Das Interesse an einer GPG-Party zur #CLT2026 ist da, aber viele sind noch unentschlossen (30%). 🤔 An die "Vielleicht"-Fraktion: Was braucht ihr für ein festes "Ja"?
#ChemnitzerLinuxTage #GPG #OpenPGP #Linux #OpenSource #Privacy #ITSec #Datenschutz #Keysigning #WebOfTrust

Weak "AI filters" are dark pattern design & "web of trust" is the real solution

The worst examples are when bots can get through the “ban” just by paying a monthly fee.

So-called “AI filters”

An increasing number of websites lately are claiming to ban AI-generated content. This is a lie deeply tied to other lies.

Building on a well-known lie: that they can tell what is and isn’t generated by a chat bot, when every “detector tool” has been proven unreliable, and sometimes we humans can also only guess.

Helping slip a bigger lie past you: that today’s “AI algorithms” are “more AI” than the algorithms a few years ago. The lie that machine learning has just changed at the fundamental level, that suddenly it can truly understand. The lie that this is the cusp of AGI - Artificial General Intelligence.

Supporting future lying opportunities:

• To pretend a person is a bot, because the authorities don’t like the person
• To pretend a bot is a person, because the authorities like the bot
• To pretend bots have become “intelligent” enough to outsmart everyone and break “AI filters” (yet another reframing of gullible people being tricked by liars with a shiny object)
• Perhaps later - when bots are truly smart enough to reliably outsmart these filters - to pretend it’s nothing new, it was the bots doing it the whole time, don’t look beind the curtain at the humans who helped
• And perhaps - with luck - to suggest you should give up on the internet, give up on organizing for a better future, give up on artistry, just give up on everything, because we have no options that work anymore

It’s also worth mentioning some of the reasons why the authorities might dislike certain people and like certain bots.

For example, they might dislike a person because the person is honest about using bot tools, when the app tests whether users are willing to lie for convenience.

For another example, they might like a bot because the bot pays the monthly fee, when the app tests whether users are willing to participate in monetizing discussion spaces.

The solution: Web of Trust

You want to show up in “verified human” feeds, but you don’t know anyone in real life that uses a web of trust app, so nobody in the network has verified you’re a human.

You ask any verified human to meet up with you for lunch. After confirming you exist, they give your account the “verified human” tag too.

They will now see your posts in their “tagged human by me” feed.

Their followers will see your posts in the “tagged human by me and others I follow” feed.

And their followers will see your posts in the “tagged human by me, others I follow, and others they follow” feed…

And so on.

I’ve heard everyone is generally a maximum 6 degrees of separation from everyone else on Earth, so this could be a more robust solution than you’d think.

The tag should have a timestamp on it. You’d want to renew it, because the older it gets, the less people trust it.

This doesn’t hit the same goalposts, of course.

If your goal is to avoid thinking, and just be told lies that sound good to you, this isn’t as good as a weak “AI filter.”

If your goal is to scroll through a feed where none of the creators used any software “smarter” than you’d want, this isn’t as good as an imaginary strong “AI filter” that doesn’t exist.

But if your goal is to survive, while others are trying to drive the planet to extinction…

If your goal is to be able to tell the truth and not be drowned out by liars…

If your goal is to be able to hold the liars accountable, when they do drown out honest statements…

If your goal is to have at least some vague sense of “public opinion” in online discussion, that actually reflects what humans believe, not bots…

Then a “human tag” web of trust is a lot better than nothing.

It won’t stop someone from copying and pasting what ChatGPT says, but it should make it harder for them to copy and paste 10 answers across 10 fake faces.

Speaking of fake faces - even though you could use this system for ID verification, you might never need to. People can choose to be anonymous, using stuff like anime profile pictures, only showing their real face to the person who verifies them, never revealing their name or other details. But anime pictures will naturally be treated differently from recognizable individuals in political discussions, making it more difficult for themselves to game the system.

