@bascule But who is doing this?
-
-
Replying to @matthew_d_green
@matthew_d_green see e.g.: https://www.mail-archive.com/liberationtech@lists.stanford.edu/msg08611.html …1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green It seems to me Fabio makes some interesting points about browser extensions vs desktop apps.1 reply 0 retweets 0 likes -
Replying to @arthuredelstein
@arthuredelstein@matthew_d_green his perception of the security tradeoffs is completely inverted. Did you see my followups?1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green It's a bit like arguing whose Swiss cheese has more holes. :)2 replies 0 retweets 0 likes -
Replying to @arthuredelstein
@arthuredelstein@matthew_d_green not really. Browsers are a subset of native apps and are susceptible to a native compromise too1 reply 0 retweets 0 likes -
Replying to @arthuredelstein
@arthuredelstein crypto is a different game. Using a browser only adds attack surface: http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions … (so I vote “exe” for now)1 reply 0 retweets 0 likes -
Replying to @arthuredelstein
@bascule OTOH, I agree with you that exe-crypto is more mature than js-extension-crypto. I would trust GPG.exe over OpenPGP.js for now.1 reply 0 retweets 0 likes
@arthuredelstein a crypto app isn't (or shouldn't be) some drive-by thing you throw your secrets into then close. It needs to be trustworthy
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.