undefined | Better HN

0 pointsColanR5y ago0 comments

I think Drew responded to that. I thought this was a key quote:

> Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries....it’s your responsibility to clearly explain the drawbacks and advantages of the tradeoffs you make. If you make broad and inaccurate statements about your communications product being “secure”, then when the political prisoners who believed you are being tortured and hanged, it’s on you.

0 pointsColanR5y ago0 comments

I think Drew responded to that. I thought this was a key quote:

0 comments

5 comments · 1 top-level

tptacek5y ago· 4 in thread

Which is pretty rich, because in the post where that quote originally appeared, the author recommended as an alternative to Signal a tool that wasn't even end-to-end encrypted by default.

ColanROP5y ago

> in the post where that quote originally appeared, the author recommended as an alternative to Signal a tool that wasn't even end-to-end encrypted by default

You seem really hung up on that. A transient recommendation has very little to do with stated expectation that "a tool which claims to be secure [should] actually be secure".

tptacek5y ago

Yes, I take secure messenger recommendations seriously; bad ones get people hurt. Tfiles have been passed around about the harm that has come to people using two other then-popular "secure" messengers.

(Matrix is very cool and I think it has a bright future as an IRC replacement and ultimately, perhaps, a Slack competitor --- something that provides opsec suitable for a commercial setting. I always come across as a Matrix hater in these threads, and I do not hate Matrix, and wish the project well.)

Shared4045y ago

A) I see that nowhere in this post, so the author must have retracted it when he found that out.

B) Matrix has always been very easy to set up E2E

C) Matrix is now E2E by default, at least with the client non-technical users will be using. I think it is for the other clients as well, but I do not know for sure.

tptacek5y ago

Yes, the author ghost-edited it out of his post, months later. You can see the original on Archive.org.

Matrix was years from being E2E by default when this post, and that recommendation, was written.

1 more reply

j / k navigate · click thread line to collapse