. If you can memory hole your own posts, that is an advantage. If you ever get in trouble with the law, it's helpful to have no online history that they know about. Ideally, they will not know your username, but the right is too online now compared to the left. The right really should be using the internet to facilitate offline organizing more often, and that introduces the possibility of law enforcement knowing your online identity. But for example, if you are defending yourself from Antifa and get charged with assault, you may be happy if you deleted all your posts before meeting up with people so nothing you said can be twisted and used against you (though they might say it's suspicious that you deleted all your posts. It's nice that in Matrix, changing your password encrypts all your old posts by default, which looks less suspicious). The NSA or FBI could certainly still have the posts you deleted and know that you made them but local law enforcement is not so sophisticated.

I think you could have scuttlebutt or something like it, which stores all messages for you to read offline, but also have a feature where if you say that you want all of your posts deleted, then your computer could send that message out to all of your peers. They would forward that message to any of their peers who can also read your messages. (See the "Follow Graph" here https://ssbc.github.io/scuttlebutt-protocol-guide/#follow-graph ) The peers that are already online would respond immediately and delete your posts from their local store. Some of your peers and peers of peers with access to your posts could be offline so they would still retain your posts temporarily, but when they connect to the internet again, those peers would see that you want your posts deleted, either by checking with you or their peer who is connected to you, and they would immediately delete them as well.

In the scuttlebutt documentation I saw that in the future they do want to allow people to delete posts and it is just a feature they haven't implemented yet. They also want to hide IP addresses by default.

We want Scuttlebutt to be a safe cozy place but there are still some things we need to fix: Blocked people can see your public messages.
Content from blocked people is still on your computer. (This is almost fixed!)
Patchwork has some bugs that let you see blocked people in certain situations when they should be hidden
Scuttlebutt doesn’t provide IP address anonymity by itself, but you can use it with a VPN or Tor.
Messages can’t be deleted yet.

https://scuttlebutt.nz/docs/introduction/detailed-start/#stay-happy-and-safe

You wouldn't have to do anything complicated like that. Just create regular differential backups of everything, then you can go back in time and see the posts again. One of the points of decentralized networks is that you can still read everything, even without Internet. So if you design it in a way that requires an internet connection to read posts, it's no longer decentralized.

Another point is, that the reason people want to use decentralized solutions is so that nobody has the ability to memory hole anything. Not even typos. If that's not the case, then what's the advantage over centralized stuff?

Matrix is federated, not p2p, but when using it I noticed that if I changed my password, the encryption key for my posts would change as well which would make all of my past posts unreadable to everyone including myself, but my new posts would be readable. Of course if my past password was weak, it would still be easy for someone to decrypt my past posts.

It was possible to delete and edit posts as well. And if you disabled an account, you were met with a warning saying that people would not be able to read your past posts, which may disrupt the flow of conversations. Also, creators of a room could set it up so that any new user had no ability to view the old posts in the room. You could change your display name at any time, but your unique id is the name you chose when signing up. Your unique id is visible to anyone who right clicks on your display name.

When it comes to p2p tech, so far everyone is saying what you are suggesting is impossible, but I am at least interested to know whether it would make sense to code something similar to this, or if something similar already exists:

All posts are encrypted. nodes you connect to store your posts, but in encrypted form, and they store the encryption key for your posts. They store a generated unique id, not your display name. So if someone wants to save your posts to use against you, they have to have some basic technical capability. They need to know your account's unique id, not display name, and use the stored key to decrypt the posts associated with that id. (Most would just screenshot it in this case, which can be more easily faked so there is more plausible deniability for you)

You can change your encryption key at any time. If you change the encryption key for your posts, then the key will be changed for all nodes connected to you, making your past posts unreadable to yourself and connected nodes

if any node disconnects from you or you disconnect from it, your files automatically get deleted from their store and their files get automatically deleted from your store.

If someone really wanted to hold on to someone's posts to use against them later, they could of course make a copy of the store before they disconnect from the other node, but they would need some basic tech knowledge to decrypt what is in it. Unlike making an archive link of some centralized page which requires almost no tech knowledge. If the p2p network gets popular enough, someone might make a service to simplify this process for people (similar to archive.org). But privacy would at least be comparable to centralized services.

But I know jack shit about coding p2p protocols and applications.

Decentralization by means of replication eliminates the power to control that data entirely, in exchange for dissemination. The way to distance yourself from your posts is the same as on an image board: create a new pseudonymous persona, or maintain no persona at all.

In federated systems, nodes rely less on local stores, so deleting data from a node may work better. It helps make Mastodon/Pleroma confusing and fragmented because instances capriciously block other nodes and users without any signal that's happening. The result is users subscribe to multiple nodes lest their conversions be mangled by getting muted by third parties.

Federated systems could be more friendly and work with users' idea of privacy, but that requires them not to abuse the powers which they abuse now. There's no future for it in wide-spread society, and any smaller group you trust to not abuse it, you can also trust to not abuse your posts.

The entire point of decentralization is to make exactly this impossible. The promise is that no one even has the ability to memory hole anything.

The right to be forgotten isn't granted in the centralized world, either. On a technical level, all that happens is that what you posted gets hidden. Easily retrievable ten years down the line, if someone with access wanted to. The reasons for that are legal in nature, as far as I know. So if it's a small site without a bunch of lawyers in the background, you might have a chance to get your stuff actually deleted. Especially if the one who operates it likes the concept of privacy. But as a user, you have no way to verify either way.

Since decentralization redistributes power from a single source to everyone, in a decentralized network everyone has that ability. Of course, everyone would first have to agree on hiding the content in the first place.

I don't really get why people want this "right" anyway. It doesn't exist in real life. All your records are kept and all the people involved will remember. Imagine if Donald Trump would say "guys, I really want to be forgotten online, please delete everything mentioning my name". That would be ridiculous, wouldn't it?

That's kind of what I've gathered but hopefully I get hit with some knowledge. My understanding is only very basic of it. And I still hop on Zeronet / Aether and lurk. I know other, similar networks exist too.

I'm not shitting on those types of networks, they certainly have value that centralized networks do not. Not sure if there is a good 'in-between' where a user/individual still retains the ability to control the data they've published after clicking "submit".

Only if the users and nodes cooperate. So, no.

I was just asking if there was a nonblog page. Anyways, I added it.

TL;DR: in regards to privacy, Starlink is... not so great.

Well, let's see what Starlink's situation is, in regards to privacy:

• Tor support - I didn't actually order Starlink, but it looks like it doesn't block Tor when I just visit the site.
• Monero acceptance - I guess it doesn't support cryptocurrency, as per Starlink Pre-Order Agreement (clear net only), paragraph two, point three.
• No personal data required for registration - I don't know where to register (I guess I would need to purchase Starlink to see), but if one of the recovery methods (clear net only) is by phone, that's already suspicious.
• Compatibility with established standards - this could apply because of built-in VPN support (OpenVPN or possibly WireGuard) and encryption of e-mails you get (PGP). In case of e-mail encryption, there's no mention of it, and in case of VPN, there's also no mention of it, and might possibly be disallowed by SpaceX.
• No Cloudflare - it looks like there's no Clownflare or some other MITM.
• As little downtime as possible - not a privacy issue, but the service actually has to be usable. Since SpaceX is so massive, I doubt downtimes are much of a problem.

So I guess just by looking at those six points, it's kind of average. But of course, this alone only tells the minimum, so let's see the privacy policy (clear net only):

• IP addresses - paragraph one, points six to seven, mention them, but they don't mention for how long the information is stored, only as to why they store them in paragraph two, point three, analytics being the reason.
• Content data - paragraph two, point one, letter five, might suggest they could watch things like messages, e-mails, search queries, to detect "fraud".
• System info - paragraph one, point six, mentions that operating system and platform, browser type and version, time zone setting and location, are collected.
• Metadata - I think that the data collected as per paragraph one, point seven, might apply to metadata.
• Interaction data - paragraph one, point six, also mentions that the interaction with their services is collected.
• Third party sharing - paragraph three, mentions that your data will be shared to their "affiliates", government, and organizations involved in business transfers.

