cathalgarvey at cathalgarvey.me
Thu Jan 15 11:45:59 PST 2015
> So far, as far as I can see, you're not even inflicting PGP on us
> here, let alone your friends.
I did for a while, but then I moved hardware and didn't see any reason
to set up PGP again. At best, it was a signal to people that I cared
about security/privacy, at worst it was making everything I posted
non-repudiable for no useful reason.
The fact that miniLock is authenticated but repudiable makes it a better
bet for PGP-usecase purposes *anyway*, and my minilock ID is in my
signature (again, had lapsed by accident) for people who want to use
miniLock outside of peerio.
But, miniLock isn't (opportunistic pun) "turn-key", it requires
launching, authenticating, dropping a file to encrypt, typing in a
miniLock ID to encrypt to (encrypting to yourself probably makes it
non-repudiable if someone acquires your private key, beware!),
downloading the encrypted file, and then transmitting the encrypted file
Now, implementing Peerio server is something I endorse. If I weren't too
busy, I'd investigate doing it myself, it looks like fun. If anyone does
feel like it, they have miniLock for JS-based servers, and deadLock for
Python-based servers (needs some work/bugfixes).
On 15/01/15 16:44, rysiek wrote:
> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
>> If the server code were open, how would you know the server was actually
>> running that code anyway?
> Not much. But it would allow others to run the server code and offer similar
> service, at the very least.
>> Having the protocol documented so thoroughly makes the task of writing an
>> alternative server trivial if time-consuming. I'd obviously prefer the
>> server were AGPL, and I hope someone will write an AGPL'd server and
> Of course. The "time-consuming" part is what bothers me. I *could* throw in an
> hour or two to set-up a peerio server had the code been available; I have
> absolutely *no way in hell* of throwing in days or weeks of work to implement
> their protocol.
>> For now though, the client is open source, the crypto doesn't suck, the
>> UX is excellent, and the threat model is pretty transparent. I'm *never*
>> going to inflict PGP on friends, but I'll happily inflict this on them.
> So far, as far as I can see, you're not even inflicting PGP on us here, let
> alone your friends.
peerio.com: Use email or phone. Uses above miniLock key.
More information about the cypherpunks