On Thu, Jul 24, 2014 at 12:34:24AM +0200, rysiek wrote:
Dnia środa, 23 lipca 2014 23:59:25 stef pisze:
On Wed, Jul 23, 2014 at 05:24:22PM -0400, grarpamp wrote:
To quote OP... not open source.. not audited.. central servers.. webrtc.. 'no' logs.. and a shiny link for grins... and then claims it 'looks very interesting and promising'. WTF, really? I appreciate innocent questions, but the answer (or at least our response) should be obvious, from those parameters alone, to someone who's been around for a while.
exactly this prompted me to come up with the seven rules of thumb to detect snakeoil:
not free software runs in a browser runs on a smartphone the user doesn't generate, or exclusively own the private encryption keys there is no threat model uses marketing-terminology like "cyber", "military-grade" neglects general sad state of host security
So very true. Can we have it named as "stef's six rules of snakeoilness" and spread around? I'm serious, this is important.
"7 rules of thumb against snakeoil" is good enough. pls note it's really 7 rules. ;) -- otr fp: https://www.ctrlc.hu/~stef/otr.txt