Bookmarks - Tagged with "crypto"
Crackpot Cryptography and Security Theater
Move Fast & Roll Your Own Crypto
Despite the imperative title, this is not a suggestion to roll one's own crypto. This is an analysis of the abysmal security in the Zoom video conferencing software.
The PGP Problem
While I feel the author's suggestion to "[u]se Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger" is well-intentioned, I strongly dislike advocating for nonfree software and network services that are run unethically. I am a proponent of OMEMO/XMPP.
I may start using signify for my own software. Of course, I won't entirely give up on PGP, but I think that signing with both would be enough to signal my endorsement of the former.
The lack of a suggested alternative for email is particularly depressing to me. Why haven't we come up with a better system yet?
And the author does well to admit that PGP is still a fair choice for encrypting files. I see myself continuing to use pass for years to come.
Update:I've come back to this article a few years after adding it to this page. I now walk back on the rather inflammatory suggestion that Signal is "nonfree software and network services that are run unethically". While I prefer services that are federated rather than centralized, Signal currently serves as a secure messenger for the less technically inclined. Not to mention, OMEMO/XMPP is derived from the Signal protocol.
Furthermore, I did not verify the claims made in this article. It happens to be quiterubbish.