search

freedomofpress / encryption-works

Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
https://freedom.press/training/
Other
354 stars 58 forks source link

Consider recommendation of Encryptr as Password manager #240

Open psivesely opened 7 years ago

psivesely commented 7 years ago

Have been using Encryptr for e2ee cloud password management lately, and am definitely a fan. FOSS, audited, very user-friendly, supports all major mobile and desktop OSs, made by SpiderOak. I think we should consider it for inclusion.

conorsch commented 7 years ago

Haven't been using this, will take it for a spin. Looks like there's no way to verify package downloads of Encryptr, via a GPG signature or otherwise, so I don't think we should recommend it just yet. Happy to test drive it, though.

psivesely commented 7 years ago

Yeah, it's been out for a while w/ no GPG sig any of the desktop platforms. Note we're already recommending some other software (e.g., Adium) that has HTTPS downloads, but no sig. They do have an APT repo for Linux.

conorsch commented 7 years ago

They do have an APT repo for Linux.

Link? Can't find on their website.

psivesely commented 7 years ago

https://spideroak.com/faq/what-are-the-apt-sources-lines-for-spideroak

garrettr commented 7 years ago

Note we're already recommending some other software (e.g., Adium) that has HTTPS downloads, but no sig.

FWIW, we should not be recommending Adium. That recommendation is simply an artifact of Encryption Works having been written in 2013 and not really updated since. Adium is barely being maintained, their recent changelog entries do not inspire confidence, and I think it is probably a risk to recommend it these days.

Which is sad, because I really used to ❤️ Adium.

conorsch commented 7 years ago

we should not be recommending Adium

Completely agree. Poked around earlier this week to confirm that Adium is as deprecated as I'd thought, and it should be removed from the guide entirely.

conorsch commented 7 years ago

https://spideroak.com/faq/what-are-the-apt-sources-lines-for-spideroak

Unfortunately that apt repo is only relevant for the spideroakone client—it doesn't provide packages for other SpiderOak software, such as Encryptr, or Semaphor.

psivesely commented 7 years ago

Unfortunately that apt repo is only relevant for the spideroakone client—it doesn't provide packages for other SpiderOak software, such as Encryptr, or Semaphor.

That's too bad. We should poke them about that. For a company that seems to have a lot of cryptographic engineer talent, I'm surprised their software distribution practices aren't better.