On Thu, Jun 5, 2014 at 10:37 AM, Black Fox <fox@vbfox.net> wrote:
On Thu, Jun 5, 2014 at 4:48 AM, Alfie John <alfiej@fastmail.fm> wrote:
On Wed, Jun 4, 2014, at 10:19 AM, tpb-crypto@laposte.net wrote:
That's why there is not foocking way to trust proprietary software. Companies are forced to act like criminals on behalf of the government. There is no loyalty, respect, ethics, honesty or even business which
the
US government won't try to trample upon.
Someone's already submitted a bug report:
Cute, but the threat model of the submitter seem unclear to me, in what is it different here from gpg binaries provided by a linux distribution package ?
If even only one person have access to the packaging keys and is of american nationality he can receive a National Security Letter and would have to comply (Rubber hose is obviously working too if they want to risk it). Using quantum insert they don't even need to change the packages for everyone, only you.
Updates for any software executing with access to your private data are dangerous.
I don't see why this subject is present in the issue tracker of an extension... it's a lot more general issue (Except for the fact that Google bashing is cool today).
This seems like a good project, that will move PGP usability and standards forward. It's also a big deal for Google to throw its support to the project, since it is in direct tension with the business model Gmail is built on (scanning your emails). The auto-update feature is a big deal that will have to get wrestled with openly as this moves further. Perhaps they'll work out a separate update policy for it, who knows. But it'll also have applications outside of a place in the Chrome Web Store. For example, hopefully much of this work (especially the JS crypto work) will also turn out to be reusable in Firefox. -- konklone.com | @konklone <https://twitter.com/konklone>