On 08/11/13 20:10, Francisco Ruiz wrote: > Download it from > its source at https://passlok.site44.com (once you have it once, you > have it forever), look at it, run it, test it. Get its SHA256 hash from > its help page and check it. If you’re as paranoid as I am, you can watch > me reading that hash (with some nice background music to make tampering > with it more difficult), in this youtube video: > https://www.youtube.com/watch?v=VHR_w0FCkC0
A few things: 1. I have to *run* it to get the hash of the application from the help page. That is already a leap of faith to run unverified code. 2. I have to verify the hash code with a spoken message in a youtube video. The message is spoken by someone I've never met, so how do I verify that it is you who's saying it and not an actor hired by a spooky agency? Or just dubbed with a new audio score. Hollowood can do that without a blink. 3. How can I validate that the youtube url is correct? They are all gibberish to me. Again could be a fake by some adversary. This mail was not encrypted and validated. I do *like* your spoken hash verification mechanism. But for it to work you need to achieve celebrity status. If someone would announce SecureBieberMail, there are some people in my surroundings that can vouch for the identity of the speaker. (web of trust) > There’s no legal action that can shut down PassLok because it consist of > pure code, and pure code is speech, protected from government > interference under the 1^st amendment to the US Constitution. Theoretically you are correct. In practice, we've seen the value of your US constitution... Guido. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
