On Thu, Jun 5, 2014 at 10:37 AM, Black Fox <[1]fox@vbfox.net> wrote:

   On Thu, Jun 5, 2014 at 4:48 AM, Alfie John <[2]alfiej@fastmail.fm>
   wrote:
   >
   > On Wed, Jun 4, 2014, at 10:19 AM, [3]tpb-crypto@laposte.net wrote:

   > > That's why there is not foocking way to trust proprietary software.
   > > Companies are forced to act like criminals on behalf of the
   government.
   > > There is no loyalty, respect, ethics, honesty or even business
   which the
   > > US government won't try to trample upon.
   >
   > Someone's already submitted a bug report:
   >
   >   [4]https://code.google.com/p/end-to-end/issues/detail?id=9

     Cute, but the threat model of the submitter seem unclear to me, in
     what is it different here from gpg binaries provided by a linux
     distribution package ?
     If even only one person have access to the packaging keys and is of
     american nationality he can receive a National Security Letter and
     would have to comply (Rubber hose is obviously working too if they
     want to risk it). Using quantum insert they don't even need to
     change
     the packages for everyone, only you.
     Updates for any software executing with access to your private data
     are dangerous.
     I don't see why this subject is present in the issue tracker of an
     extension... it's a lot more general issue (Except for the fact that
     Google bashing is cool today).

   This seems like a good project, that will move PGP usability and
   standards forward. It's also a big deal for Google to throw its support
   to the project, since it is in direct tension with the business model
   Gmail is built on (scanning your emails).
   The auto-update feature is a big deal that will have to get wrestled
   with openly as this moves further. Perhaps they'll work out a separate
   update policy for it, who knows. But it'll also have applications
   outside of a place in the Chrome Web Store.
   For example, hopefully much of this work (especially the JS crypto
   work) will also turn out to be reusable in Firefox.
   --
   [5]konklone.com | [6]@konklone

References

   1. mailto:fox@vbfox.net
   2. mailto:alfiej@fastmail.fm
   3. mailto:tpb-crypto@laposte.net
   4. https://code.google.com/p/end-to-end/issues/detail?id=9
   5. https://konklone.com/
   6. https://twitter.com/konklone