Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-02-04 Thread Anti Fag
> Marina Brown catskillmarina at gmail.com > Sat Feb 4 12:43:54 PST 2017 > > It's not hard. People are just lazy and spoiled with their facebook messenger. Fb messeger uses e2e encryption. > > Most users today value convenience over security. Security increases convenience. The problem is in

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-02-04 Thread Marina Brown
On 01/16/2017 01:38 AM, James A. Donald wrote: > On 1/16/2017 1:28 PM, juan wrote: >> people need to learn how to manage their keys - it's not hard... > > Is hard. > > We have been through this already. > It's not hard. People are just lazy and spoiled with their facebook messenger. Most

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-17 Thread John Newman
On Tue, Jan 17, 2017 at 03:33:11PM -0300, juan wrote: > On Tue, 17 Jan 2017 12:18:36 -0500 > John Newman wrote: > > > > > > You can also serve your keys on a web server you control over HTTPS > > with a legit signed certificate. $8 from comodo, free from the let's > > encrypt

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-17 Thread juan
On Tue, 17 Jan 2017 12:18:36 -0500 John Newman wrote: > > You can also serve your keys on a web server you control over HTTPS > with a legit signed certificate. $8 from comodo, free from the let's > encrypt people and startssl people Why is comodo more trustable

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-17 Thread John Newman
> On Jan 17, 2017, at 12:11 AM, Shawn K. Quinn wrote: > >> On 01/16/2017 11:00 PM, James A. Donald wrote: >> Is hard. >> >> Suppose I want to talk to you about something that is actually >> important. I ask you to email me your public key. How do I know that >> the key

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-17 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/15/2017 01:33 PM, Razer wrote: >> At issue is the way WhatsApp behaves when an end user's >> encryption key changes. By default, the app will use the new key >> to encrypt messages without ever informing the sender of the >> change >> >>

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread Shawn K. Quinn
On 01/16/2017 11:00 PM, James A. Donald wrote: > Is hard. > > Suppose I want to talk to you about something that is actually > important. I ask you to email me your public key. How do I know that > the key I receive is the key you sent? If you think someone's monkeying with your email, then

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread James A. Donald
> people need to learn how to manage their keys - it's not hard... On 1/17/2017 9:55 AM, StealthMonger wrote: Yes! We are crypto activists and crypto software developers, but somehow we do not seem to have a secure way to communicate with each other. If not us, who? I used to have your

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread James A. Donald
people need to learn how to manage their keys - it's not hard... On 1/17/2017 9:55 AM, StealthMonger wrote: Yes! Is hard. Suppose I want to talk to you about something that is actually important. I ask you to email me your public key. How do I know that the key I receive is the key you

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread StealthMonger
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 juan writes: > people need to learn how to manage their keys - it's not hard... Yes! This message needs to be repeated, reaffirmed, and reaffirmed again -- in any forum where there might be a receptive reader. Managing

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread juan
On Mon, 16 Jan 2017 16:38:29 +1000 "James A. Donald" wrote: > On 1/16/2017 1:28 PM, juan wrote: > > people need to learn how to manage their keys - it's not > > hard... > > Is hard. > > We have been through this already. I'm surprised you haven't figured out

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-16 Thread Razer
On 01/15/2017 09:31 PM, Steve Kinney wrote: > > > A work in progress: > > A Millenials' Digital Bill Of Rights > > We hold these truths to be self evident, that all First World Middle > Class tweens, teens and 20-somethings are created superior, and are > endowed by their Creator with certain

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread James A. Donald
On 1/16/2017 1:28 PM, juan wrote: people need to learn how to manage their keys - it's not hard... Is hard. We have been through this already.

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread James A. Donald
On 1/16/2017 1:16 PM, Shawn K. Quinn wrote: Alternatively, how about Viber redesigning their software such that Alice and Bob can give each other their public keys without Viber headquarters even having to get involved, I have written such software. Nobody wanted to use it. I simplified end

Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Big 'Uns
> On Sun, Jan 15 2017 21:31:59 -2100 > "Steve Kinney" wrote: > > A Millenials' Digital Bill Of Rights Yeah, because gen y created all the shit tech and related laws. Get fukt, lol !

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/15/2017 03:39 PM, Spencer wrote: > Hi, > >> >> Razer: Torproject disease infects WhatsApp - User experience >> trumps(sic) security >> > > Security is a usability issue. > >> "failure to

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread juan
On Mon, 16 Jan 2017 12:58:20 +1000 "James A. Donald" wrote: > then the CIA can be in the middle as Ann and Bob send messages to > each other. Ann thinks she is sending a message to Bob, but actually > she is sending it to the CIA, which then resends it to Bob. > > To

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Shawn K. Quinn
On 01/15/2017 08:58 PM, James A. Donald wrote: > At present three hundred million people communicate by Viber. > > When you install Viber, it generates a secret key and a public key and > sends the public key to Viber headquarters. > > When Ann wants to message Bob, Viber headquarters sends

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread James A. Donald
On 1/16/2017 11:04 AM, James A. Donald wrote: Similarly, it is possible to ensure that the mapping between public keys and IDs looks the same for everyone in the world, preventing MIM attacks without burdening the user to manage his public keys himself. At present three hundred million people

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Zenaan Harkness
On Mon, Jan 16, 2017 at 11:04:36AM +1000, James A. Donald wrote: > Similarly, it is possible to ensure that the mapping between public keys and > IDs looks the same for everyone in the world, preventing MIM attacks without > burdening the user to manage his public keys himself. THIS would be a

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Shawn K. Quinn
On 01/15/2017 06:15 PM, Razer wrote: > If you really need security a small learning curve is acceptable and > attainable. I also see an insidious trend towards cutting out 32 bit > machines, Meaning po folk ain't entitled. 64 bit isn't inherently more > secure that 32 bit should be 'left behind'

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread James A. Donald
On 1/16/2017 10:15 AM, Razer wrote: If you really need security a small learning curve is acceptable and attainable. No it is not. And proof is that it is not in fact attained. Further a small learning curve is not needed. We can in fact have zero clicks security - placing the burden on

Re: Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Razer
On 01/15/2017 12:39 PM, Spencer wrote: > Hi, > >> >> Razer: >> Torproject disease infects WhatsApp - >> User experience trumps(sic) security > Security is a usability issue. If you really need security a small learning curve is acceptable and attainable. I al

Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Spencer
Hi, Razer: Torproject disease infects WhatsApp - User experience trumps(sic) security Security is a usability issue. "failure to obtain permission" "Better to ask forgiveness ..." An increasing usability "feature" trend. Wordlife, Spencer

Torproject disease infects WhatsApp - User experience trumps(sic) security

2017-01-15 Thread Razer
> At issue is the way WhatsApp behaves when an end user's encryption key > changes. By default, the app will use the new key to encrypt messages > without ever informing the sender of the change > > Critics of Friday's Guardian post, and most encryption practitioners, > argue such behavior is