Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:It's about time (Score 1) 62

Yeah, Google sells there phones everywhere. (Hint: they don't. I can't get a Google phone if I wanted). Google may support their phones a longer time, but other manufacturers don't. Even in the premium segment.

Besides, you talk about 2 years for a Pixel... I talk about over 4 years supported. So, liar? More like realistic vision on longevity of devices.

Comment Re:Tools and movements (Score 1) 216

There is a pretty easy middle ground: multiple signatures per identity. You could then have authority(s) vouching for your identity, plus other people too. This makes it much easier to catch a defector. "Hey, how come the Turkish intelligence service (a CA that almost everyone trusts on the web) just signed this guy's brand new key, but Verisign hasn't?" (or better: "how come the federal CA and this guy's state CA disagree?")

Comment Re:It's about time (Score 1) 62

cheaper premium smartphones

It's not a premium smartphone, if you don't get updates... So, let me fix that for you: cheaper smartphones. That's it, explains it all...

Even Google and Samsung suck at keeping updates going for longer than six months, which is why the user who expects longevity and supports shells out for Apple. Sad to say, but I expect my smartphones to last four years. Two, new as my wifes phone on a subsidized contract (with flat everything), and then two more years as a hand-me-down for me with a much cheaper plan.

Comment Re:Tools and movements (Score 1) 216

You simply can't have people not do "anything extra" while also being resistance to MitM. Part of HTTPS' success story is that it's easy enough to set up, but at the cost of being extremely vulnerable (by PGP standards) to MitM. So to anyone who knows how it works, it's "insecure" but people actually bother to use it, so it's about a trillion times more secure against totally passive attacks, than plaintext is. Thus, on average for all persons, the web is more secure than email.

PGP email needs some kind of "lame" mode (where people have keys but they're not carefully certified, maybe just signed by a robot CA), but easy enough that passive attacks are defeated. And it needs to be compatible with doing things right, so that people-who-care and people-who-don't-care get combined into the same network-effect.

The only problem with that, should be webmail. People would have to do something that compromises the secret key (either upload it to server, or make it available to javascript) and that would make it harder for anyone to ever transition from don't-care to care. We really need to wipe webmail off the planet; it offers nothing and costs a lot. And that's not going to happen, is it? :(

Slashdot Top Deals

The superior man understands what is right; the inferior man understands what will sell. -- Confucius

Working...