Forgot your password?

Comment: Re:Authenticator (Score 1) 74

by Arancaytar (#48100727) Attached to: Gmail Security Is a Problem For Tor Users In Repressive Countries

Yeah, but if you're using a smartphone at all, you'd need expert knowledge to protect your anonymity from it (rooting, etc.). The authenticator app doesn't require network access though (it's basically a time-synchronized security token, afaik), so it might be possible to port it to some non-connected device.

Comment: Re:funny that.... (Score 1) 178

by Arancaytar (#48095027) Attached to: Ebola Vaccine Trials Forcing Tough Choices

Funny that ebola has been in existence in the modern world since the 70s, yet only now this is coming to light. Oddly enough, this is perfectly timed with someone in the US getting infected.

"Shit, this is on OUR turf now!??! Better do something about it!"

This is not "only now coming to light"; it's just that you couldn't be bothered to read about it until it was spelled out in a Slashdot headline. People didn't start working on this last week. I'm not sure how fast you think medical research works.

Comment: Re:It's a TRAP! (Score 3, Insightful) 175

by Arancaytar (#47630671) Attached to: Yahoo To Add PGP Encryption For Email

It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.

Not necessarily. Securely handling keys is indeed impossible for untrusted Javascript, but it should be feasible to provide a browser add-on (analogous to Enigmail for Thunderbird) with a key management UI and PGP bindings for Javascript. As long as that add-on is open-source and vetted by browser vendors, you don't need to trust Yahoo's web page (let alone their server) with your private key.

Ideally, this would be a core part of Firefox / Chrome, or at least a unified add-on, but in practice Yahoo!, Gmail and others would probably insist on making their own.

However, a general-purpose add-on could potentially allow encrypting/signing the content of any text field in a page, so it wouldn't depend on the email provider's support.

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins