Gabriel's avatar
Gabriel 1 month ago
If I did, would you try to understand our vision and our protocol, or would you just desperately try to find ways to discredit our efforts to built user-sovereign tech? We believe that users have a CHOICE where their data is hosted, we don't believe that we need to FORCE users into maximum self-sovereign solutions. But giving an option and Credible Exit at all times is key. So yeah, once you find real flaws, I'd appreciate a well-meant issue report or PR, which is not just AI slop, but actual useful work. I'm not gonna waste any time fighting anybody that has the same mission as I have but follows different means to achieve that goal. That said, the fact that all of you are so passionate about this topic is also a good sign, so let's use that energy and focus to building better protocols and tooling

Replies (1)

I was trying to understand the vision of your protocol. It's very tough to do so, which is why I went to AI. You guys do the same for articles, copy etc. So I don't get the reason for throwing insults. The code is code, open source and public. If these are not concerns, then they should be easily addressable. Every finding links to file paths with line numbers. The concern is gaps in how the product is pitched and how it actually appears to work today. If self-sovereign is an option, just say that. Explain the defaults, the reasoning, and the way to opt out. Yes AI found these, but neither of you seem able to address them humbly or professionally: - Session secrets in unencrypted MMKV storage? Why? that's a security decision that affects every pubky-ring user regardless of how they sign up, and it clearly contradicts the article pitching it. - Cloudflare binary downloaded at runtime with no checksum? Why? That's a supply chain risk for every Umbrel self-hoster. - Neo4j shipping with hardcoded password? Why? The comment in the code shows the team knew the default. The comment also warns that changing it post-deploy is non-trivial. Self-hosters who don't know to change it have their entire social graph exposed. Is this also wrong? - GCS backend with no auditable configuration surface? Wrong again? Is there a configuration surface? Should be easy to just say so and show it. Synonym's production bucket configuration is not public, which helps explain the need for the ToS in the first place. - you said users have a choice where their data is hosted. True for the homeserver. But is there a credible alternative to Synonym's Nexus for discoverability? Without it, content exists but nobody can find it. Self-hosting a homeserver without an accessible Nexus isn't a real credible exit for most users. These aren't philosophical objections to the vision of 'your' protocol. They're specific, sourced findings that the "users have a choice" framing doesn't address or hold up against. I'd be happy to turn any of them into proper GitHub issues if that's more useful than a Nostr thread.