To flood a discussion with lies, racist statements, etc., the people flooding the discussion should have to take some accountability for those lies, racist statements, etc. At least if they want to show up on people’s screens and be taken seriously.

A different dark pattern design

You could say the human-tagging web of trust system is “dark pattern design” too.

This design takes advantage of human behavioral patterns, but in a completely different way.

When pathological liars encounter this system, they naturally face certain temptations. Creating cascading webs of false “human tags” to confuse people and waste time. Meanwhile, accusing others of doing it - wasting even more time.

And a more important temptation: echo chambering with others who use these lies the same way. Saying “ah, this person always accuses communists of using false human tags, because we know only bots are communists. I will trust this person.”

They can cluster together in a group, filtering everyone else out, calling them bots.

And, if they can’t resist these temptations, it will make them just as easy to filter out, for everyone else. Because at the end of the day, these chat bots aren’t late-gen Synths from Fallout. Take away the screen, put us face to face, and it’s very easy to discern a human from a machine. These liars get nothing to hide behind.

So you see, like strong is the opposite of weak [citation needed], the strong filter’s “dark pattern design” is quite different from the weak filter’s. Instead of preying on honesty, it preys on the predatory.

Perhaps, someday, systems like this could even change social pressures and incentives to make more people learn to be honest.

Weak "AI filters" are dark pattern design & "web of trust" is the real solution

The worst examples are when bots can get through the “ban” just by paying a monthly fee.

So-called “AI filters”

An increasing number of websites lately are claiming to ban AI-generated content. This is a lie deeply tied to other lies.

Building on a well-known lie: that they can tell what is and isn’t generated by a chat bot, when every “detector tool” has been proven unreliable, and sometimes we humans can also only guess.

Helping slip a bigger lie past you: that today’s “AI algorithms” are “more AI” than the algorithms a few years ago. The lie that machine learning has just changed at the fundamental level, that suddenly it can truly understand. The lie that this is the cusp of AGI - Artificial General Intelligence.

Supporting future lying opportunities:

• To pretend a person is a bot, because the authorities don’t like the person
• To pretend a bot is a person, because the authorities like the bot
• To pretend bots have become “intelligent” enough to outsmart everyone and break “AI filters” (yet another reframing of gullible people being tricked by liars with a shiny object)
• Perhaps later - when bots are truly smart enough to reliably outsmart these filters - to pretend it’s nothing new, it was the bots doing it the whole time, don’t look beind the curtain at the humans who helped
• And perhaps - with luck - to suggest you should give up on the internet, give up on organizing for a better future, give up on artistry, just give up on everything, because we have no options that work anymore

It’s also worth mentioning some of the reasons why the authorities might dislike certain people and like certain bots.

For example, they might dislike a person because the person is honest about using bot tools, when the app tests whether users are willing to lie for convenience.

For another example, they might like a bot because the bot pays the monthly fee, when the app tests whether users are willing to participate in monetizing discussion spaces.

The solution: Web of Trust

You want to show up in “verified human” feeds, but you don’t know anyone in real life that uses a web of trust app, so nobody in the network has verified you’re a human.

You ask any verified human to meet up with you for lunch. After confirming you exist, they give your account the “verified human” tag too.

They will now see your posts in their “tagged human by me” feed.

Their followers will see your posts in the “tagged human by me and others I follow” feed.

And their followers will see your posts in the “tagged human by me, others I follow, and others they follow” feed…

And so on.

I’ve heard everyone is generally a maximum 6 degrees of separation from everyone else on Earth, so this could be a more robust solution than you’d think.

The tag should have a timestamp on it. You’d want to renew it, because the older it gets, the less people trust it.

This doesn’t hit the same goalposts, of course.

If your goal is to avoid thinking, and just be told lies that sound good to you, this isn’t as good as a weak “AI filter.”

If your goal is to scroll through a feed where none of the creators used any software “smarter” than you’d want, this isn’t as good as an imaginary strong “AI filter” that doesn’t exist.

