Hacker News new | ask | show | jobs
by svkkfnisgkcn3ta 3451 days ago
I'd go further and say Moxie is complicit by way of negligence. It's unethical to assist in the implementation of your protocol when you can't guarantee its privacy protections will actually stand. Otherwise it's free PR for Facebook to tout "Snowden-approved crypto".

I have no doubt Moxie acted in good faith and wanted to expand encryption to a large number of users, but this is just another example of why proprietary software cannot be trusted.

Any and all proprietary implementations of the Signal protocol are now suspect. OWS should denounce these implementations as least as firmly as they do interoperable open source Signal client forks.
4 comments
unfortunateface 3451 days ago
On a completely unconnected note, what was the name of that technique that GCHQ uses to disrupt online forums and subtly undermine peoples reputations?
link
svkkfnisgkcn3ta 3451 days ago
https://theintercept.com/2014/02/24/jtrig-manipulation/
link
eternalban 3451 days ago
> On a completely unconnected note

You are not being sincere. You are implying that GP is a paid troll of spooks.

link
unfortunateface 3451 days ago
https://news.ycombinator.com/item?id=13394900
link
whyever 3451 days ago
> OWS should denounce these implementations as least as firmly as they do open source Signal client forks.

They don't. Moxie does not want the forks to use his servers or the name of his app, that is all.

link
compuguy 3451 days ago
Well since the server for Signal is closed source, the signal client forks are pretty much useless (correct me if I’m wrong)?
link
kuschku 3451 days ago
The server for the text messaging is open source, only calls, and other stuff is closed.
link
55555 3451 days ago
> Moxie is complicit by way of negligence.

I just want to voice my opinion that maybe 1 in 100 people have Moxie's integrity and ethics.

link
rabble 3451 days ago
one in a billion... he's the most ethical hacker and political actor i've encountered...
link
eternalban 3451 days ago
An error in judgment (naiveté) and integrity are not mutually exclusive.
link
FabHK 3450 days ago
> I'd go further and say Moxie is complicit by way of negligence

Your "further" stance is not supported by the evidence. You might disagree with the design choices, but they're not negligence or "complicity". Moxie answered, in the other thread, that

a fact of life is that the majority of users will probably not verify keys. That is our reality. Given that reality, the most important thing is to design your product so that the server has no knowledge of who has verified keys or who has enabled a setting to see key change notifications. That way the server has no knowledge of who it can MITM without getting caught. I've been impressed with the level of care that WhatsApp has given to that requirement. I think we should all remain open to ideas about how we can improve this UX within the limits a mass market product has to operate within, but that's very different from labeling this a "backdoor."

https://news.ycombinator.com/item?id=13394900

link