On Sat, Jul 26, 2014 at 8:03 AM, Lodewijk andré de la porte
   <[1]l@odewijk.nl> wrote:

   Is surprisingly often passed around as if it is the end-all to the idea
   of client side JS crypto.
   TL;DR: It's a fantastic load of horse crap, mixed in with some
   extremely generalized cryptography issues that most people never
   thought about before that do not harm JS crypto at all.

   What's in the Matasano article is common sense advice. It may seem
   elementary for some. But you'd be surprised how many sites fit the
   pattern the Matasano post describes, arguing that they can provide
   *better* security by serving JavaScript crypto code over easily-MitMed
   plaintext HTTP.
   Here are a couple offenders...
   #3 Google search result for "encrypted chat":
   [2]http://www.chatcrypt.com/
   Not popular by Google results, but a similarly silly effort:
   [3]http://www.peersm.com/
   --
   Tony Arcieri

References

   1. mailto:l@odewijk.nl
   2. http://www.chatcrypt.com/
   3. http://www.peersm.com/