On 11/28/14, Andy Isaacson <[email protected]> wrote: > ... > A colleague and I, both interested in modern cryptographic systems, > started to collaborate on a new project, using Pond. Months later, we > realized that we had communicated useful information early on, over Pond > exclusively, and the "social norm that communications are deleted after > a few days" resulted in us losing important notes about the early days > of our project. > > Even though it was clearly documented and I had simultaneously advocated > Pond to other experimental users for exactly this feature, I didn't > think through the consequences of this design feature for my use case. > I didn't even realize that I *had* a use case, until much later.
an interesting anecdote. friends and i had prior moved to configurations with explicitly no logging (a change from defaults, since OTR in most clients would log to disk by default) a change to pond no different, as prior expectations assumed no persistence... > For this scenario, it turns out we wanted a modern secure communication > system more like Prate, https://github.com/kragen/prate . we ended up on random etherpads on a trusted host. (e.g. one of our own). > Generalizing from this specific example, you can find many other > examples of a security system being used outside of its designed > envelope. very true; evokes Gibson: “The street finds its own uses for things.” (and in the example above, the URI itself the authenticator for the random pad...) best regards,
