On Fri, 11 Jul 2025 22:58:41 +0000 "Blumenthal, Uri - 0553 - MITLL" <uri@xxxxxxxxxx> wrote: > > There is a pretty significant community of users and developers > > > (oftentimes people involved with projects like Kicksecure, Whonix, > > and > > > Qubes OS, all of which I either contribute to or am paid to work > > on) > > > where "secure enough for the government" is not secure enough. > > Based on my personal expertise and experience, they are usually > coming from ignorance, rather than true understanding of > cryptographic (and other!) risks and tradeoffs. *Some* of them, yes (I wouldn't venture to go as far as to say "many", but definitely some). I firmly believe it is a dangerous generalization to insinuate that all of them are ignorant though - people working for organizations like Let's Encrypt, Freedom of the Press Foundation, the EFF, and Mullvad have these kinds of extreme threat models and are using software like Qubes for that reason. [1] Many of the people I work with or around are cryptographers, pentesters, or developers of critical software these organizations rely on. Certainly there are people who think that every nation-state-level threat actor in the world is after them for no particular reason, and they may not even be all that rare, but their presence is no reason to discount the value of implementing security measures that most people would find unnecessarily strong. [1] https://www.qubes-os.org/endorsements/
Attachment:
pgpJ8JoDI6cf9.pgp
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
