Google'es End-to-End

rysiek rysiek at hackerspace.pl
Tue Jun 3 17:08:02 PDT 2014


Dnia wtorek, 3 czerwca 2014 19:55:16 James Murphy pisze:
> On 6/3/2014 18:42, tpb-crypto at laposte.net wrote:
> >> Message du 04/06/14 00:29
> >> De : "rysiek"
> >> 
> >> OHAI,
> >> 
> >> Dnia środa, 4 czerwca 2014 00:19:43 piszesz:
> >>>> not sure what to think about this one:
> >>>> http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encr
> >>>> ypt
> >>>> ion-easier-to.html
> >>>> 
> >>>> Technical specs:
> >>>> https://code.google.com/p/end-to-end/
> >>> 
> >>> If you want to land on a watch-list and maybe no-fly list, you just
> >>> install
> >>> it in your Chrome. Because as far as we can tell Google is in bed with
> >>> the
> >>> NSA and so the proprietary browser may just flag you to the system and
> >>> done
> >>> you are, or may forward all your messages in the clear. Who knows? Which
> >>> is
> >>> worst?
> >>> 
> >>> That's why there is not foocking way to trust proprietary software.
> >>> Companies are forced to act like criminals on behalf of the government.
> >>> There is no loyalty, respect, ethics, honesty or even business which the
> >>> US
> >>> government won't try to trample upon.
> >>> 
> >>> If one wants to go crypto, he goes all the way with OpenBSD, Tails,
> >>> Kali,
> >>> Gentoo, Firefox, Midori or even old and good Lynx, but not Chrome.
> >>> 
> >>> lol
> >> 
> >> A heck with it, why not -- I'll play the Google's advocate here.
> >> 
> >> So, the extension itself will be FLOSS, as I understand, so the extension
> >> itself will be audit-able (inb4 openssl, truecrypt). And as I understand
> >> it
> >> *will* be installable in Chromium too.
> >> 
> >> Is that an acceptable combination? With such an assumption ("use
> >> Chromium,
> >> Luke!"), does End-to-End seem to make sense? Or are there other problems
> >> we
> >> need to look into and be wary of?
> > 
> > With chromium, End-to-End can start looking respectable. But even then
> > Chromium is cranked by a much smaller team than Firefox and surely
> > suffers from the same problems OpenSSL has faced for most of its
> > existence.
> I went ahead and tried it out. One click to make a key and it integrates
> into gmail. It's not going to replace PGP for anyone who already has a
> key pair, but making end-to-end encryption one-click-easy is a shoe in
> the door for getting the public to start caring about its own privacy
> (and hence ours).

Okay, but how does that play with other PGP users? For example, will I be able 
to verify your signature with my "old" GPG?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140604/61c65364/attachment-0001.sig>


More information about the cypherpunks mailing list