[cp-global] #efail explained

carlo von lynX lynX at pirates.are.psyced.org
Thu May 17 15:36:26 GMT 2018

On Thu, May 17, 2018 at 03:54:50PM +0200, Christian Pietsch wrote:
> the EFF and generally well-regarded IT security experts such as
> Matthew Green and Bruce Schneier came up with the rather nonsensical
> suggestion to use Signal instead of E-Mail. In a lot of situations,

Especially since I wonder when the last time was that somebody
actually reproduced the binaries being distributed via Google
Play, and how likely it is that we have full understanding of
what happens within the proprietary Google libraries that are
linked into that binary...

Yes, sva, a press release would be neat. Mention that we have
no actual proof to guarantee that Signal is safe.

I loved my partner's reaction yesterday when a girlfriend of
hers asked her to install Signal. What? It's not on F-Droid?
She's a rather non-tech person, but she immediately figured
out that something is fishy when it isn't on F-Droid.

Yes, I know, there is this inofficial F-Droid repo that
has Signal builds. Can we recommend that to people? No,
too complicated to install. We can fork F-Droid instead.

This crypto tool mess is staying messy.

  E-mail is public! Talk to me in private using encryption:

More information about the global mailing list