Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]
rysiek
rysiek at hackerspace.pl
Wed Jul 23 15:34:24 PDT 2014
Dnia środa, 23 lipca 2014 23:59:25 stef pisze:
> On Wed, Jul 23, 2014 at 05:24:22PM -0400, grarpamp wrote:
> > To quote OP... not open source.. not audited.. central servers.. webrtc..
> > 'no' logs.. and a shiny link for grins... and then claims it 'looks very
> > interesting and promising'. WTF, really? I appreciate innocent questions,
> > but the answer (or at least our response) should be obvious, from those
> > parameters alone, to someone who's been around for a while.
>
> exactly this prompted me to come up with the seven rules of thumb to detect
> snakeoil:
>
> not free software
> runs in a browser
> runs on a smartphone
> the user doesn't generate, or exclusively own the private encryption
> keys there is no threat model
> uses marketing-terminology like "cyber", "military-grade"
> neglects general sad state of host security
So very true. Can we have it named as "stef's six rules of snakeoilness" and
spread around? I'm serious, this is important.
--
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140724/663581ac/attachment-0001.sig>
More information about the cypherpunks
mailing list