Radical new idea for what a mobile device should be: thin client.
Intended usage case has the server as a physically-secured box in home or office, not somebody else's cloud.
-
-
An unattended server with inferior encryption and data at rest properties isn't exactly an improvement.
-
You keep saying "inferior encryption". No idea why.
-
It's inherently worse in that model particularly if the server isn't a slave of the phone that drops the key based on phone use.
-
It loses nice properties an impl can have that's on-device and the server could be in attacker control when the user unlocks.
-
Your threat model seems really warped & out of touch with the reality of how vulnerable Android devices are.
-
You're the one with warped perceptions, bias, lack of experience, and lack of threat modelling.
-
Attacker breaking into home/office & successfully tampering w/phys tamper-resistent server != normal person's threat model.
-
Device seizure at border or traffic stop & browser-sandbox-escape drive-by malware OTOH are in normal person's threat model.
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.