[liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services

Aymeric Vitte vitteaymeric at gmail.com
Wed Jul 23 04:11:51 PDT 2014 

Le 23/07/2014 01:52, Jérôme Pinguet a écrit :
> But why stick to JavaScript and the browser after all? These are 
> endangered species.

??? You must be kidding...

> In the US, mobile apps made up 47% of Internet traffic at the 
> beginning of this year, overtaking the PC (45%). Mobile browsers 
> accounted for only 8% of the traffic. The rest of the world is 
> following at an even greater pace. Willy-nilly, crypto for the masses 
> will be on mobile app, or never will be.

Do you mean we should trust mobile apps outside of the browser? I 
would'nt, the advantage of the browser is that it is present on any 
device and so widely used that you can trust it if it is proven that the 
app is using it correctly, and you can use the same app on any device, 
if the browsers are messing around people would detect it, the 
disadvantage is that it depends on a very few vendors which decide and 
specify whatever they like, but that's probably still better than having 
to check I don't know how many mobile apps and their providers, the 
browser app does not depend on what said vendors might have decided to 
track,spy, insecure you

Probably, if there are not many mobile apps inside browsers today it is 
only because the mobile browsers still can not do the job correctly and 
fail to behave the same, I did some mobile apps some time ago, the 
conclusion was a little bit in contradiction with what I am saying here: 
the code was full of "if ios, if android, if bb, if bada, if ie, if 
safari, if ff, if chrome..." and the result less convincing than a 
native app, but at last this was working on any platform without 
installation, this is evolving fast I believe.

>
> Among the happy few GPG people, how many delay answering because 
> they're away from their laptop and couldn't be bothered to replicate 
> the complicated process of setting up GPG with APG/K9 mail, plus 
> generating a subkey for signing on a less secure device?
>
> How many Android apps are written in JavaScript?
>
> A signed native app on FreeDroid repo that runs on Replicant, 
> CyanogenMod (or Android if you like to live on the edge) could become 
> the encryption killer app. The (heavily centralized) Blackphone has 
> sold out, even though it's compatible with nothing.
>
> IMHO, real liberation technologies can only be based on decentralized 
> trust systems.

Not saying that there are no other alternatives but that's exactly the 
goal of Peersm: everything is distributed inside browsers which are 
relaying the traffic for each others.

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the liberationtech mailing list