[DanBC]

Compare them to underground dentists -

Bob has no medical training, but has a dremel and practiced on a pig head. He offers to do a filling for his pal. He makes a bit of a botch of it, but he larns from his mistake and carries on. Dentistry is important so it's admirable that Bob ignores the criticism. Bob's first pal is currently fighting off a severe infection, but Bob uses that as a learning experience.

Bob will get there one day!

[TallGuyShort]

If a growing portion of the dentistry industry was discovered to have been weakening people's teeth at the government's request, I'd start to buy Bob a beer a little more often.

[mr_spothawk]

It turns out Bob was actually receiving radio transmissions from the ADA through his fillings. He's a sleeper in the underground dentist community, waiting for the call to turn his xray machine on when the TSA releases its ruling on the need for back-scatter surveillance to prevent the next tooth-bomber from hijacking civilian aircraft. Be careful what you say around Bob.

[tcdent]

Except, this is software.

My favorite expression when things get heated: "Nobody is going to die."

There are exceptions, of course, but a vast majority of the work we do just doesn't matter in the context of life and nature.

[wc-]

Unfortunately, I don't think the 'Nobody is going to die' statement holds up for software like cryptocat. If it is promoted as secure, then it could be used in areas with hostile regimes. For example, members of the Arab Spring uprising might have trusted cryptocat, but what if their governments were intercepting and decrypting those messages due to a flaw in the software?

Bottom line, explaining away problems by saying 'nobody is going to die' is a downright dangerous statement IMO.

[sdevlin]

> "Nobody is going to die."

This isn't accurate, e.g. http://cryptome.org/2012/07/chile-comments.htm .

Bad crypto is actually much more dangerous than a single rogue dentist.

[tcdent]

Bad crypto doesn't kill, people/organizations with a fucked up agenda do.

I thought this past year taught us that no information is safe. To expect that any system is entirely secure and ever will be is pure egotism.

[sdevlin]

Then what's the point?

[tlrobinson]

And one of those exceptions is people trying to use bad crypto to avoid persecution...

[lallysingh]

Normally, yes, but this is crypto. It's not medicine, but it's pretty close to a bullet-proof vest. It's important that it does its job.

[DanBC]

That's true. Market software accordingly and everything is fine.

I am glad to see cryptocat being much more careful with their wording.

[markmassie]

Except if the flawed software is a company's core product, the company might fail.

As we all know, corporations are people, my friend.

[jessaustin]

Are there any other dentists around who would work on Bob's pal? If so, are they actually better dentists than Bob? If so, is it possible for Bob's pal to find, enter, and understand their places of business, well enough to receive the care she requires?

Cryptocat would never be used by Glenn Greenwald, but that's because he is privileged to have access to better crypto.

[MichaelGG]

> but that's because he is privileged to have access to better crypto.

That's the first time I've heard of using PGP to be a privilege.