peerio.com
Cathal Garvey
cathalgarvey at cathalgarvey.me
Thu Jan 15 03:20:22 PST 2015
If the server code were open, how would you know the server was actually
running that code anyway? Having the protocol documented so thoroughly
makes the task of writing an alternative server trivial if
time-consuming. I'd obviously prefer the server were AGPL, and I hope
someone will write an AGPL'd server and federation.
For now though, the client is open source, the crypto doesn't suck, the
UX is excellent, and the threat model is pretty transparent. I'm *never*
going to inflict PGP on friends, but I'll happily inflict this on them.
On 14/01/15 22:54, rysiek wrote:
> Dnia środa, 14 stycznia 2015 22:09:12 Cathal Garvey pisze:
>> > So it would be prudent to use pseudonyms, and to access via some mix
>> > of VPN(s), JonDonym and Tor (according to ones need for anonymity vs
>> > speed). And using devices with removable local storage, there would be
>> > no traces to be inspected by adversaries.
>>
>> Well, I use my real name in most places and communicate a lot with
>> real-world friends and family by email, su using Peerio is therefore a
>> step up in security for me even if I continue to go by my usual name and
>> use my usual IPs.
>>
>> If you need hard anonymity, this is only a marginal gain over regular
>> email because metadata (when, who, how, where) is a significant threat
>> to anonymity. So yea, use a burner email when setting up a peerio
>> account (no longer required after setup, probably a throwback to
>> email-as-salt in miniLock plus contact discovery by known email
>> address), then use through Tor (do research whether websockets are
>> tor-safe?).
>>
>> > Cool. But still, how is peerio more secure spideroak, for example?
>>
>> Spideroak appears to be more about file storage and sync, whereas Peerio
>> seems to me to simply be a better approach to server:client email. It's
>> down to the bone: message-passing with attachments, and a nice UI.
>>
>> As a crypto-app, it's targeted at the mainstream, and people who
>> interact with the mainstream. People on this list will have better, more
>> secure ways of communicating, but Nadim (to his credit) excels at making
>> crypto-apps that can appeal to normal users while adding a significant
>> privacy. It's an easier sell from "us" to "them".
>
> With server code closed, it doesn't make sense to me to "sell" it to anybody.
>
--
Twitter: @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: Use email or phone. Uses above miniLock key.
More information about the cypherpunks
mailing list