[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diversification [ branched from Re: conflicts in the gnu project now

From: Arne Babenhauserheide
Subject: Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile]
Date: Tue, 22 Oct 2019 22:51:57 +0200
User-agent: mu4e 1.2.0; emacs 26.1

Zelphir Kaltstahl <address@hidden> writes:
> To verify another person's device, one has to exchange information via a
> second trusted channel. That information is a sequence of icons being
> shown. If they are the same, that the other person sends you via the
> second trusted channel, you can reasonably assume, that the device you
> are communicating with is under their control.
> When it comes to the step of exchanging information about what icons are
> displayed, most people will close the app and say "it's too
> complicated", because they do not understand it ("Huh? How strange! Why
> I have to do that? Are icons secure?") or do not want to do anything in
> order to have security. They are not willing to invest as much as 5min

In Freenet we have the same problem. We once had someone start an app
that used tapping phones together to exchange references, but it did not
get developed further.

It nowadays lives under my account, but I don’t have the time to work on
it (or rather: other things have higher priority for me).

Maybe someone can find a tool there to ease initial setup.

Also TOFU is something we desperately need more of. For example I
recently had two unrelated people writing to me by email and our
communication was encrypted automatically because they used enigmail
with autocrypt and pretty-easy-privacy.

Best wishes,
Unpolitisch sein
heißt politisch sein
ohne es zu merken

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]