Comments (8)
From [email protected] on June 03, 2014 19:10:44
Hi!
I'm making this bug non-private, I hope you don't mind.
At the moment we are an open source project so this doesn't apply right now.
I don't have further comment for now, but we hear you :)
Labels: -Restrict-View-Commit
from end-to-end.
From [email protected] on June 03, 2014 19:27:59
Status: Done
from end-to-end.
From [email protected] on June 04, 2014 09:16:00
I don't understand why you closed this issue.
Being compelled by the government to issue hostile updates is the easiest and most likely attack vector against e2e. It's well documented that Google both complies government demands at the expense of user privacy, and that the government interferes with Google services without Google's knowledge.
National-Security-Letter cryptanalysis is just as valid as mathematical cryptanalysis. End-to-End, operating within Chrome, is supremely vulnerable to this "attack". Simply ignoring it and pretending it is rather disingenuous, considering the public media statements supporting user privacy.
from end-to-end.
From [email protected] on June 04, 2014 16:06:51
We didn't say that this won't apply to the Chrome extension, which, however, isn't what we released yesterday.
Rest assure that we're aware of this problem, but please focus on the source code now.
from end-to-end.
From [email protected] on June 05, 2014 12:36:52
Yes, we treat this concern very seriously.
I closed it because we aren't auto-updating any extensions (there's no CRX we are shipping that could be auto-updated).
from end-to-end.
From [email protected] on June 05, 2014 23:47:15
If you treat this concern very seriously then IMO you should shut down this project as there is no way you can defend against the attack described while developing this code under US jurisdiction.
Basically you are just building a honeypot.
from end-to-end.
From [email protected] on June 16, 2014 03:50:49
To avoid us loosing track of responses to closed bugs, restrict adding comments to closed issues.
Please file a new bug if needed.
Labels: Restrict-AddIssueComment-CoreTeam
from end-to-end.
From [email protected] on July 21, 2014 16:42:58
Labels: Type-Defect Priority-Low Component-Scripts Security
from end-to-end.
Related Issues (20)
- bzip2 error: "invalid packet length new format HOT 3
- java.lang.OutOfMemoryError when building the extension. Docs needed? HOT 4
- goog.importScript_(goog.basePath + "deps.js"); HOT 7
- Lint errors breaking Travis PR HOT 1
- Annotation errors when building the extension HOT 6
- Build: warnings building with closure-templates HOT 2
- Update CONTRIBUTORS? HOT 2
- Release IT HOT 1
- No valid key blocks found. ed25519 public key HOT 3
- Extension: Migrate extension to keyring2
- Release timeline HOT 12
- Bodyless parts in multipart MIME message trip the pgpmime parser.
- Unable to build on OS X HOT 3
- Support for Inbox by Google HOT 5
- Private key export? HOT 1
- Please delete entered incorrectly.
- Is this project abandoned? HOT 3
- Migrate LGTM.com installation from OAuth to GitHub App
- Is this project abandobated? HOT 3
- error:The package that you are trying to add does not support schematics. You can try using a different version of the package or contact the package author to add ng-ad d support.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from end-to-end.