Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]

Cathal Garvey cathalgarvey at cathalgarvey.me
Wed Jul 23 15:40:39 PDT 2014 

>     neglects general sad state of host security

You mean user host (client endpoint security, for most people
nonexistent) or server host? Because at least with the latter, a clever
design or threat-model can make server-client pretty secure by simply
making the server zero-knowledge.

I used to be a total P2P hippie, and P2P is still my preference
aesthetically and for reasons of simple resilience, but I no longer
regard server-client as an automatic fail, provided the server is
zero-knowledge. So, encrypted XMPP/Jingle (Jitsi) is good, whereas
lol-not-really-encrypted-server-sees-all Mumble is not.

On 23/07/14 22:59, stef wrote:
> On Wed, Jul 23, 2014 at 05:24:22PM -0400, grarpamp wrote:
>> To quote OP... not open source.. not audited.. central servers.. webrtc..
>> 'no' logs.. and a shiny link for grins... and then claims it 'looks very
>> interesting and promising'. WTF, really? I appreciate innocent questions,
>> but the answer (or at least our response) should be obvious, from those
>> parameters alone, to someone who's been around for a while.
> 
> exactly this prompted me to come up with the seven rules of thumb to detect
> snakeoil:
> 
>     not free software
>     runs in a browser
>     runs on a smartphone
>     the user doesn't generate, or exclusively own the private encryption keys
>     there is no threat model
>     uses marketing-terminology like "cyber", "military-grade"
>     neglects general sad state of host security
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140723/c2770c2c/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140723/c2770c2c/attachment-0002.sig>

More information about the cypherpunks mailing list