|
|
|
|
|
|
by mehrdada
3846 days ago
|
|
|
I'm personally on your side of the argument and against Facebook's stance, but this statement is strictly speaking not true. At worst, it will be equivalent to protection provided by an encryption scheme without authenticating the other party and it defeats passive attackers. That's not quite as bad as sending plaintext (in practice, it is much much better when it applies to the internet broadly: cf. firesheep). P.S. that's basically the state of SMTP encryption, which is quite sad. |
|
|