|
|
|
|
|
|
by dethos
3537 days ago
|
|
|
You are right on this one. The only protection against this situation implemented (right now), is that the email address to where it will be sent and the fingerprint of the key that will be used to encrypt, are shown to the user of the link so he is able to verify it. This way mallory's email address will show up on the page and the user can see he is not be sending to the right person. This might not be enough for the app use cases, but we are working on more solutions so the user can be sure that it is going to the right person. Regarding the last statement, lets assume the "secure" channel they have is chat app, like slack, for example, it will store the content indefinitely and will be there in clear text, not only slack can see it but if a smartphone/computer is lost,stolen or accessed by someone else they will be able to see all history and content sent through it. |
|
|