But if your goal is to survive, while others are trying to drive the planet to extinction…

If your goal is to be able to tell the truth and not be drowned out by liars…

If your goal is to be able to hold the liars accountable, when they do drown out honest statements…

If your goal is to have at least some vague sense of “public opinion” in online discussion, that actually reflects what humans believe, not bots…

Then a “human tag” web of trust is a lot better than nothing.

It won’t stop someone from copying and pasting what ChatGPT says, but it should make it harder for them to copy and paste 10 answers across 10 fake faces.

Speaking of fake faces - even though you could use this system for ID verification, you might never need to. People can choose to be anonymous, using stuff like anime profile pictures, only showing their real face to the person who verifies them, never revealing their name or other details. But anime pictures will naturally be treated differently from recognizable individuals in political discussions, making it more difficult for themselves to game the system.

To flood a discussion with lies, racist statements, etc., the people flooding the discussion should have to take some accountability for those lies, racist statements, etc. At least if they want to show up on people’s screens and be taken seriously.

A different dark pattern design

You could say the human-tagging web of trust system is “dark pattern design” too.

This design takes advantage of human behavioral patterns, but in a completely different way.

When pathological liars encounter this system, they naturally face certain temptations. Creating cascading webs of false “human tags” to confuse people and waste time. Meanwhile, accusing others of doing it - wasting even more time.

And a more important temptation: echo chambering with others who use these lies the same way. Saying “ah, this person always accuses communists of using false human tags, because we know only bots are communists. I will trust this person.”

They can cluster together in a group, filtering everyone else out, calling them bots.

And, if they can’t resist these temptations, it will make them just as easy to filter out, for everyone else. Because at the end of the day, these chat bots aren’t late-gen Synths from Fallout. Take away the screen, put us face to face, and it’s very easy to discern a human from a machine. These liars get nothing to hide behind.

So you see, like strong is the opposite of weak [citation needed], the strong filter’s “dark pattern design” is quite different from the weak filter’s. Instead of preying on honesty, it preys on the predatory.

Perhaps, someday, systems like this could even change social pressures and incentives to make more people learn to be honest.

A riveting saga of nerds spending a year rearranging deck chairs on the Arch Linux #Titanic 🚢💻. Spoiler: it involves more acronyms than a government agency 🥱. But hey, at least the Web of Trust and the Berblom algorithm are now free to roam the wilds of irrelevance 🤖.
https://devblog.archlinux.page/2026/a-year-of-work-on-the-alpm-project/ #ArchLinux #WebOfTrust #BerblomAlgorithm #NerdLife #TechSaga #HackerNews #ngated

I'm going to be in #Florence and #Rome for a couple days, followed by #Zermatt for a few more. I've never actually signed anybody's #pgp #gpg keys, but hey! Perhaps this could be a chance to learn how to do that *and* add some trans-atlantic edges to that web of trust!

#Italy #Switzerland #OpenPGP #WebOfTrust

• a new config option in the #PGP plugins enable automatic online discovery of PGP keys (according to your existing gpg.conf auto-key-locate
• whenever you recieve a mail signed by a public key missing (or expired) in your #GPG keyring, you'll have a button to trigger an online search for the key (either through #WKD or the older #keyserver based approach).

@ArneBab Not really, all it does is increase the cost for legitimate users, as spammers and fraudsters just see this as a cost of operation.

• And since @signalapp doesn't seem to have #AbuseReporting ready that means they only use it to collect #PII and thus make it trivial to earmark users for targeted surveillance!

#PhoneNumers are PII because more often than not they require #KYC!

• And it's not always feasible or even possible.to provide users with a fresh & untained number, because inactive numbers get recycled!

Stop the Escalating Commitment to Schemes that fall flat on the face outside of #EliteProjection from #SiliconValley...

• #Signal could use a #WebOfTrust and require invites socthat reputation would be linked...

But that too is a #privacy invasion!

