On 6/3/2014 18:42, tpb-crypto@laposte.net wrote:
Message du 04/06/14 00:29 De : "rysiek"
OHAI,
Dnia środa, 4 czerwca 2014 00:19:43 piszesz:
not sure what to think about this one: http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encrypt ion-easier-to.html
Technical specs: https://code.google.com/p/end-to-end/
If you want to land on a watch-list and maybe no-fly list, you just install it in your Chrome. Because as far as we can tell Google is in bed with the NSA and so the proprietary browser may just flag you to the system and done you are, or may forward all your messages in the clear. Who knows? Which is worst?
That's why there is not foocking way to trust proprietary software. Companies are forced to act like criminals on behalf of the government. There is no loyalty, respect, ethics, honesty or even business which the US government won't try to trample upon.
If one wants to go crypto, he goes all the way with OpenBSD, Tails, Kali, Gentoo, Firefox, Midori or even old and good Lynx, but not Chrome.
lol
A heck with it, why not -- I'll play the Google's advocate here.
So, the extension itself will be FLOSS, as I understand, so the extension itself will be audit-able (inb4 openssl, truecrypt). And as I understand it *will* be installable in Chromium too.
Is that an acceptable combination? With such an assumption ("use Chromium, Luke!"), does End-to-End seem to make sense? Or are there other problems we need to look into and be wary of?
With chromium, End-to-End can start looking respectable. But even then Chromium is cranked by a much smaller team than Firefox and surely suffers from the same problems OpenSSL has faced for most of its existence.
I went ahead and tried it out. One click to make a key and it integrates into gmail. It's not going to replace PGP for anyone who already has a key pair, but making end-to-end encryption one-click-easy is a shoe in the door for getting the public to start caring about its own privacy (and hence ours).