rysiek at hackerspace.pl
Tue Feb 3 10:38:37 PST 2015
So, I assessed it vis-a-vis stef's rules already, otherwise I would not dive
into it at all. ;)
But yeah, let's have a look.
Dnia wtorek, 3 lutego 2015 19:28:01 Markus Ottela pisze:
> From the PoW of Stef's seven rules of thumb to detect snake oil:
> *1. Not free software *
> 56b051c72 "/Licenced the code under the GPL for now./" (Free software? Good.
> But, "for now" ? Is it going to change?)
So, that's not going to change, IMHO. There are several developers and I don't
think there was any ascribing of copyrights to any legal or physical person,
so changin a license *from* GPL is not entirely straightforward.
I ticked this one as "AOK".
> *2. Runs in a browser *
> *3. Runs on a smartphone *
> Has been suggested but not yet implemented.
Still, you don't have to use it. As in, I use a desktop client, not going to
be using it on my mobile anyway. It doesn't *require* smartphone use, just
like e-mail does not *require* a smartphone e-mail app (if you use one, well,
that's your choice).
inb4 "e-mail is not safe" -- puh-lease, that was just a way to illustrate a
"AOK" for here too.
> *4. The user doesn't generate, or exclusively own the private encryption
> The user is in control,
> yet the source of randomness and crypto implementation are not explained
> properly. The wiki talks about public keys and PFS without explaining
> the relation between the two.
ACK. So, the PDF I linked to goes a *bit* further (just a wee bit). Go have a
look at the "Crypto" section:
So, at least not a "we hold your keys -- FOR SAFETY!!1!" kind of snakeooil.
Half of an "AOK" from me here.
> *5. There is no threat model*
> "/With the rise of government monitoring programs/" implies it's
> designed to be secure against state surveillance.
> "Tox does not cloak IP addresses when communicating with other users"
> In disclaimer it is also just stated that
> "/Tox prevents message contents from being read or altered by third
> parties, or anyone else other than the intended recipient/", yet it
> doesn't even bother to evaluate the system against HSAs or MSAs.
True. One has to consider their own threat model and assess if Tox is the
answer. Tox does *not* provide anonymity, it at least *tries* to provide OTR-
like features (encryption, integrity, etc.).
> Instead, the threat model seems to revolve around developer anonymity
> (https://wiki.tox.im/DevAnonymity). "/Potential harassment by the
> government and trolls/" seems to include people pointing out issues with
> the software as well.
Indeed. So again, half an "AOK".
> *6. Uses marketing-terminology like "cyber", "military-grade"*
> It doesn't, although it does say "/leading-class encryption/", and the
> logo is yet another unnecessary lock.
I like the logo. "AOK" from me, especially taken into account they're not
reimplementing the wheel but using NaCL instead.
> *7. Neglects general sad state of host security *
> This. The developers think it is obvious for every user, that if the
> endpoint device is compromised, there is no security. This is horrible
> since average computer user is still mainly occupied with thoughts "I
> need a firewall" or "I might get a virus" -- not "The government might
> exploit unpatched OS or exploit a 0-day" or "The company behind my
> proprietary OS might be issued a subpoena to include a backdoor". It's
> not the job of Tox developers to patch OS, but it's their job to warn
> users there are attack vectors the developers are not in control of.
> They have refused to do so, which limits the users ability to make
> informed choices depending on their threat model.
Well, yes, and my beef with Tox is also that the private keys do not require a
passpharse to unlock. So that's a no-no in my book.
Still, this doesn't look like snakeoil; rather like a good idea with not-so-
stellar execution, which *might* get better.
Am I missing anything?
> For some time I've wanted to evaluate TFC from these perspectives as well:
Could we have a *separate* thread for it? I'm really interested in having a
more in-depth discussion of Tox and this could potentially hi-jack this
thread. Much obliged.
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: This is a digitally signed message part.
More information about the cypherpunks