Gemini Protocol Keeps Getting Better (Less and Less Reliance on Centralised Certificate Authorities)
Reliable systems do not depend on third parties, only themselves
Gemini Protocol is still autonomous and controlled by the community, not some company like Automattic (a subject of recent controversies). It is also about to turn 5.5 years old (our sister site will turn 20.5 in 5 days).
Our current site's system (after dumping PHP, WordPress etc.) is optimised for Gemini Protocol. This system keeps improving behind the scenes, with refinements to GemText conversions made as recently as last week. This system is AGPLv3-licensed and it is accessible over Gemini Protocol, linked to our self-hosted Git instances (one for each site).
We've only just noticed, based on Lupa, that after about a fortnight the Linux Foundation's Certificate Authority Let's Encrypt lost some more instances and is now down to just 14 capsules that are tracked by Lupa (it tracks about 4,200 capsules). To quote today's statistics: "2646 (91.2 %) capsules are self-signed, 14 (0.5 %) use the Certificate Authority Let's Encrypt, 242 (8.3 %) are signed by another CA (may be not a trusted one)." (To be clear, Certificate Authorities can be self-hosted too)
For well over a week it said 15. It's generally going down and down... towards zero.
That's a reason to adopt and to like Gemini Protocol. It discards fake 'security' which generally puts capsules under the control of monopolies (they can deny access to capsules by denying/revoking certificates and they are also a MitM in the privacy sense). As Dr. Andy Farnell put it yesterday: "They did an end run around government and decided to go straight for control and bypass the whole trust, value and money making stages. [...] Human beings have lost control of the direction of information technology.
Andy also said: "The things I "own" in digital space (domains, websites, accounts, currencies, devices) feel less safe. Digital life is at the mercy of arbitrary diktats, administrative errors, system failures, predatory freeloaders and the exercise of unchecked power to exclude, and censor. I have less confidence in the benevolence and competence of authority. And I know I am far from being alone when I say these things. Instead of clear social progress a number of unfortunate side effects of digital tech have blighted society. Their net effect is that we're moving backwards."
There are several more allusions there to fake 'security' and systems like the centralised Certificate Authorities (CAs), which aren't about security but about someone else - the "powerful few" - exercising control over who can run a site (or capsule) and who can access it. Never underestimate the gatekeeping and the fences they have built. It is a "boiling frog" scenario and only a matter of time before they flick switches. Many fine Web sites go dark or offline these days, some of them not because of their choosing; it's not a choice, it is an order. Be prepared, build information systems shrewdly, based on cautious foresight. █