@RuthMalan I think that with open/federated social networks we'll end up with clients that support a #WebOfTrust model.
http://webseitz.fluxent.com/wiki/WebOfTrust

Bądźmy szczerzy. Byłem zwolennikiem #OpenPGP (czy ogólniej #PGP) przez długi czas. I w sumie nadal nie jestem w stanie wskazać żadnej sensownej alternatywy. I wierzyłem, że PGP nie jest "tak trudne" — ale wcale nie staje się łatwiejsze. A wielkim problemem z tego typu standardami są narzędzia.

#WebOfTrust jest trudne, i dla wielu ludzi niepraktyczne. I nie pomaga tu to, w jaki sposób wiele programów decyduje się obsługiwać kwestie zaufania kluczy. Czasem dostaję zaszyfrowaną pocztę — i #EvolutionMail znacznie utrudnia mi jednorazową odpowiedź z szyfrowaniem, o ile nie zdecyduję się *permanentnie* zaufać nadawcy.

Bajzel z serwerami kluczy SKS nie pomógł. Dziś znaleźć czyjś klucz to szukanie igły w stogu siana. Jeżeli mamy szczęście, wystarczy WKD. Jeżeli nie, to możemy przeszukać serię różnych serwerów kluczy, GitHuba, strony internetowe. I czasem po drodze znajdziemy klucze już nieważne, bo ludzie aktualizują tylko w niektórych miejscach, albo w ogóle zapominają wysłać aktualne.

No i wchodzi problem niezgodności programów. Nie świadczy to dobrze o PGP, że GnuPG nie jest w stanie zaimportować kluczy z popularnych serwerów, bo nie mają identyfikatorów użytkownika. A to tylko czubek góry lodowej.

Za rogiem czeka rozbieżność standardów OpenPGP, która dopiero przyniesie prawdziwe problemy. Wyobraźcie sobie, że przekonaliście kogoś do OpenPGP, i za chwilę musicie tej osobie wyjaśniać, że użyła nieprzenośnego narzędzia albo niewłaściwych ustawień, i stworzyła klucz, którego nie jesteście w stanie użyć.

Nie tak zachęca się ludzi do szyfrowania.

#szyfrowanie

Let's be honest. I've been a strong supporter of #OpenPGP (or #PGP in general) for a long time. And I still can't think of any real alternative that exists right now. And I kept believing it's not "that hard" — but it doesn't seem like it's getting any easier. The big problem with standards like that are tools.

#WebOfTrust is hard, and impractical for a lot of people. It doesn't really help how many tools implement trust. I mean, I sometimes receive encrypted mail via #EvolutionMail — and Evolution makes it really hard for me to reply encrypted without permanently trusting the sender!

The whole SKS keyserver mess doesn't help PGP at all. Nowadays finding someone's key is often hard. If you're lucky, WKD will work. If you're not, you're up for searching a bunch of keyservers, GitHub, or perhaps random websites. And it definitely doesn't help that some of these may hold expired keys, with people uploading their new key only to a subset of them or forgetting to do it.

On top of that, we have interoperability issues. Definitely doesn't speak well when GnuPG can't import keys from popular keyservers over lack of UIDs. And that's just the tip of the iceberg.

Now with diverging OpenPGP standards around the corner, we're a step ahead from true interoperability problems. Just imagine convincing someone to use OpenPGP, only to tell them afterwards that they've used non-portable tool / settings, and their key doesn't work for you.

That's really not how you advocate for #encryption.

@Bombe Haben wir schon einmal über das #Matrix #Protokoll kommuniziert?
Ich habe ein Problem mit dem #Hyphanet (ehemals #Freenet) #Plugin #Sone.

Dieses freche Ding behauptet einfach, ich hätte keine #WebOfTrust Identität.
So ein Quatsch, denn ich habe mehrere & kann mich erfolgreich mit jeder anmelden.

