search

Satellite-im / Core-PWA

Satellite Core is a decentralized p2p voice, video, and text chat application and is under heavy development. Check back soon for updates, or check out the latest version at https://core-dev.satellite.im
https://core-dev.satellite.im
Other
40 stars 16 forks source link

Fix your marketing #5474

Closed du82 closed 1 year ago

du82 commented 1 year ago

You make claims of "trackers not included" yet include Microsoft's tools for scanning files. Fix your marketing, or remove the scanning completely. Before you make the claim that "oh it's necessary to keep society safe", if it was so necessary, apps like Signal would be using it too, but they aren't. Manipulative marketing and big tech tracking is bad for everyone, even if it's opt-out.

Screenshot from 2022-11-07 18-56-37

InfamousVague commented 1 year ago

We do need to fix our marketing to be more clear - thank you for the advice there.

This opt-in scanning is not included in the client application. If you want to use Satellite for e2e encrypted text communications there are no Microsoft libraries outside of Typescript, and no trackers - meaning we don't use libraries or tools that surveil you or find ways to monetize or track your data/usage/etc.

The way we have it set up right now, if you send a file on satellite, we pin your file to our own IPFS so it will persist for you and the person you shared it with. To comply with some regulations, we need to ensure WE aren't storing CSAM, so to accomplish this, we ask the user to opt in to the hash of the file being compared against microsoft's CSAM database. This basically means, in satellite, the file is encrypted for you, the person you send to, and the IPFS node that will pin it. The IPFS node is set up to get the hash and compare it, if it says it's OK, it removes it's ID from being able to decrypted the pinned file, and it gets pinned. If you do not consent, the IPFS node cannot read and pin your image/video, but you can still do text based messaging.

The way we are currently doing things is very different from signal. Signal doesn't persist user data - all your data is on your own device, Signal isn't storing your files so if you sign in on another device you can't restore an account. A different design decision and something we are talking about doing ourselves.

Again - thank you for pointing out we need to fix our marketing. We did not mean to be manipulative, and we certainly aren't big tech. We're still very much pre-release software and have things to iron out and welcome all contributions to help us get there!