• I would like to offer as a counterpoint that everything is political. Tech is no exception. Tech is a tool, a tool comes with a specific affordance and an affordance suggests to the wielder a certain worldview. To wilfully ignore the social and political impact of one’s work does not protect it from the world’s turmoil.

    •  stepan   ( @stepan@lemmy.cafe ) 
      link
      fedilink
      English
      35 months ago

      I think it’s absolutely fine for software to show support for something political (e.g. supporting Ukraine against Russia), but I agree with the author that it’s not ok to act violently against certain group of users (e.g. wiping Russian PCs). Not because I don’t like the idea of Russian PCs getting wiped, knowing majority of them support the agression against Ukraine, but because they can do the same thing. They will wipe our PCs with theirs NPM packages or whatnot, we will malwarize more of our software to attack them and so on. The end result will be that:

      • unradicalized Russians will be radicalized because we wiped their PCs (and vice versa)

      • we can’t use a lot of great software out of fear that it’s authors will wipe our PCs (and vice versa)

      I see nothing good coming from this type of cyber war for either side of the conflict, and thus I don’t think we should support it.

      • Agreed that it’s an entirely acceptable position to try and avoid being stuck in the crossfire of cyber warfare. Let’s be clear though, cyber warfare is already going on and Russia+China are pulling no punches routinely wiping American and European servers in various ways. Anyone on the front line of cybersecurity sees them knocking ceaselessly.

  • There is no way to completely protect ourselves from cyber attacks, but at least we can avoid software with an “opinion.”

    Well… everybody has an opinion. It’s inevitable as thinking beings. The difference is whether people are willing to act upon it.

    There are many projects with a Code Of Conduct out there that could be interpreted as very left leaning. There are projects with the express purpose of fighting subjugation or helping journalists’ ability to report on political topics. Signal is an example of such a project. Are those projects to be avoided too?

    Anti Commercial-AI license

  • He also seems to be throwing in unrelated concerns and just glossing over the details that bring their relevance into question - consider this paragraph

    Browser extensions, mobile, and desktop apps also implement logic to attack users by regions and based on their political views. Nowadays, there are many teams who buy popular apps and browser extensions to inject malware. I have a blog post about it.

    You’re not going to be able to identify whether a developer might do a deal that compromises a library you use based on their political stance - it’s an entirely unrelated threat vector to his core thesis (and even his own related blog post recognises this, discussing how developers of browser extensions are sometimes tricked into including malicious code - something that is even less related to their political beliefs than their willingness to take a bribe or payout.