So with the #slopageddon ongoing we now need systems of vetting user agents. The proof of work is rearing its ugly head again. Or do we make another attempt at #weboftrust like we failed with GPG? No 200 reply unless the UA presents a pubkey signed by N verified bag-of-flesh agents?

requeteChe wrote:

.. some kind of independent lossless pseudonym ONG ..
..
In any case, ultimately even an issue that in part ends up in conversations and best practice about trust and creating a #webOfTrust between those involved in a mandatory and by default pseudonym environment ..

Examples:
"Die Tinder-Schwindler: Der Riesenbetrug mit der Liebe | SPIEGEL TV":
A spiegelTV documentary on YT about scams on the web. Not only a blueprint for scamers but an interesting take that shows a lot of angles and the damage all this implies.
"Gewalt gegen (kolumbianische) Aktivisten":
A #TAZ article by @tazgetroete about the exposure of environmental activists in particular in #latinAmerica:

TAZ translated wrote:

Bangkok afp | According to a report, almost 200 environmental activists were murdered worldwide last year. According to the non-governmental organization Global Witness on Tuesday, Latin America remains the most dangerous region for people working to protect the environment and respect land rights.

So, while in general terms we do have all the tools at hand, including even options like some kind of escrow guarantees for monetary aspects and things like #SEGWIT ID profiles @bc1q3jmgjcvmd5eaadx69ggazctksr0d7ca4q6w4vr and even simple ID verification's via payPal for example, first of all this has to do with the interest of people to involve themselves in working out some how some kind of:

• proof of concepts
• proof of work
• proof of stake
• proof of cooperation

#altText:
Some video snippets of the #spiegelTV documentation about internet scams. The subtitels are in englisch, The people interviewed are seen in their environment.

@mina @aiquez @sinmisterios @crossgolf_rebel @resl @dprieto

aiquez wrote:

i think it is difficult not to have at least an agenda / topic .. some things were working indeed ( #FoFritz ) but on the longer run, it has to be clear if it is an art Project or collaborative_system_trial
i got 2 less time in daily life (2 much occupied by work and fam) only in holiday and some free time.

Even tho while your observation is reasonable, and excellent in terms of feedback @aiquez, including our very personal circumstances, it doesn't look like you or @mina are right in terms about clearness of what this is/was from the beginning, or what apparently it mend to be.
The problem in any case is around the setup and/or kind of announcement/invite in a world of microblogging and federated content over different platforms, languages, societies, space, time (and all the rest).

Than there were in part some misunderstandings in terms of platform functionality about getting update notifications, as it was worked out with @mina. The first drafts contained a 25 minute audio that wasn't summed up and didn't get the feedback "requested". Or it didn't get the feedback as expected to become summed up at least in general terms by conversations. If you have a look right now at the first initial post, it's in version v.04 and has a renewed quite simple freeplane mindmap, as the initial idea, the way of presenting it and the time to represent it evolved. Ultimately the proposal is more or less about what an answer to @sinmisterios summed up later on:

bitpickup translated into englisch wrote:

The reality is that this is a string of conversation about:

• how to make us join to create content
• how to create it
• what tools to use to do so
• how to publish the content
  and
• where to publish it

and all that around a specific topic as a hook for a proof of concept.
Ultimately the proposal is simple and called:
#mitDenken

If you look at it, to a certain extent now we are at a point where even each and every one of the points, except the one of co-editing content, that's the studi0 and the media page part, have been touched or exemplified. Actually, the same happened to #foFritz too. At the same time, quite like in the #foFritz project, the community accounts (bitpickup, jesuisatire (and tierranietos)) have dedicated themselves to the project kinda full time 96/7/365. Others, to more or less extent have joined efforts to add content by comments but not so much questions, clarifying answers or own initiatives. Except @dprieto, who actually went off on a branch that in reality belonged to some specific content by tierranietos. A detail that in the end was useful and a good feedback at the same time because it showed how we perceive the communication out here and in any case gave some hints about what is needed to make things like this proposal work if that is possible at all.

