So far, as far as I can see, you're not even inflicting PGP on us here, let alone your friends.
I did for a while, but then I moved hardware and didn't see any reason to set up PGP again. At best, it was a signal to people that I cared about security/privacy, at worst it was making everything I posted non-repudiable for no useful reason. The fact that miniLock is authenticated but repudiable makes it a better bet for PGP-usecase purposes *anyway*, and my minilock ID is in my signature (again, had lapsed by accident) for people who want to use miniLock outside of peerio. But, miniLock isn't (opportunistic pun) "turn-key", it requires launching, authenticating, dropping a file to encrypt, typing in a miniLock ID to encrypt to (encrypting to yourself probably makes it non-repudiable if someone acquires your private key, beware!), downloading the encrypted file, and then transmitting the encrypted file out-of-band. Now, implementing Peerio server is something I endorse. If I weren't too busy, I'd investigate doing it myself, it looks like fun. If anyone does feel like it, they have miniLock for JS-based servers, and deadLock for Python-based servers (needs some work/bugfixes). On 15/01/15 16:44, rysiek wrote:
Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
If the server code were open, how would you know the server was actually running that code anyway?
Not much. But it would allow others to run the server code and offer similar service, at the very least.
Having the protocol documented so thoroughly makes the task of writing an alternative server trivial if time-consuming. I'd obviously prefer the server were AGPL, and I hope someone will write an AGPL'd server and federation.
Of course. The "time-consuming" part is what bothers me. I *could* throw in an hour or two to set-up a peerio server had the code been available; I have absolutely *no way in hell* of throwing in days or weeks of work to implement their protocol.
For now though, the client is open source, the crypto doesn't suck, the UX is excellent, and the threat model is pretty transparent. I'm *never* going to inflict PGP on friends, but I'll happily inflict this on them.
So far, as far as I can see, you're not even inflicting PGP on us here, let alone your friends.
-- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key.