On Thu, Jul 24, 2014 at 10:41:35PM +0200, Stephan Neuhaus wrote:
On 2014-07-24, 18:16, stef wrote:
On Thu, Jul 24, 2014 at 04:06:03PM +0200, Stephan Neuhaus wrote:
So if I mention to you that a certain app just happens to run on a smartphone, your Spidey-sense would be tingling, no matter if the app has had excellent threat modelling, code audit etc?
it's rule of thumb. right? there might be exceptions (i know of exactly one), which strengthen the rule ;)
Sorry to insist, but I gave you a concrete app, namely safeslinger: https://www.cylab.cmu.edu/safeslinger/ Do you think that it is snake oil?
unless it is being deployed for confidentiality defending against only low level adversaries (but by stating this i already narrowed down the threat-model significantly). i believe so. it is an app, nothing more. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt