undefined | Better HN

0 pointssnvzz9y ago0 comments

> For nontechnical users, that's a massive downside.

I disagree entirely. It's an upside. They get to benefit from PKI without even understanding anything. A person's address gets them the actual person.

ToxMe requires trusting the ToxMe identity provider, and is an obvious point of attack. And we'd no doubt see fake addresses that resemble other peoples, and other such nonsense.

There's minimising the inconvenience (with ideas like the QR code feature they have), and there's plain giving up security for minimal gained convenience, which we should just avoid.

0 comments

qwertyuiop9249y ago

>I disagree entirely. It's an upside. They get to benefit from PKI without even understanding anything. A person's address gets them the actual person.

Yes, but which messaging service will the nontechnical user use? The one where they can exchange usernames, or even phone numbers, and it Just Works? Or the one where they have to give their friends a long alphanumeric sequence of gibberish?

It doesn't benefit them if they don't use the protocol.

>ToxMe requires trusting the ToxMe identity provider, and is an obvious point of attack. And we'd no doubt see fake addresses that resemble other peoples, and other such nonsense.

Obviously. This is why it's a bad thing that nontechs will probably go in that direction, if they use Tox at all.

>(with ideas like the QR code feature they have)

I was hoping somebody had implement QR: that helps a lot, but I'm not sure if it's enough...

snvzzOP9y ago

> It doesn't benefit them if they don't use the protocol.

There's no benefit from using the protocol if it gives up security for convenience like the others.

> Obviously. This is why it's a bad thing that nontechs will probably go in that direction, if they use Tox at all.

My point exactly.

j / k navigate · click thread line to collapse