Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]

Steve Furlong demonfighter at gmail.com
Thu Jul 24 10:55:13 PDT 2014


On Thu, Jul 24, 2014 at 10:06 AM, Stephan Neuhaus <
stephan.neuhaus at tik.ee.ethz.ch> wrote:

>
> So if I mention to you that a certain app just happens to run on a
> smartphone, your Spidey-sense would be tingling, no matter if the app
> has had excellent threat modelling, code audit etc?
>

I'd treat it as an indicator, not a certainty. All of stef's rules are
indicators, where any one could be raised without the application being a
problem. The more that get raised, the more likely the app is snake oil.

It's like personnel security -- an employee gambling is not necessarily a
problem, but it can indicate a potential security risk. And it's like
diagnosing medical or psychiatric conditions -- a lack of empathy for other
humans might not mean anything, but it's an indicator for psychopathy.

Regarding the security app indicators, good job, stef. And I'll add one:
"10000000000-bit encryption!!!!"


-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1420 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140724/bcc65e0a/attachment-0001.txt>


More information about the cypherpunks mailing list