Well, that already worsens the situation with Starlink. What about the history of SpaceX? Are they hiding skeletons in their closet? I have no idea, I would have to dig really deeply to find out. And I don't want to do that/

I don't know what do you not understand, it's just that having a PGP key added to your account not only makes the notifications encrypted, but they can also remove 2FA if you send a message about that signed with your PGP key. That's all.

The repository is not about these kinds of services. It's about websites that send you email notifications or do email support using encryption/signing. For example, if ramble has a public key, they can sign every email they send you (notifications, password resets, etc.) so you can verify you are not getting phished and the email comes from them. Or if you have sensitive info to send them, you can encrypt it before sending it, regardless if you use fastmail, posteo, tutanota, protonmail, gmail or any other email service.

This also doesn't have to be limited to email communications/notifications. If a website decides to only support notifications through XMPP or any other method, it can still apply, it's just that email is the most widely adopted.

Is there a better link explaining it than this blog post? Thanks for the suggestion.

As for GitHub, I know it's owned by Microsoft but I needed git where most people have an account so they can easily contribute. Apart from being owned by Microsoft, they are not behind Cloudflare, they don't use reCaptcha and you can view the README without JavaScript.

Added it, thanks.

I assume this is yours, if so, you can add sr.ht, a collection of software development tools, to this (Only them to you/PGP). Also, I would recommend avoiding GitHub because it's owned by Microsoft, so you can use something else, like Codeberg (clear net only), or, well, sr.ht (clear net only).

FASTMAIL not in that list?

FASTMAIL lets the account admin ENFORCE encryption on both SMTP directions , or else emil will not transmit in either direction.

It protects company intellectual property that way.

But... any singatures on payloads needs to be done on other ends.

fastmail costs a lot but its the best

CoinPayments.net does for merchant accounts.

Awesome, thanks for giving a shit.

I see. It mean, Invidious is for to watch many Youtube contents.

It's just a simple, lightweight and more privacy focused way to access pre-existing YouTube videos.

Unfortunately YouTube is still where the wealth of content exist. I still look at alternatives such as BitChute, Odysee, Tv.gab.com, etc however none of them have the 'normal, every day content' that I'm seeking. It's like 80% political / news, with the rest gaming or tech / crypto talk that I don't care about. Hard to find good content on them for things like music, weird hobby stuff, or just general DIY projects. I recently had to do a bit of work on my car. I found only one video on YouTube to show me what all I needed to do to complete the task at hand. Only one, and it wasn't even for the model I had but a similar one that was 'close enough'. The other sites just don't have that content unfortunately.

Don't get me wrong, I'd love to ditch YouTube and not look back. But unlike Google search, for Youtube, there is just no great alternative. There are some good ones, but they're not great, and they're only good for a very particular type of content right now. At least with virtually all other Google products they're easily replaceable. OpenStreetMaps, any other email provider, DuckDuckgo or other search engines, I dont' need cloud storage so Drive doesn't matter to me, etc. But YouTube... Just can't be replaced yet.

Example: Let's find videos on how to frame a wall when building a house.

Bitchute: Nothing

• https://www.bitchute.com/search/?query=how%20to%20frame%20a%20walll&kind=video

Odysee (Lbry): Nothing

• https://odysee.com/$/search?q=how%20to%20frame%20a%20wall

Gab TV: Blocks VPNs, so fuck them.

YouTube/Invidiouos instances: TON OF RESULTS

• https://tube.incog.host/search?q=how+to+frame+a+wall

Case in point: The alternatives just don't have the content to be considered real alternatives. Yeah, they may not ban you from the platform like YouTube will for certain things, but "normal content" that isn't political, news, gaming, crypto, commentary, etc just doesn't exist on them.

Invidious is not good. Many sites that video sharing including Youtube are very bad.

The intent of this feature is to drive greater engagement toxicity amongst our users

the web cannot be private as long as google is at the helm.