peerio.com

Cathal Garvey cathalgarvey at cathalgarvey.me
Thu Jan 15 11:45:59 PST 2015


 > So far, as far as I can see, you're not even inflicting PGP on us
 > here, let alone your friends.

I did for a while, but then I moved hardware and didn't see any reason 
to set up PGP again. At best, it was a signal to people that I cared 
about security/privacy, at worst it was making everything I posted 
non-repudiable for no useful reason.

The fact that miniLock is authenticated but repudiable makes it a better 
bet for PGP-usecase purposes *anyway*, and my minilock ID is in my 
signature (again, had lapsed by accident) for people who want to use 
miniLock outside of peerio.

But, miniLock isn't (opportunistic pun) "turn-key", it requires 
launching, authenticating, dropping a file to encrypt, typing in a 
miniLock ID to encrypt to (encrypting to yourself probably makes it 
non-repudiable if someone acquires your private key, beware!), 
downloading the encrypted file, and then transmitting the encrypted file 
out-of-band.

Now, implementing Peerio server is something I endorse. If I weren't too 
busy, I'd investigate doing it myself, it looks like fun. If anyone does 
feel like it, they have miniLock for JS-based servers, and deadLock for 
Python-based servers (needs some work/bugfixes).

On 15/01/15 16:44, rysiek wrote:
> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
>> If the server code were open, how would you know the server was actually
>> running that code anyway?
>
> Not much. But it would allow others to run the server code and offer similar
> service, at the very least.
>
>> Having the protocol documented so thoroughly makes the task of writing an
>> alternative server trivial if time-consuming. I'd obviously prefer the
>> server were AGPL, and I hope someone will write an AGPL'd server and
>> federation.
>
> Of course. The "time-consuming" part is what bothers me. I *could* throw in an
> hour or two to set-up a peerio server had the code been available; I have
> absolutely *no way in hell* of throwing in days or weeks of work to implement
> their protocol.
>
>> For now though, the client is open source, the crypto doesn't suck, the
>> UX is excellent, and the threat model is pretty transparent. I'm *never*
>> going to inflict PGP on friends, but I'll happily inflict this on them.
>
> So far, as far as I can see, you're not even inflicting PGP on us here, let
> alone your friends.
>

-- 
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: Use email or phone. Uses above miniLock key.



More information about the cypherpunks mailing list