Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Satori - distributed tamper-resistant circumvention tools

Nick liberationtech at njw.me.uk
Sat May 3 09:35:39 PDT 2014


Quoth Tom Ritter: 
> This makes it harder for someone to compromise your account, but not
> Google.  In the Android App store, it's a *little* stronger, as apps
> are signed by a developer key, and they need that key to update.
> Except if Google really wanted they could push down an update to
> bypass that.  It'd be more work though.

Can you definitely not sign extensions with a private key? I know 
you used to be able to; I remember writing code to do that a year or 
two ago.

Could you then force the extension to check the key before updating 
itself? Probably not, it's probably well outside of the extension's 
control, and besides, if you're worried about an evil google, hey, 
they control the browser, so you've already lost.

Nick



More information about the liberationtech mailing list