Public chat logs: false sense of privacy, useful, or other?

rocket.chat
Tags: #<Tag:0x00007f21aeeedca8>

#1

I have a Rocket Chat server at https://chat.interi.org. Recently I made it readable by anonymous visitors, and we've been discussing it. You can even see the latest discussion (at this moment) if you check out https://chat.interi.org/channel/general.

I wanted to create a more prominent conversation so I understand what folks expect from something like a chat server.

Here are the pros and cons, according to maiki. Pros:

  • Easier to find information, without a login wall
  • Potentially indexable by search engines, adding context to knowledge
  • Less overhead for onboarding new members, as they can determine if it is for them
  • Direct messages and channels set to private are still not public

Cons:

  • Folks don't understand the chat is public, say things they regret
  • Folks may not feel safe, in an era where non-private, non-safe services abound

What are your thoughts on this? Should I keep that private? Are public logs useful?

If I were running an IRC server I feel like the conversation would be different, but Rocket Chat feels like something that is small scale and private per group. Very interesting.


#2

You bring up a good point about IRC. Even I feel like IRC channels come with the assumption that they are public. Slack groups (and thus channels) come with the assumption that they are private (is it even possible to have public-readable Slack groups? I know you can make public-readable and public-chattable channels on Slack groups). Since I associate Rocket Chat with "like Slack" rather than "like IRC," I carried my subconscious assumption of private to Rocket Chat.

I think the more I think about it, the more I like the idea of educating ourselves to create private channels for safe spaces, and having things like #general feel more like IRC, and publicly readable.

I think. Still going back and forth. Why do I feel totally fine talking about my deepest secrets on things hosted by google and facebook and microsoft, where the "normal" state is that it's private, but since I don't control the data, technically logs could be released any number of ways (hacking, some employee, an accident of mine or someone else's, a bug,...?)


#3

There is a weird and maybe negligible benefit to using decentralized services for the entirety of your communications: it creates a barrier to some bad actors to compromise your privacy.

For instance, if the bulk of your chat logs are kept in Evil Company, that means a single account needs to be cracked, or a single subpoena served. In my case, to capture my communication one would need to compromise various systems, each with their own technical and legal hurdles.

In this way, use multiple systems that employ a public/private model, one is able to benefit from search tech and transparency (which for personal communications ends up being serendipity, I've noticed), while also having those additional layers to protect them from targeted or catch-all sweeps of their data.

I just realized this fits into the Digital Safety category, so I will add that this is prescriptive; one needs to understand their own threat model to avoid trouble.

In the case of my personal chat server, we have a lot of leverage because I am able to dictate it is safe from trolls, and we can take steps to combat harassment if it becomes an issue. That is what I mostly worry about for others: not having control of the platform, and therefore bowing to the whims of a central company that prioritizes profit over human dignity.