undefined | Better HN

0 pointsthirsteh12y ago0 comments

> Would you rather use a piece of communications software which purported to be cryptographically secure

..than communicate in plain text? Yes.

Where's the alternative? We can have Cryptocat shut down, which is what the author is suggesting, but then what are we (and by that I really mean people who currently use Cryptocat) going to do?

0 comments

5 comments · 2 top-level

lotsofcows12y ago· 2 in thread

Where is the author suggesting that Cryptocat be shut down?

He makes the very valid point that advertising a insecure product as secure to people who need security but don't understand it is very wrong. He's asking that the advertising be corrected.

We're not worrying about your credit card getting ripped off - this software claims to solve life or death problems.

thirstehOP12y ago

He wants it taken off the app stores.

I don't disagree with the point that you shouldn't pretend, but literally no one is in a position to make absolute promises like that, yet everyone's doing it.

I'm not saying it's okay, but let's keep in mind that they say on their frontpage (http://crypto.cat) that you shouldn't trust it with your life. That's better than most security software marketing.

lotsofcows12y ago

Yeah, but they're not saying it on the app stores, hence wanting the text changed or the app removed.

zAy0LfpBZLC8mAC12y ago· 1 in thread

So, let me put that a bit more clearly:

You would prefer to communicate in plaintext-equivalent where you think nobody can read it even though in fact everybody can over communicating in plaintext where you know everybody can read it?

thirstehOP12y ago

I wouldn't prefer that, but I'm also not as convinced that Cryptocat is as "clearly broken" (i.e. plaintext is trivially recoverable) in its current state as a lot of people on here are. Most of the attacks that I've seen so far were against the group chat implementation, which, granted, is significant, but not against the primary component, the OTR chat.

I think it is somewhat naive to believe that any mechanism other than a one-time pad will absolutely keep your communications safe, and that it's a little dangerous to insinuate that Cryptocat leaks information about the plaintext but X or Y doesn't.

j / k navigate · click thread line to collapse