[Cryptography] Whisper app tracks ‘anonymous’ users

Lodewijk andré de la porte l at odewijk.nl
Fri Oct 17 10:54:46 EDT 2014


2014-10-17 16:36 GMT+02:00 John Ioannidis <ji at tla.org>:

> The standard answer to all of these questions is that if you get something
> for free, you are not the customer, you are the product. Do the people who
> install whisper really think that the company that runs it does it out of
> the goodness of their heart?


I have a good (enough) heart. If it were me running the service it would be
as good as I managed to make it. I'm slowly learning not to be so
perfectionistic that I just drop the product, only to find alternatives are
SO MUCH WORSE.

Maybe I'm just doing it wrong?

Also: why are people at all challenged in making text communication apps
secure?? It's... Text, encryption, network-traffic-fuzzing, done

And how could people think snapchat was made for anything other than
causing you to send naked pictures to the guys who made it? It's so
ridiculous.. If you can view it on screen, someone can save it. They
defended /reasonably well/ against screenshots, but then you find out they
used AES with *hardcoded key?!* I've spend last night producing a trustable
random source, so that I can generate IV's, because just having a random
password didn't seem enough when you use CBC... And then this multi million
company doesn't even use asymetric crypto to generate keypairs??? WTF????
(actually, this is pretty important if they'd want to look at everyone's
pictures)

It's *NOT HARD *and I *DON'T* believe it's just me who thinks so. I'm *not
that smart*! In fact, just saying *it's not that hard* makes people upset
with my arrogance, wtf?

Could someone please give me some reasonable measure of how hard it is, so
that this completely paradoxal part of reality can just go "poof" and
dissapear? I honestly don't get it. (Which is, incidentally, further
evidence of not being that smart)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141017/2b3ec8f6/attachment.html>


More information about the cryptography mailing list