AD: We're actively working on that issue right now, making the defaults safer. We're also discussing internally how to enable revocation of content at the network level. It won't be perfect, but neither is GitHub or the likes.

▲

fc417fc802 5 hours ago | parent [-]

> We're also discussing internally how to enable revocation of content at the network level.

Isn't that a solved issue? Or rather unsolvable. With ActivityPub there's just a deletion notification that's obfuscated so that you can't identify the item unless you already have a copy of it. What else can you do?

▲

lorenzleutgeb 4 hours ago | parent [-]

Right. Radicle nodes out of the standard distribution would be kind enough to delete. On the technological level you cannot do more (also not really less, funnily enough). But it would be possible to patch the code and remove deletion.

Often times I just take the "information theory perspective": You fundamentally cannot make something "more private". Once it's out, it's out. You cannot "untell" a secret. That's just not how it works.

But then other solutions also have this problem. Once I have `git fetch`ed from GitHub, or received that e-mail containing a patch on a mailing list, I have a copy on my filesystem. It's going to be pretty darn hard to remove it from there if I don't comply. Maybe you'd have to enforce some law.

In that context, it seems that people were led to believe that "removal from the server(farm)" is the same as "removal from the universe", but that's just not true.

Happy for any insight on how to approach this differently.

▲

hackthemack 4 hours ago | parent [-]

I am just glad some thought is being put into it. Thanks for the efforts.

I keep thinking about people putting secrets up in github. You can not really get rid of something that is out there, like you said.

But people do make a request to github to remove it. And if no one has put in the effort to copy it and republish it, it is not as "out there" as if it were still on github.

Thinking on old BBS boards on the internet. Most people will use Internet Archive to search for old dead sites. If it is not on there, it is not as "out there" as if it were on the Internet Archive.

I am thinking it is not quite as black as white as it seems. There is some kind of entropy effect.

Thinking on pre-internet newspapers. If you posted something in a fan zine in the 70s, it might have faded from existence due to lost copies, or it might be in some collector's stockpile. It might even be scanned into the Internet Archive. Or not.

No great solutions come to mind. But there does seem to be some "small" value in being able to say, delete this as it was a mistake.

Maybe, also, more education, or a warning about "beware, be extra careful, this is going to be around for all to see for a long time, possibly forever".

▲

lorenzleutgeb 2 hours ago | parent [-]

> I keep thinking about people putting secrets up in github.

You gave me an idea. For Radicle, we implemented a `git-remote-helper` (Git recognizes `rad://`-URIs and then wakes up the helper to handle the rest). This helper could well look at the blobs being pushed and detect secrets. Then error out and request a retry with `--force` if the user is sure.

To implement something like this, we'd not want to reinvent the wheel, so we'd want to consume some description of patterns that we should look for. And obviously we're not going to ask GitHub or some web server.

So, is there such library? In a format that is simple-ish to implement filtering for but also catches a good amount of secrets?

	▲	fc417fc802 an hour ago \| parent [-]
		Yes, several well established secret scanners exist. Integrating one into radicle as a first class citizen is an awesome idea.