Hacker News new | past | comments | ask | show | jobs | submit login

Sorry, but not really.

> We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.

I don't see how all these resolve someone sending an email that looks exactly like yours, which links to a page that looks exactly like yours, which links to a malware executable.

Even with code-signing I wouldn't trust non-technical users to understand difference between popups, as well as resist close-all-these-annoying-popups reflex.

To make sure that the email is legitimate I'll have to either check the source, or seek in the mouse over. And after it is a "recognized brand", no one will be checking that.

I don't see how I could feel safe with executable file download links in the email. Maybe registering a scheme and sending in email a link with instruction to the file origin would be more acceptable, but that's only if the software is already installed. Ex: wirefrom://my@email.com




What about Channels? If you have your grandpa install WireOver, and you set up a channel with him, all your sends over that channel can't be faked. He gets notified via the installed tool (dialog: "Would you like to accept files from Myrth?"), not via email, so there's no longer a need for him to download an executable.

Does that address your concerns?


Yes, if the email does not contain link to download an executable, it can be a great way to share files.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: