jducoeur: (Default)
[personal profile] jducoeur

Since I know that a lot of my friends are security-conscious, and might be using it, I call your attention to this article in Ars Technica about the messaging service Confide.

The implication I'm getting (based on these reports, and what Confide itself is saying) is that Confide isn't secure -- and that isn't a matter of bugs, it's that the architecture is fundamentally broken. Indeed, I have to wonder if they even understand what "end-to-end encryption" actually means. I particularly call your attention to a couple of details:

  • One of their brags is their "code obfuscation". Never, ever put any stock in that. Code obfuscation basically means they have made it very slightly harder to figure out what's going on, and it's basically waving a red flag in front of hackers, going "Break me!".
  • They basically say that nobody except themselves could listen in on your conversations. That basically means that there is no end-to-end security. True end-to-end security means that nobody, including the service itself, can do anything with it. One of the signs of a good service is often when they say something like, "Don't forget your password, because if you do, you're out of luck -- we can't help you". Anything other than that means that they have backdoors, which can be exploited.

It is possible that Confide could fix all this -- but I wouldn't count on it, because like I said, these are fundamental architectural issues. End-to-end security is hard to do well, and it imposes real limitations on what you can do...

(no subject)

Date: 2017-03-15 11:38 pm (UTC)
metahacker: A picture of white-socked feet, as of a person with their legs crossed. (Default)
From: [personal profile] metahacker
"The door is sooper locked! Plus no one but us can guess which fake rock outside has the key under it!"

Profile

jducoeur: (Default)
jducoeur

July 2017

S M T W T F S
      1
2 345678
91011 12131415
16 171819202122
23242526272829
3031     

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags