On 11/28/14, Andy Isaacson <adi@hexapodia.org> wrote:
... A colleague and I, both interested in modern cryptographic systems, started to collaborate on a new project, using Pond. Months later, we realized that we had communicated useful information early on, over Pond exclusively, and the "social norm that communications are deleted after a few days" resulted in us losing important notes about the early days of our project.
Even though it was clearly documented and I had simultaneously advocated Pond to other experimental users for exactly this feature, I didn't think through the consequences of this design feature for my use case. I didn't even realize that I *had* a use case, until much later.
an interesting anecdote. friends and i had prior moved to configurations with explicitly no logging (a change from defaults, since OTR in most clients would log to disk by default) a change to pond no different, as prior expectations assumed no persistence...
For this scenario, it turns out we wanted a modern secure communication system more like Prate, https://github.com/kragen/prate .
we ended up on random etherpads on a trusted host. (e.g. one of our own).
Generalizing from this specific example, you can find many other examples of a security system being used outside of its designed envelope.
very true; evokes Gibson: “The street finds its own uses for things.” (and in the example above, the URI itself the authenticator for the random pad...) best regards,