Hacker News new | ask | show | jobs
by huhtenberg 5539 days ago
> make a decision as to whether or not you trust the entity

If I don't trust the entity, how could I be installing any of its software on my machines? I have to trust what I am told if I am to use the software for its intended purpose.

If Dropbox claims what Miguel has quoted in his post, and then it happens that claims are (basically) not true, then it raises the question of integrity, i.e. what other assumptions that I have made were off? Say, that your .sys is not doubling as a key logger or your software is not scanning my disks at government's request, etc.
1 comments
arashf 5539 days ago
it's unclear to me what statements we're making are 'not true'.

if you don't believe our statements, I'm not going to be able to convince you to trust us over the discourse in this thread :-)

link
huhtenberg 5539 days ago
If you publish security spec and adhere to it in a way that allows independent verification of its implementation, then - yes, you will convince that what was claimed is true.

Perhaps, the easier route for you would be to just drop the whole "encrypted" angle and simply state that you provide reasonable protection of files while in transit and in your possession. That would satisfy 99.9% of real users and it will not rub cryptographic pedants the wrong way. The issue at hand is not that you don't encrypt properly, but that you over-promised, and over-promised in a very sensitive area.

(correction) "over-promised" = "implied more than what was said", i.e. what Miguel referred to as "wishy-washy statement".

link