WhisperSystems + WhatsApp

[coderman@gmail.com (coderman)]

On 11/28/14, Andy Isaacson <adi@hexapodia.org> wrote:
> ...
> A colleague and I, both interested in modern cryptographic systems,
> started to collaborate on a new project, using Pond.  Months later, we
> realized that we had communicated useful information early on, over Pond
> exclusively, and the "social norm that communications are deleted after
> a few days" resulted in us losing important notes about the early days
> of our project.
>
> Even though it was clearly documented and I had simultaneously advocated
> Pond to other experimental users for exactly this feature, I didn't
> think through the consequences of this design feature for my use case.
> I didn't even realize that I *had* a use case, until much later.

an interesting anecdote.  friends and i had prior moved to
configurations with explicitly no logging (a change from defaults,
since OTR in most clients would log to disk by default)

a change to pond no different, as prior expectations assumed no persistence...



> For this scenario, it turns out we wanted a modern secure communication
> system more like Prate, https://github.com/kragen/prate .

we ended up on random etherpads on a trusted host. (e.g. one of our own).



> Generalizing from this specific example, you can find many other
> examples of a security system being used outside of its designed
> envelope.

very true; evokes Gibson:
  â??The street finds its own uses for things.â??


(and in the example above, the URI itself the authenticator for the
random pad...)


best regards,