I'm not sure the value of end to end encryption for proprietary application chats. For emails and SMS messages, your messages are being sent between different multiple servers on the open internet and it opens you up to spying, but end to end encryption on instagram is only protecting your chats from Meta.

I find the end to end encryption on Facebook to be detrimental to ease of use, because you always have to use a pin code, etc for the web interface.

If you don't trust meta with your chats, you probably shouldn't be using their application to begin with.

I'm not sure I disagree, but I would summarise it slightly differently.

If you don't want Mark Zuckerberg to upload your private messages into his own chat AI, then stop using Instagram immediately.

Actually, by doing e2e encryption, Meta can say to the authorities that Meta doesn't see any message and cannot be blamed for anything. We cannot snoop user's conversation, and that's generally a good thing.

The authority holds Meta responsible anyway; they don't care about the implementation detail. They want to catch a pedo, and Meta is unable to produce evidence that helps them. Everyone else will yell at Meta for helping pedos.

You can substitute "pedo" with any other heinous crime e.g. terrorism.

And this is how we arrive at the current situation.

> The authority holds Meta responsible anyway

What form of accountability are you suggesting is even being leveraged, here? No law could force Meta to backdoor its encryption, afaik. Public pressure would be unlikely to work.

Is Meta afraid of anything real, or is this just blame shifting via ungrounded speculation?

> Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?

I think that Meta can afford as much PR as they would need to out-message this sort of BS, again if they were inclined to protect user privacy in the first place. Look at Apple.

> but end to end encryption on instagram is only protecting your chats from Meta.

No. It protects your chats from Meta and all governments of the countries where Meta operates.

In fact, I expect Instagram to be more reachable globally now because these relaxed communication standards would be welcomed by oppressive governments as they can now retrieve messages as they please for whatever purpose they deem.

the entire point of encryption is that you don't trust the channel you communicate through, that's what it was invented for, communication across adversarial channels. Distrust is the only condition under which you need encryption.

In addition from a practical POV it's if anything the reverse is the case. Email encryption is larp security because plain text is the default, leaks metadata and its interfaces make it trivial for people to leak entire conversations. If there's one technology where you should just assume your messages are public, it's email before someone copy pastes or wrongly forwards your encrypted communication to fifty other people.

Private message encryption makes sense because it's now a default, information exchanged is usually personal, and the problem isn't just Meta but law enforcement extorting your data out of their hands, which encryption in the real world has prevented a few times now already.

It's a governance.

The executives don't want anyone else to be able to use the messages in a malicious way, so they decide to cut it at the sources of the messages i.e. e2e encryption.

This is like: corporate emails being deleted after 6 months. When an authority asks for emails from the last year, they can say they don't have it.

Now the authority can ask for the emails not to be deleted at all but then that will be a different battle the authority has to fight.

Corporate emails often don't involve pedos/terrorism, so there's much less push to retain corporate emails forever.

Is it possible to block the agents from deleting domains? I’m comfortable with the risks of everything else, but I don’t want to give ai unfettered access to my cloudflare accounts because I don’t want to give it the ability to remove or delete domains.

The main question is what is the best alternative??

We use self-hosted GitLab. No major complaints, even on the free version.

As place to store code? Just put it on github, it's fine, public facing code can all go there (as a mirror).

As place to run test? Build your own infrastructure. It's easier than ever. Why rely on blackboxes to do that?

> As place to run test? Build your own infrastructure. It's easier than ever. Why rely on blackboxes to do that?

I'm not saying this is horrible advice, but I think it conveniently ignores some major reasons people prefer cloud infrastructure in the first place.

Building your own infrastructure is the (relatively) easy part. Maintaining it, ensuring everything is patched, passing compliance audits, dealing with your own outages (I find it a bit ironic when everyone complains about cloud downtime, as if self hosted infrastructure has 99.999% uptime) is the expensive part. I'm not saying it's that hard to do, but once you get to a certain size it requires dedicated staff to manage, which is expensive.

In fact, if GitHub Actions were more reliable, I would hardly see any reason at all to host your own test infrastructure for most companies. The only reason hosting your own is more attractive is because GH Actions has such poor uptime.

"Best" depends on your use-case, like always.

I mostly work on my own projects, and keep many things private. I switched to a privately hosted gitea. I'm fairly happy with it.

Yeah I only use it for hobby or side project stuff, but if I get why they're mad if they expect to rely on it for professional work.

Forgejo. Significantly faster than gitlab

GitHub Enterprise if you’re a business

Definitely self-hosted gitlab

It's odd. I've been having the same feeling as well. Earlier this week, they sent that email about copilot, which I don't use but pay $10 a month for and I canceled my subscription.

It’s really amazing how spreadsheet started in the terminal and have come full circle back to the terminal.

This is fantastic thanks for your work

I'm only using SOC II compliant vendors from now on.

Why wouldn’t Apple hire highly skilled highly qualified people?

A similar thread regarding hiring Russians and/or Russian ex-pats after the recent escalation of the 2014 war of Ukraine wouldn't have been allowed here, nor your comment downvoted and the others upvoted. On recent Iran related threads a crazy amount of straight pro-Iranian and anti-American propaganda was allowed on an actively moderated discussion board of a financial group tightly tied to American tech. YCombinator has few specific carved out political propaganda narratives it puts it's thumb on discussions for, those that are anti-Israel and unbelievable to me post Iran war pro-Iran anti-American ones.

Be sure to let your Congressmen/Senator know the political position YCombinator choses to give weight to on it's moderated official discussion platform. Point your Senator/Congressmen to Iran threads here especially. It's probably good for the government to understand the limited, moderated 'thought' YCombinator choses for the average tech person who comes to this forum looking to learn what it takes to be in YCombinator's good favor.

Hmm, where exactly are these threads with pro Iranian and anti American posts? Gonna need some examples to send my congressman after all.

I'm not going to highlight the ones I pointed out to my representatives as I don't want them specifically removed at this point but the Iran Lego propaganda one was pretty full of examples when I was screenshotting it. You can also google

site:news.ycombinator.com russian bot versus site:news.ycombinator.com hasbara

you won't get much returns on russian bot even those it was often used in the rare Ukraine/Russian threads (or more often sub threads) because it has been moderated/pushed to stop being used by the community. Hasbara usage as a pejorative response is pretty casual and accepted usage here however, and a single comment just responding 'hasbara' to what someone said has often been left up for the period I monitored to see if it would be moderated (basically the useful life of the threads discussion when leaving it up would be of impact). The difference shows the YCombinator thumb on the discourse on their moderated message boards. Hasbara is also worse in the it is using language (specifically hebrew) to otherize a group, to highlight their 'hasbara' as worse/something more nefarious than when other groups do it, using a foreign word that would be better conveyed/understood with an english word (showing the intent isn't to communicate a thought in the best way but is to 'other' a linguistic group that also happens to be a racial group), giving usage a racial/ethnic manipulation/hate dynamic. Unlike Russian bot I have never seen hasbara usage called out or pushed against by the moderation here though it is mostly used in an way interchangeable with how russian bot was which was called out by mods.

I think the government is going to have to get involved for FSD from any manufacturer to actually take place.

I think this is worth typing a random website into or your website to see it’s analysis.

I’m not really interested in my website being ai ready, but it’s particularly fascinating to me that they are suggesting and interface for ai agents to make payments to secure access to an api.

Generally, when I want to pay for an api, it would be really wonderful to be able to just direct an ai to setup the account and get me some credentials.