-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/9/2014 8:42 PM, Yosem Companys wrote: > Wickr is back in the news in spectacular form: > > http://www.inc.com/magazine/201407/ceo-of-wickr-leads-social-media-resistance-movement.html > > ...despite known security problems we've discussed on the list before: > > https://mailman.stanford.edu/pipermail/liberationtech/2012-June/004239.html > > Seems as though we need better tactics to share with journalists our > impressions about security. > > YC
Looking at the list of issues Nathan mentioned, I'm seeing that at least some of them like PFS have been addressed since that posting (with the glaring exception of Open Source, unfortunately). They've also received an audit from Veracode since then IIRC. Obviously I can't speak expertly on the crypto, but I think it should be a positive thing that there's a push for ephemeral social media/messaging with some semblance of security in mind (aka - not Snapchat). I've spoken with one of the creators several times and they've always struck me as forthcoming and fairly determined to hammer out these issues....eventually. A lot of people I talk to in the infosec community also seem pretty enthusiastic about it. But yeah, would definitely love to have some kind of catalog of concerns about this and other commercial solutions - I get pitched on the latest "magic" email encryption snakeoil regularly. - -- Joshua Kopstein ? Cyberculture Journalist ? PGP Key: http://is.gd/lHEXgs https://joshk.contently.com -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJTlxQEAAoJEP1hZpSrdQtYFNoH/26KB0xR7XoqcWVfujlGbv7C rR5mj6qA61c7zD+thtIRQMJ1FAK7DUa2tuYaa127YIlEPfpu9B25MWitcCMe2zmm saUrVyZ/Y/8j/zfX1XTjXmArdv4Fg1EMuEvvTXx9aXPx4yRbl2cNY3bpW9k0z4Fo PNlxSZ9cKR1cSVhtb9YrGoRNz8RSdYmYwEPhYFvMxtcRLY42GbfiTQVUC1e7LL/W ZUWoeJm6aXPaih2alW5l4MgauIF1pGE9e7nVUVv7MO6tpOjzN5iYnym/Qv2u6FQa +ilbTOAwL+Vy3LrsymKsL+UoMNoQ3qT7THfBtbnYC5UPBJYAkJcI+5BipjuV2zI= =f+qA -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.