On Fri, Jul 5, 2013 at 10:26 AM, Reinier Zwitserloot <[email protected]>wrote:
> In short: > > * You do need to trust google, but not very much. I would trust them > enough for this specific case. > It is more than just Google that you have to trust. One of the tough points to get across to those that are worried about security is that you have to have a ridiculously large chain of trust when working on the internet. Just take a peek at the certificate authorities that are in your browser for a good indication. (And... I realize that is far from complete.) > * PGP is not a solution whatsoever. There are still ways to use crypto > here (steganographics), but it's very very tricky to use, and the tools > aren't mature. > > Do you think PGP could be good enough if a critical mass was using it? Steganography is a neat idea and all, but the point of that is that you are using what is essentially a known compromised medium to attempt secure communication, right? That is, you know they can see the main carrier, but you take steps such that they should not notice the message. Seems standard crypto is a much better mechanism, in general. -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/javaposse. For more options, visit https://groups.google.com/groups/opt_out.
