[superuser2]

Broken social networking websites and YouTube clones are relatively harmless, so that philosophy makes sense.

Broken cryptography can cause loss of money, infrastructure, and life. Imagine if a group of dissidents where to start using this program, the crypto implementation was subtly wrong somewhere, and they were disappeared by their government early one morning. Imagine if some transmitted a password through what they thought was a secure chat, and that password led to an industrial control system for, say, a subway, water treatment plant, foundry furnace, or explosive chemical storage tank. Software doesn't just move Tweets. There are massive, hot, high-voltage, fast-moving objects controlled by software also. Letting people believe information is safe when it isn't can have very real consequences.

Unless it is obviously written all over your software that "THIS IS A TOY AND YOU SHOULD NOT EXPECT IT TO ACTUALLY KEEP ANYTHING SECRET," your obviously and embarrassingly broken crypto (to a crypto expert) might look just fine to a nontechnical user with dollars and/or lives riding on your product.

[_b8r0]

Crypto experts are not beautiful or unique snowflakes, armchair or otherwise.

[gojomo]

Yes, so the message should be: "add disclaimers, avoid promoting where rigorous security is required, educate yourself on best practices".

Not, "stop releasing hobby projects".

The reckless non-technical user who grabs any project that mentions a slight sheen of crypto-sparkles, and then trusts that software with their life or savings, is doomed anyway. The existence of one more hobby project with amateurish crypto isn't going to kill or bankrupt him twice over.

[jdiez17]

I'm okay with hobby projects that use cryptography if every time the user tries to do anything in which security can be expected they flash a message that makes the user type "I understand my data may be read by an adversary."