Somehow this "project", the search for how to prevent "the one who is out there all alone" to drown in his #depression, loneliness and #climateGrief, and together with that actually ultimately "how to sustain and protect La tierra de nuestros nietos", tries to tackle exactly "the emptiness of the common social media that programmed us", as pointed out quite neat by @_elena in her latest trailer #theFedi. And if we talk about "try to tackle", we would come to points that weren't even touched, or perhaps were expected to be touched thru feed back conversations about trust, cooperation and so on.

At the same time, main point is and always will be, that most of us are just people out here who are chit-chatting, looking for some entertainment and didn't subscribe, nor requested to become some kind of independent lossless pseudonym ONG to fulfill the expectations of others. So the first point of the sum-up, "how to join forces", has worked out to a certain extent by addressing contacts out of specific reasons. At the same time those contacts became kinda baffled because they found themself in comments and discussions that looked off-topic for them. Even more because they by themselves did not out of an own impulse "subscribe" to some #greenPeaceLastGenerationTwoPoint0 project and there for not only became confused but even maybe became feed up somehow. And again, all this in an ambience of strangers in a dopamine wanna be social-web short span attention entertainment snippet reality.

In other words, as pointed out by @bitpickup:

• is/was this post string a useful experience?
  yes
• is/was this a useful experience to build on that can stand/remain as it is?
  yes
• was it successful?
  As of now, not really.
• did the initial proposal has "at least an agenda / topic"
  Actually it did, but all of you, as for now, never managed to work that out and stumbled over nitpicking details, quite nice chit-chat content, worthy for kind slap stick comic conversation string, and probably strange nerv wrecking results because of dopamine, micro-blogging and previous negative social media experiences which all together create misunderstanding and perhaps even feelings that become perceived as offensive or feeling offended.

At least that is the interpretation from over here.

Last but not least:

aiquez wrote:

the sftp_issue could be interesting
-> collecting_files for activism or arts .. lets see

btw
Looks like #foFritz actually evolved into #idenTheater and is actually just there, waiting to be used for all kinds of news slaughter, exposure, satirizing of tyrants and all those things.

Last take was the envy of a dying emperor over people who farewelled their beloved humble neighbor who was forced by life to become president for one term.

@crossgolf_rebel @resl

Given all of the #AI #shittification a web of trust built on a friend-to-friend basis appears to be inevitable for anything remotely like the current internet to exist moving forward.

Literally no point in interacting with any of the AI shit besides writing your own bot to hide, close, remove, ... it wherever possible...
#weboftrust

Ah, yes, the Linux Kernel's #PGP Web of Trust—because nothing screams "cutting-edge technology" like a system built on the tattered remains of #keyserver networks 🤦‍♂️. Who needs simplicity when you can have a Byzantine key repository maintained by a single guy named Konstantin? 🔐🔑
https://blog.kleine-koenig.org/ukl/the-linux-kernels-pgp-web-of-trust.html #LinuxKernel #WebOfTrust #Security #Technology #Humor #HackerNews #ngated

The Linux Kernel's PGP Web of Trust

https://blog.kleine-koenig.org/ukl/the-linux-kernels-pgp-web-of-trust.html

#HackerNews #LinuxKernel #PGP #WebOfTrust #OpenSource #Security #Technology

Until these tools learn how to properly trust sources, check them yourself, and ensure their trustworthiness before using them.

I'm wondering if some kind of trust ecosystem could work here, though? It wouldn't be hard for the AIs to verify digital signatures, right?

https://arstechnica.com/security/2025/04/ai-generated-code-could-be-a-disaster-for-the-software-supply-chain-heres-why/

#supplychainsecurity #supplychainattack #LLMs #factchecking #softwaresupplychain #SoftwareSupplyChainSecurity #ai #packagemanagement #weboftrust #factchecking #digitalsignatures

@jwildeboer Now the big question is: How can we fight the crawlers?
My suggestion is that we need to establish a layer of trust on the web. Connections made by humans should be different from connections made by machines. We can go beyond captchas and turnstile.
Let's adopt the web of trust principles.

#WebOfTrust