clacke@libranet.de ❌

clacke@libranet.de ❌ at

Here's what zero-knowledge is.

https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/

It's an amazing and very specific cryptographic model where I can, say, prove to you that I have transfered 1 coin out of my Zcash wallet, without telling you what my wallet is and how much I have left:
https://z.cash/support/faq.html#what-is-a-zero-knowledge-proof

SpiderOak? Not zero knowledge. ZK does not mean "We don't have your keys". And SpiderOak even has your keys sometimes, if you ask them to. https://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak

"Grow your ideas together with shared documents while Zero Knowledge technology secures your privacy; even from us."
https://cryptpad.fr/

Raaa! Not ZK. #cryptpad doesn't have your keys. That's it. It's completely unrelated to zero-knowledge proofs, it's just an edit sequence on a blockchain, secured by a symmetric key that you provide in the fragment so it never reaches the server. Buzzword compliant. Just not that buzzword.

Hacker News has more information on why cryptpad.fr shouldn't use a blockchain, because other buzzwords would be more applicable: https://news.ycombinator.com/item?id=13735814

No wait, actually it isn't a blockchain either. Wrong buzzword again. No proof-of-work, just an append-only log of operational transforms with some way of disambiguating who has the best log, and others will have to rebase on that.

And don't get me started on #javascriptcryptography. Maybe if you use this with some #unhosted model where the code is on #ipfs (and you access that through your local node, not through someone else's gateway) with a known signature, or you host the code yourself and load it over https, or you have a browser plugin that won't change under your feet. That would be something.

Yes yes, it was written by cjd of #cjdns, and #hyberboria is probably awesome. I almost tried it out. And cryptpad does have a load of interesting ideas. Try it out, play with it a bit.

But ultimately, the state it is in now, it's an interesting toy. Not a tool to protect you from the NSA. Not if you have anything of value to protect.

#zk #zeroknowledge
Rebuttal: Language changes and get off your high horse and this is so zero knowledge.

Also consider your acting forces and attack scenarios. Which is fair, I guess.

https://blog.cryptpad.fr/2017/03/24/What-is-Zero-Knowledge/

clacke@libranet.de ❌ at 2017-04-04T15:20:01Z

Still, if you are in Iran or China ... No matter how ethical your provider, that https connection with your javascript crypto can be MITMed at any time.

clacke@libranet.de ❌ at 2017-04-04T15:21:03Z