[messaging] WhatsApp & OWS team up

Tao Effect contact at taoeffect.com
Tue Nov 18 12:01:03 PST 2014 

> ​And I will, as seems to be *my* role here, ​recommend checking out keybase.io, which you can use without trusting, and provides what smells to me like extremely practical probabilistic key<=>person mapping confidence.

Keybase is about as good as you can get with a centralized system.

However, it creates an system that ends up being not very user friendly (especially when it comes to replacing lost or stolen keys). It's also a central point of failure.

And, for whatever reason, they replace personal everyone's email with their own @keybase.io email address, so your emails all go through their servers. As a centralized platform, I won't be surprised to see more of these walled-garden lock-in type things.

For secure communications systems, I prefer systems that no entity has a monopoly over, without central authorities or points of failure. They're more robust and less prone to tampering. The 51% attack is the worse that can happen with the blockchain, and it amounts only to censorship. The worst that can happen with a central authority, on the other hand, is total compromise.

Cheers,
Greg (i'm greg in the namecoin blockchain, but I prefer, eventually, to be greg at taoeffect.bit when that's figured out).

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Nov 18, 2014, at 11:42 AM, Tim Bray <tbray at textuality.com> wrote:

> On Tue, Nov 18, 2014 at 11:27 AM, Tao Effect <contact at taoeffect.com> wrote:
>> Cracking the usable key verification problem. This move brings WhatsApp to the same level of security as iMessage (or better, given the forward security), but WhatsApp/Facebook could still do a switcheroo on people's keys. TextSecure never really figured this out IMO - it still expects people to manually compare long strings of hex.
> 
> 
> I will, a​​s seems to be my role here, recommend the blockchain and a system like DNSChain for solving this problem. :-)
> 
> ​And I will, as seems to be *my* role here, ​recommend checking out keybase.io, which you can use without trusting, and provides what smells to me like extremely practical probabilistic key<=>person mapping confidence.
> 
> - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/01c9c367/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/01c9c367/attachment.sig>

More information about the Messaging mailing list