Bleeding edge vs Established new technology, new implementation, new user base(s), new bugs. even if the math is solid, implementation may not be. I'm not trying to suggest you shouldn't use new things. I'm pointing out the potential compromise in doing it.
If you want to play on the bleeding edge here, I'd suggest you start following (well known) security people (CSO, researchers, InfoSec). Listen to podcasts where these people talk about things. Don't jump in right away. Mostly listen and watch. After a while, you'll start seeing patterns, some things will be recommended, some will start that way and then stop. The bleeding edge is bumpy. The bleeding edge is also not where most people are, so your communication radius will be small if you're using bleeding edge tools. This is a decent list to check out https://digitalguardian.com/blog/best-information-security-podcasts I like the security rabbit hole, and risky business. > On Jan 9, 2019, at 12:40 AM, Mike C. <mconno...@gmail.com> wrote: > > I'm curious to know what others do in vetting security apps they use > or may recommend to others. > > I use a variety of fairly well known secure email & chat apps but just > learned about an app called Keybase. https://keybase.io/docs > > It's like encrypted Slack but also some really interesting things like > an encrypted cloud based file system and secure digital identity > management. > > Also, this seems like they're using blockchain: > "Every account on Keybase has a public history. "Sigchains" let > Keybase clients reconstruct the present without trusting Keybase's > servers. And when you "follow" someone on Keybase, you sign a snapshot > of your view of the claims in their sigchain." > > In the past I trusted apps that I use because of recommendations by > the EFF, Edward Snowden, the general digital security community. > > Currently, there doesn't seem to be too much written up about Keybase > other than an article on HackerNews from 2016. > > The ask. Does anyone play a bit more on the bleeding edge with privacy > & encryption apps and if so how do you go about vetting an a new app > that's relatively unknown? > > Thank you, > > Mike > _______________________________________________ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowski lou...@cryptomonkeys.org <mailto:lou...@cryptomonkeys.org> Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/> Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
