Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Wed Jul 23 23:39:35 PDT 2014
On 2014-07-23, 23:59, stef wrote:
> exactly this prompted me to come up with the seven rules of thumb to detect
> snakeoil:
>
> not free software
> runs in a browser
> runs on a smartphone
> the user doesn't generate, or exclusively own the private encryption keys
> there is no threat model
> uses marketing-terminology like "cyber", "military-grade"
> neglects general sad state of host security
>
In order to qualify as snake oil according to this definition, do all of
these have to be true, or is any criterion sufficient? Because if it's
"any", then this https://www.cylab.cmu.edu/safeslinger/ is snakeoil,
which I think is unfair. (Note that I'm not saying that this is a secure
app; I haven't looked at the code. But you can't fault the authors on
threat modelling etc. Its only "fault" is that it runs on a smart phone.)
Fun,
Stephan
--
More information about the cypherpunks
mailing list