Google'es End-to-End
Black Fox
fox at vbfox.net
Thu Jun 5 07:37:58 PDT 2014
On Thu, Jun 5, 2014 at 4:48 AM, Alfie John <alfiej at fastmail.fm> wrote:
>
> On Wed, Jun 4, 2014, at 10:19 AM, tpb-crypto at laposte.net wrote:
> > That's why there is not foocking way to trust proprietary software.
> > Companies are forced to act like criminals on behalf of the government.
> > There is no loyalty, respect, ethics, honesty or even business which the
> > US government won't try to trample upon.
>
> Someone's already submitted a bug report:
>
> https://code.google.com/p/end-to-end/issues/detail?id=9
Cute, but the threat model of the submitter seem unclear to me, in
what is it different here from gpg binaries provided by a linux
distribution package ?
If even only one person have access to the packaging keys and is of
american nationality he can receive a National Security Letter and
would have to comply (Rubber hose is obviously working too if they
want to risk it). Using quantum insert they don't even need to change
the packages for everyone, only you.
Updates for any software executing with access to your private data
are dangerous.
I don't see why this subject is present in the issue tracker of an
extension... it's a lot more general issue (Except for the fact that
Google bashing is cool today).
More information about the cypherpunks
mailing list