Thread

Then in the worst case we're back where we are now, 500+ 5 star reviews from random strangers. But with the benefit of an open WoT graph your client can analyze and take out the bots. And most likely there will be some celebrity you trust in that group. It already works great now with our tiny community and I think it will work better with more users and a more interconnected graph.

I dunno. I think it works great because of our tiny community and once you get the masses it breaks down. It’s so easy to go under the radar when no one is technically competent to evaluate your software. And at scale that could mean many victims before it’s ever noticed.

I want this model to win, but it feels like more parts are missing.

Mhhh, I'll have to do more thinking about this, but intuitively it feels like a larger network means stronger WoT. You're right that we need to be careful tho.

Probably need to look at hybrid models - trusted clients that offer some verification. Or some organizations that audit. Maybe some economic penalty (worked into the UX somehow). Even then, at scale there will likely be gaps where no one is watching and people are installing carelessly.

It's not evident yet but there are two layers of curation: relays and users. The relay (app catalog) is the main curation mechanism. The Zapstore relay may decide to remove certain apps in the future, but that does not matter, the whole point here is having the ability to manage your own app catalogs. (In the alpha version right now this is already possible) WoT will also be used to discover/recommend app catalogs. User-level curation is talked about more because (a) it's innovative, (b) it's prominent in the UI, (c) in practice there's a single relay right now

Awesome! Is there a tutorial on verifying pgp etc a download prior to installation?

See our website, click on download and you will see it

Please keep taking about this, Karnage. More of cautious-style thinking and we'll be able to build apps that can scale. The tiny community here is great, but what about frens and family, IRL normies you know and such. Can't bully them to all to move to our apps, can't guarantee the apps we ourselves are using are as safe, can't use their Oligarchal apps - quite the modern day dilemma. 🫥

Agree with you and with Karnage's observations, of course. That said, have you tried asking me? 😅 I've been thinking about this problem for a long time, and maybe by chance I know a thing or two

Hey hey, so we replied to Karnage coz we were agreeing/encouraging the premise of his skepticism - that's it :)) It wasn't a commentary on Zapstore or any particular app per se. We're struggling with the larger tech stack migratory problem ourselves + worried we'll end up making the same mistake by putting all our 🥚🥚, for example, in the Proton basket or some such. You can see we post about #FreedomTech and #PrivacyRefuge on our profile too. But please, feel free to pick someone comment most relevant to you and do a thread/read/media-rich Note on the topic, adding relevant hashtags, citing some references if you wish. We can all repost, reply and push the narrative forward 🤓

Or configure developer mode on stock Android, it's easier than adb. We won't get discouraged by the bullies, we will keep pushing forward.

Developer mode? Will that work? That's news to me?

"The company also announced that it is developing a "new advanced flow" for experienced users with a higher risk tolerance who wish to sideload unverified apps. This new system will provide warnings about the associated risks but will ultimately allow users to make their own choices."

BleepingComputer

Google backpedals on new Android developer registration rules

Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce account...

Ah hm "advanced flow" well well let's see.

My users install the apps that I give them not because they have a "high risk tolerance". They are totally clueless tech newbies who have a very low risk tolerance. They install my apps because they personally trust me. These also not "hobbyist" apps. They're professionally developed (by me, the professional) mission critical must-have apps. I wonder how socially inept people at Google are and what their view of people and society is that they believe anyone would trust some faceless multinational corporation over personal relationships that have been painstakingly developed over the years.