Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]
stef
s at ctrlc.hu
Thu Jul 24 01:29:11 PDT 2014
On Thu, Jul 24, 2014 at 08:39:35AM +0200, Stephan Neuhaus wrote:
> On 2014-07-23, 23:59, stef wrote:
> > exactly this prompted me to come up with the seven rules of thumb to detect
> > snakeoil:
> >
> > not free software
> > runs in a browser
> > runs on a smartphone
> > the user doesn't generate, or exclusively own the private encryption keys
> > there is no threat model
> > uses marketing-terminology like "cyber", "military-grade"
> > neglects general sad state of host security
> >
>
> In order to qualify as snake oil according to this definition, do all of
> these have to be true, or is any criterion sufficient?
any is enough, but combo-bonuses are combo-bonuses.
> Because if it's "any", then this https://www.cylab.cmu.edu/safeslinger/ is
> snakeoil, which I think is unfair. (Note that I'm not saying that this is a
> secure app; I haven't looked at the code. But you can't fault the authors on
> threat modelling etc. Its only "fault" is that it runs on a smart phone.)
well, you have a baseband stack behind it, and a vendor/provider delivering
stuff without your consent, etc...
--
otr fp: https://www.ctrlc.hu/~stef/otr.txt
More information about the Testlist
mailing list