|
|
|
|
|
|
by tonic-music
2771 days ago
|
|
|
Just sent this bug report (from the Android client, lol). Will post their response here: What is the official response to this report? https://eprint.iacr.org/2018/1121.pdf I'm not a cryptography expert but I am a web developer and even I can figure out that typing my password into a web app reveals my private key to you if you want to steal it. The author is right in one respect: the online and self- updating nature of the web app makes it impossible for anyone to verify what code you're really running. Reading this report also makes me question your response to the recent hack/extortion incident. Now, I'm not really convinced about your response. There's nothing in my PM account that's secret and I don't really care if you were hacked. I use PM to avoid being tracked for advertising. But I do agree with the author of this paper that you shouldn't make these security claims which aren't true. Thanks in advance for your response. -- D |
|
|