Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]

stef s at ctrlc.hu
Wed Jul 23 14:59:25 PDT 2014


On Wed, Jul 23, 2014 at 05:24:22PM -0400, grarpamp wrote:
> To quote OP... not open source.. not audited.. central servers.. webrtc..
> 'no' logs.. and a shiny link for grins... and then claims it 'looks very
> interesting and promising'. WTF, really? I appreciate innocent questions,
> but the answer (or at least our response) should be obvious, from those
> parameters alone, to someone who's been around for a while.

exactly this prompted me to come up with the seven rules of thumb to detect
snakeoil:

    not free software
    runs in a browser
    runs on a smartphone
    the user doesn't generate, or exclusively own the private encryption keys
    there is no threat model
    uses marketing-terminology like "cyber", "military-grade"
    neglects general sad state of host security

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt



More information about the cypherpunks mailing list