Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Any thoughts on this?

Seth Schoen schoen at
Sat Jun 22 09:44:37 PDT 2013

Yosem Companys writes:

> From: Dewald Pretorius, owner of
> The alarming revelations of the extent to which our privacy is being
> invaded by governments have inspired me to create a free encryption service
> that is for everyone. It is gratis, it's extremely easy to use, and it's
> anonymous (no need to sign up).


① You actually send them your plaintext every single time you use
the service.  If you want to send plaintext to a third party, why not
a webmail or IM provider or social network?

② Reference to being run by a Canadian is possibly intended to invoke
jurisdictional diversity but the server is hosted in the U.S. (Amazon
AWS), not even on machines physically owned by the service operator.

③ Instructions say "give the password to the recipient (obviously
not in the same email!)" -- so, how are users supposed to give the
password to the recipient?

④ I suspect most users will choose passwords that can be brute-forced
easily.  There isn't even any advice to users about what a good
password would be in this context (and no documentation about whether
or how a KDF is used).

People here were criticizing harshly criticizing the older version
of CryptoCat over vulnerabilities less concrete and fundamental than
these.  Without (at least) some new browser functionality, "nothing
to install" is a massive red flag for any cryptographic application.

Seth Schoen  <schoen at>
Senior Staff Technologist             
Electronic Frontier Foundation        
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107

More information about the liberationtech mailing list