[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google'es End-to-End



> Message du 04/06/14 02:01
> De : "James Murphy" 
>
> On 6/3/2014 18:42, [email protected] wrote:
> >> Message du 04/06/14 00:29
> >> De : "rysiek" 
> >>
> >> OHAI,
> >>
> >> Dnia Å?roda, 4 czerwca 2014 00:19:43 piszesz:
> >>>> not sure what to think about this one:
> >>>> http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encrypt
> >>>> ion-easier-to.html
> >>>>
> >>>> Technical specs:
> >>>> https://code.google.com/p/end-to-end/
> >>>
> >>> If you want to land on a watch-list and maybe no-fly list, you just install
> >>> it in your Chrome. Because as far as we can tell Google is in bed with the
> >>> NSA and so the proprietary browser may just flag you to the system and done
> >>> you are, or may forward all your messages in the clear. Who knows? Which is
> >>> worst?
> >>>
> >>> That's why there is not foocking way to trust proprietary software.
> >>> Companies are forced to act like criminals on behalf of the government.
> >>> There is no loyalty, respect, ethics, honesty or even business which the US
> >>> government won't try to trample upon.
> >>>
> >>> If one wants to go crypto, he goes all the way with OpenBSD, Tails, Kali,
> >>> Gentoo, Firefox, Midori or even old and good Lynx, but not Chrome.
> >>>
> >>> lol
> >>
> >> A heck with it, why not -- I'll play the Google's advocate here.
> >>
> >> So, the extension itself will be FLOSS, as I understand, so the extension 
> >> itself will be audit-able (inb4 openssl, truecrypt). And as I understand it 
> >> *will* be installable in Chromium too.
> >>
> >> Is that an acceptable combination? With such an assumption ("use Chromium, 
> >> Luke!"), does End-to-End seem to make sense? Or are there other problems we 
> >> need to look into and be wary of?
> >>
> > 
> > With chromium, End-to-End can start looking respectable. But even then Chromium is cranked by a much smaller team than Firefox and surely suffers from the same problems OpenSSL has faced for most of its existence.
> > 
> 
> I went ahead and tried it out. One click to make a key and it integrates
> into gmail. It's not going to replace PGP for anyone who already has a
> key pair, but making end-to-end encryption one-click-easy is a shoe in
> the door for getting the public to start caring about its own privacy
> (and hence ours).
> 

I find the combination of gmail and chromium while thinking in privacy a risible solution. But hey, it may help grandma think about protecting herself, ok. False sense of security is the best we can hope at this point.

That's sad, man.