Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd go further and say Moxie is complicit by way of negligence. It's unethical to assist in the implementation of your protocol when you can't guarantee its privacy protections will actually stand. Otherwise it's free PR for Facebook to tout "Snowden-approved crypto".

I have no doubt Moxie acted in good faith and wanted to expand encryption to a large number of users, but this is just another example of why proprietary software cannot be trusted.

Any and all proprietary implementations of the Signal protocol are now suspect. OWS should denounce these implementations as least as firmly as they do interoperable open source Signal client forks.



On a completely unconnected note, what was the name of that technique that GCHQ uses to disrupt online forums and subtly undermine peoples reputations?


https://theintercept.com/2014/02/24/jtrig-manipulation/


> On a completely unconnected note

You are not being sincere. You are implying that GP is a paid troll of spooks.


https://news.ycombinator.com/item?id=13394900


> OWS should denounce these implementations as least as firmly as they do open source Signal client forks.

They don't. Moxie does not want the forks to use his servers or the name of his app, that is all.


Well since the server for Signal is closed source, the signal client forks are pretty much useless (correct me if I’m wrong)?


The server for the text messaging is open source, only calls, and other stuff is closed.


> Moxie is complicit by way of negligence.

I just want to voice my opinion that maybe 1 in 100 people have Moxie's integrity and ethics.


one in a billion... he's the most ethical hacker and political actor i've encountered...


An error in judgment (naiveté) and integrity are not mutually exclusive.


> I'd go further and say Moxie is complicit by way of negligence

Your "further" stance is not supported by the evidence. You might disagree with the design choices, but they're not negligence or "complicity". Moxie answered, in the other thread, that

a fact of life is that the majority of users will probably not verify keys. That is our reality. Given that reality, the most important thing is to design your product so that the server has no knowledge of who has verified keys or who has enabled a setting to see key change notifications. That way the server has no knowledge of who it can MITM without getting caught. I've been impressed with the level of care that WhatsApp has given to that requirement. I think we should all remain open to ideas about how we can improve this UX within the limits a mass market product has to operate within, but that's very different from labeling this a "backdoor."

https://news.ycombinator.com/item?id=13394900




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: