Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]

Alfie John alfiej at fastmail.fm
Wed Jul 23 15:31:23 PDT 2014


On Wed, Jul 23, 2014, at 05:59 PM, stef wrote:
> On Wed, Jul 23, 2014 at 05:24:22PM -0400, grarpamp wrote:
> > To quote OP... not open source.. not audited.. central servers.. webrtc..
> > 'no' logs.. and a shiny link for grins... and then claims it 'looks very
> > interesting and promising'. WTF, really? I appreciate innocent questions,
> > but the answer (or at least our response) should be obvious, from those
> > parameters alone, to someone who's been around for a while.
> 
> exactly this prompted me to come up with the seven rules of thumb to
> detect
> snakeoil:
> 
>     not free software
>     runs in a browser
>     runs on a smartphone
>     the user doesn't generate, or exclusively own the private encryption
>     keys
>     there is no threat model
>     uses marketing-terminology like "cyber", "military-grade"
>     neglects general sad state of host security

I like the idea of this. Are there any check lists out there that can be
used to qualify if software is safe? Flipping what Stef wrote, so far we
have:

  - Must be open source
  - Must be run on the client's machine
  - Must use non-shared, private key

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm



More information about the cypherpunks mailing list