Google'es End-to-End

tpb-crypto at laposte.net tpb-crypto at laposte.net
Tue Jun 3 18:01:57 PDT 2014 

> Message du 04/06/14 02:01
> De : "James Murphy" 
>
> On 6/3/2014 18:42, tpb-crypto at laposte.net wrote:
> >> Message du 04/06/14 00:29
> >> De : "rysiek" 
> >>
> >> OHAI,
> >>
> >> Dnia środa, 4 czerwca 2014 00:19:43 piszesz:
> >>>> not sure what to think about this one:
> >>>> http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encrypt
> >>>> ion-easier-to.html
> >>>>
> >>>> Technical specs:
> >>>> https://code.google.com/p/end-to-end/
> >>>
> >>> If you want to land on a watch-list and maybe no-fly list, you just install
> >>> it in your Chrome. Because as far as we can tell Google is in bed with the
> >>> NSA and so the proprietary browser may just flag you to the system and done
> >>> you are, or may forward all your messages in the clear. Who knows? Which is
> >>> worst?
> >>>
> >>> That's why there is not foocking way to trust proprietary software.
> >>> Companies are forced to act like criminals on behalf of the government.
> >>> There is no loyalty, respect, ethics, honesty or even business which the US
> >>> government won't try to trample upon.
> >>>
> >>> If one wants to go crypto, he goes all the way with OpenBSD, Tails, Kali,
> >>> Gentoo, Firefox, Midori or even old and good Lynx, but not Chrome.
> >>>
> >>> lol
> >>
> >> A heck with it, why not -- I'll play the Google's advocate here.
> >>
> >> So, the extension itself will be FLOSS, as I understand, so the extension 
> >> itself will be audit-able (inb4 openssl, truecrypt). And as I understand it 
> >> *will* be installable in Chromium too.
> >>
> >> Is that an acceptable combination? With such an assumption ("use Chromium, 
> >> Luke!"), does End-to-End seem to make sense? Or are there other problems we 
> >> need to look into and be wary of?
> >>
> > 
> > With chromium, End-to-End can start looking respectable. But even then Chromium is cranked by a much smaller team than Firefox and surely suffers from the same problems OpenSSL has faced for most of its existence.
> > 
> 
> I went ahead and tried it out. One click to make a key and it integrates
> into gmail. It's not going to replace PGP for anyone who already has a
> key pair, but making end-to-end encryption one-click-easy is a shoe in
> the door for getting the public to start caring about its own privacy
> (and hence ours).
> 

I find the combination of gmail and chromium while thinking in privacy a risible solution. But hey, it may help grandma think about protecting herself, ok. False sense of security is the best we can hope at this point.

That's sad, man.

More information about the cypherpunks mailing list