[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RedPhone Removed from Google Play Store

To: [email protected]
Subject: RedPhone Removed from Google Play Store
From: [email protected] (Ted Smith)
Date: Fri, 14 Nov 2014 14:29:45 -0500
In-reply-to: <CANBOYLW1srykCLo3WGs-9AtWir8_sappkPAr_w9ymO31+5cMbg@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <op.xo8isujabgbjo9@work-pc> <[email protected]> <CANBOYLWfdu-eiJKSm5scT6tHCLxLVGYmicLozjKYcHTKx5CfUg@mail.gmail.com> <[email protected]> <CANBOYLW1srykCLo3WGs-9AtWir8_sappkPAr_w9ymO31+5cMbg@mail.gmail.com>

On Thu, 2014-11-13 at 18:06 -0500, Eric Mill wrote:
> This isn't accurate, in practice. In theory, Google could replace any
> certificate they want for first use. But they clearly don't do that
> for everyone (Moxie or someone would notice), and if they did it in a
> targeted way, it could only be on the first use. That's a threat
> vector, but only viable under both targeted and specific
> circumstances.
> 
> 
> So "what's to stop Google pushing a malicious TextSecure? Nothing.
> Nothing, at all, ever." isn't accurate -- you can trust that you're
> highly likely to get the real TS binary on first install, and then
> guarantee that you're getting a binary signed by the same person for
> updates.

But Google can silently update their services providing this "guarantee"
and remove it. 

Could they do this without anyone noticing? Probably not on a wide
scale. But it's still not a guarantee. 

There's essentially no way to get around this on Android, which is I
think why Moxie has abandoned that goal. If a solution exists, the
people detracting TextSecure for using Google infrastructure should
build that solution, fork TextSecure, and add it. Code speaks louder
than words. 

-- 
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141114/244c729e/attachment.sig>

Follow-Ups:
- RedPhone Removed from Google Play Store
  - From: [email protected] (grarpamp)

References:
- RedPhone Removed from Google Play Store
  - From: [email protected] (George W. Maschke)
- RedPhone Removed from Google Play Store
  - From: [email protected] (odinn)
- RedPhone Removed from Google Play Store
  - From: [email protected] (Cathal (Phone))
- RedPhone Removed from Google Play Store
  - From: [email protected] ([email protected])
- RedPhone Removed from Google Play Store
  - From: [email protected] (Seth)
- RedPhone Removed from Google Play Store
  - From: [email protected] (Cathal Garvey)
- RedPhone Removed from Google Play Store
  - From: [email protected] (Eric Mill)
- RedPhone Removed from Google Play Store
  - From: [email protected] (Cathal Garvey)
- RedPhone Removed from Google Play Store
  - From: [email protected] (Eric Mill)

Prev by Date: https://facebookcorewwwi.onion/
Next by Date: Doing HTTPS everywhere in the .gov space
Previous by thread: RedPhone Removed from Google Play Store
Next by thread: RedPhone Removed from Google Play Store
Index(es):
- Date
- Thread