Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
ddephor45117yYou always have the trade-off between security and comfort, you cannot have both at the same time.
And people are lazy, so comfort always wins. -
@ddephor I actually think that you'd very well be able to design ware that doesn't have that tradeoff
-
whoam1667yI feel that this is true especially in startups, where the primary focus is to get Shit done fast, and security is always an afterthought.
-
ddephor45117y@linuxxx I don't think so. For security first of all you have to know how things work, and you need to trust your counterpart. To increase comfort you have to give up on these points and trust some stranger to make it right for you.
Take Whatsapp as example, they startet encryption suddenly, it was simply there, no user had to do anything for it. Really comfortable and userfriendly. From the outside it seems to be quite secure, experts tested it.
But on the other hand you don't know anything about the internal handling. How are the keys generated and stored, how does the whole PKI look like and is it standard or with prorietary parts, do they use system security or invented the wheel again, can security related data escape from your device, are all certificates checked correctly, etc. And at the end it's closed source so checking for security flaws is difficult.
At least you would have to create the keys by yourself and have the possibility to change them, not even that is possible. -
@ddephor That's why I don't use whatsapp. I use Signal and it already had an audit. It's very easy to use and considered to be about the most secure chat app in the world (notice the about part, since its at least very very close)
Related Rants
So much talk about wannacry and security, but everyone will forget in a few weeks and go back to using old unpatched OS with vulnerabilities.. Why don't people understand that security is a necessity, not a luxury!
undefined
wannacry
security
rant