On Thu, 2014-11-13 at 18:06 -0500, Eric Mill wrote: > This isn't accurate, in practice. In theory, Google could replace any > certificate they want for first use. But they clearly don't do that > for everyone (Moxie or someone would notice), and if they did it in a > targeted way, it could only be on the first use. That's a threat > vector, but only viable under both targeted and specific > circumstances. > > > So "what's to stop Google pushing a malicious TextSecure? Nothing. > Nothing, at all, ever." isn't accurate -- you can trust that you're > highly likely to get the real TS binary on first install, and then > guarantee that you're getting a binary signed by the same person for > updates.
But Google can silently update their services providing this "guarantee" and remove it. Could they do this without anyone noticing? Probably not on a wide scale. But it's still not a guarantee. There's essentially no way to get around this on Android, which is I think why Moxie has abandoned that goal. If a solution exists, the people detracting TextSecure for using Google infrastructure should build that solution, fork TextSecure, and add it. Code speaks louder than words. -- Sent from Ubuntu
signature.asc
Description: This is a digitally signed message part
