Google'es End-to-End
James Murphy
jtmurphy at cmu.edu
Tue Jun 3 16:55:16 PDT 2014
On 6/3/2014 18:42, tpb-crypto at laposte.net wrote:
>> Message du 04/06/14 00:29
>> De : "rysiek"
>>
>> OHAI,
>>
>> Dnia środa, 4 czerwca 2014 00:19:43 piszesz:
>>>> not sure what to think about this one:
>>>> http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encrypt
>>>> ion-easier-to.html
>>>>
>>>> Technical specs:
>>>> https://code.google.com/p/end-to-end/
>>>
>>> If you want to land on a watch-list and maybe no-fly list, you just install
>>> it in your Chrome. Because as far as we can tell Google is in bed with the
>>> NSA and so the proprietary browser may just flag you to the system and done
>>> you are, or may forward all your messages in the clear. Who knows? Which is
>>> worst?
>>>
>>> That's why there is not foocking way to trust proprietary software.
>>> Companies are forced to act like criminals on behalf of the government.
>>> There is no loyalty, respect, ethics, honesty or even business which the US
>>> government won't try to trample upon.
>>>
>>> If one wants to go crypto, he goes all the way with OpenBSD, Tails, Kali,
>>> Gentoo, Firefox, Midori or even old and good Lynx, but not Chrome.
>>>
>>> lol
>>
>> A heck with it, why not -- I'll play the Google's advocate here.
>>
>> So, the extension itself will be FLOSS, as I understand, so the extension
>> itself will be audit-able (inb4 openssl, truecrypt). And as I understand it
>> *will* be installable in Chromium too.
>>
>> Is that an acceptable combination? With such an assumption ("use Chromium,
>> Luke!"), does End-to-End seem to make sense? Or are there other problems we
>> need to look into and be wary of?
>>
>
> With chromium, End-to-End can start looking respectable. But even then Chromium is cranked by a much smaller team than Firefox and surely suffers from the same problems OpenSSL has faced for most of its existence.
>
I went ahead and tried it out. One click to make a key and it integrates
into gmail. It's not going to replace PGP for anyone who already has a
key pair, but making end-to-end encryption one-click-easy is a shoe in
the door for getting the public to start caring about its own privacy
(and hence ours).
More information about the cypherpunks
mailing list