[liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Albert López newlog at overflowedminds.net
Thu Jul 11 04:04:41 PDT 2013 


> Date: Thu, 11 Jul 2013 02:41:51 -0700
> From: mmitar at gmail.com
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Heml.is - "The Beautiful & Secure Messenger"
> 
> Hi!
> 
> Why bad approach? I am reading this comments about Heml.is and they
> are a bit funny. On the sad side. Mostly all are just ideological
> arguments. Like it is not free software. It will have centralized
> server.

I don't see the ideological side of the arguments.

> At the end what matters is what they will deliver. If it will be a
> secure and easy to use messaging for masses, this is something great.
> Security is does not help you if interface is useless. We had PGP for
> years, but usability is crucial. [1]
> 
> If I understand correctly, security-related things will be open
> source. Probably crypto on the client side. Server side they will
> probably left closed-source. And I assume that client will encrypt
> everything and then send to the server. So even if server is
> compromised, messages will be safe. But this makes user experience
> much easier to maintain.

And who says so? If nobody is able to assure that, why should I use the app? I mean that I wouldn't base the security of my communications in my guesses. And if you do so because of usability, you are fucked, man. 
> Yes, ideally it would be better if it would be distributed. But this
> opens another issues.

Ok, so now it's not ideological... 

> So the concept doesn't sound so bad to me. But I still wonder how they
> will secure meta-data (who is/was talking to who).
> 
> But please, let us support more diversity in this area. Don't destroy
> ideas even before they lunch just because we might personally believe
> it should be different. If it was be so easy, we would already have
> secure, privacy aware, decentralized messaging with nice user
> interface and I do not know which all bells and whistles.

It's not a matter of destroying an idea. It's a matter of giving your opinion about the architectural bases of an idea... 
If even before the service goes up you are already willing to base your communication's security in your guesses, then it seems that the one biassed by his ideology is you.

> Mitar
> 
> [1] http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf
> 
> On Thu, Jul 11, 2013 at 1:12 AM, Albert López <newbiesworld at hotmail.com> wrote:
> >
> >
> > Moreover when they say "our backend infrastructure"... So the service will
> > be centralized? Bad approach...
> >
> >
> > ________________________________
> >
> > gpg --keyserver pgp.mit.edu --search-keys EEE5A447
> > http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex
> >
> >
> >
> >> From: edulix at wadobo.com
> >> Date: Wed, 10 Jul 2013 21:36:33 +0200
> >
> >> To: liberationtech at lists.stanford.edu
> >> Subject: Re: [liberationtech] Heml.is - "The Beautiful & Secure Messenger"
> >>
> >> On Wed, Jul 10, 2013 at 9:30 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> >> >
> >> > "Will it be Open Source?
> >> > We have all intentions of opening up the source as much as possible for
> >> > scrutiny and help! What we really want people to understand however, is that
> >> > Open Source in itself does not guarantee any privacy or safety. It sure
> >> > helps with transparency, but technology by itself is not enough. The
> >> > fundamental benefits of Heml.is will be the app together with our backend
> >> > infrastructure, which is what really makes the system interesting and
> >> > secure." — https://heml.is/
> >> >
> >> > I'm sort of infamous by now for the fusses I make regarding the
> >> > importance of open-sourcing security software. I'm pretty sure people are
> >> > tired of me so I'm going to be quiet. But it's clear to me that Hemlis's
> >> > answer is not the right answer.
> >>
> >> Hi:
> >>
> >> Agreed. I won't support heml.is if it's not libre software, as it
> >> seems to be the case. They want 100k $ to fund non-free software.
> >> That's something I don't think people should support.
> >>
> >> Regards,
> >> --
> >> Eduardo Robles Elvira +34 668 824 393 skype: edulix2
> >> http://www.wadobo.com it's not magic, it's wadobo!
> >> --
> >> Too many emails? Unsubscribe, change to digest, or change password by
> >> emailing moderator at companys at stanford.edu or changing your settings at
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> > emailing moderator at companys at stanford.edu or changing your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130711/acf5a9bb/attachment.html>

More information about the liberationtech mailing list