WhisperSystems + WhatsApp
coderman
coderman at gmail.com
Sat Nov 29 02:47:01 PST 2014
On 11/28/14, Andy Isaacson <adi at hexapodia.org> wrote:
> ...
> A colleague and I, both interested in modern cryptographic systems,
> started to collaborate on a new project, using Pond. Months later, we
> realized that we had communicated useful information early on, over Pond
> exclusively, and the "social norm that communications are deleted after
> a few days" resulted in us losing important notes about the early days
> of our project.
>
> Even though it was clearly documented and I had simultaneously advocated
> Pond to other experimental users for exactly this feature, I didn't
> think through the consequences of this design feature for my use case.
> I didn't even realize that I *had* a use case, until much later.
an interesting anecdote. friends and i had prior moved to
configurations with explicitly no logging (a change from defaults,
since OTR in most clients would log to disk by default)
a change to pond no different, as prior expectations assumed no persistence...
> For this scenario, it turns out we wanted a modern secure communication
> system more like Prate, https://github.com/kragen/prate .
we ended up on random etherpads on a trusted host. (e.g. one of our own).
> Generalizing from this specific example, you can find many other
> examples of a security system being used outside of its designed
> envelope.
very true; evokes Gibson:
“The street finds its own uses for things.”
(and in the example above, the URI itself the authenticator for the
random pad...)
best regards,
More information about the cypherpunks
mailing list