►
From YouTube: Status Principles Seminar #04 Security
Description
In the fourth chapter of this 12 part series, join status' core contributors as they discuss and debate to which degree they uphold the project's principles enumerated here: https://our.status.im/our-principles/
B
B
B
B
When
we
talk
was
of
compromising
security
in
two
four
four
features.
What
does
that
mean?
So
this
triggers
table
examples
like
amplify
the
new
contra
story
accounts,
because
we
don't
have
access
to
your
private
keys
and
we
don't
want
it
to
be
any
other
way,
but
also
most
of
all
things
so
example.
If
you
want
to
have
proper
forward
secrecy,
then
if
you
have
it
or
you
don't
and
in
this
sense
we're
kind
of
responsible
for
selling
secure
defaults
for
our
users
and
so
telling
them
that
they'd,
given
him
something
that
he
can
trust.
B
B
B
One
way
in
terms
of
thinking
about
security
is
to
just
use
like
fresh
mowing
and,
and
it
just
sort
of
for
people
who
and
who
I
have
never
thought
about
this
way.
But
essentially
you
just
pretend
to
be
an
attacker
and
follow
the
logic
right.
That's
the
simplest
way
of
doing
it
and
stuff.
Well,
you
have
some
house
with
some
jewelry,
maybe
that's
kind
of
high
reward
and
then,
if
you
have
a
you're
vulnerable,
because
you
leave
the
back
door
open
and
then
you
have
the
EFI,
which
is
something
kind
of
like
a
relevant
attack.
B
So
these
are
things
like
share
knowledge
groups
for
private
transactions
and
all
sort
of
how
are
you
guaranteed
darkness,
quantum,
secure
algorithms,
multi-party
computation,
using
sort
of
formal
methods
and
so
on,
and
there's
a
bunch
of
stuff
to
sort
of
give
people
a
hint
of
what
sort
of
this
might
entail
in
terms
of
security
guarantees.
What
it
means
I
mean
a
lot
of
these
subsequent
stuff,
it
might
seem
difficult
and
so
on,
and
it
is
to
some
extent,
but
to
some
extent
resources
or
VC.
B
B
B
So
just
some
questions
here
in
terms
of
how
do
we
ensure
that
we
secure
use
experience
while
being
user
friendly
and
also
sort
of
ensure
that
we
provide
and
utility
for
people
and
sort
of
aren't
paralyzed
by
too
extreme
threat
models
and
also
sort
of
thinking
about
how
do
we
work
it
digitally
in
security
and
sort
of
communicate
very
clearly
what
Kent
eats
will
make
and
can't
make
right
now.
So
an
example
of
this
is
when
it
comes
to
adopters,
Robbi
systems
of
unknowns
when
it
comes
to
whisper.
B
But
there
are
other
things
that
we
do,
that
don't
touch
on
whisper
that
impacts
the
doctors
can
teach
we
can
make
and
they're
sort
of
making
is
explicit
for
end-users,
yeah
and
then
similar
to
before
we
have
this
document.
You
can
just
fill
in
stuff
here
and
I
guess,
with
that
I'll
hand
over
to
Cori,
who
can
talk
a
lot
about
more
about
this
in
depth
and
we'll
continue
facilitates
conversation?
Thank
you.
D
Yes,
it
has
to
have
all
of
the
things
properly
built,
so
either
build
tools
that
allow
them
to
do
this
easily
and
properly
without
them.
Really
thinking
about
it
and
that's
paired
with
a
lot
of
Education,
so
they
understand
how
they
need
to
do
things
and
that
works
both
as
a
status
user
so
that
they
know
how
to
use
their
status
app
appropriately.
So
we
provide
we
need
to
build
status
so
that
it
has
all
the
tools
to
help
inform
them
on
how
to
do
that
and
we
educate
them
and
then
organizationally
and
as
such.
D
The
way
that,
like
you
as
a
contributor
to
status
in
the
organization,
understand
how
to
conduct
yourselves
properly
on
the
Internet.
So
you
aren't
doing
you,
aren't
exposing
your
credentials
and
status
that
make
a
big
difference
or
you're,
not
exposing
yourself
on
the
internet
so
that
you
can
be.
You
can
be
maliciously
attacked
for
various
reasons
so
like
that,
that's
something
you
should
always
think
about
in
this
and
then
how
do?
D
How
do
we
do
that,
both
as
an
organization
and
as
a
company
that
enables
people
to
communicate
securely
in
the
decentralized
fashion,
that's
kind
of
a
pairing?
That's
an
example
of
a
pairing
that
he
just
did
with
security
inclusivity.
That's
that's
my
pairing
on
security
and
decentralization.
It
becomes
difficult
and
requires
a
lot
of
educational
efforts
in
a
lot
of
different
ways,
but
it's
it's
the
correct
thing
to
do,
especially
if
you
want
self
sovereignty
over
your
information
and
communication.
D
E
I
agree
a
few,
especially
because
they
with
you,
if
you
have
the
opportunity
to
undo
a
transaction,
you
break
the
idea
of
the
system.
So
what
your
employee
is
actually
the
that
the
easiest
attack
vector
for
hackers
and
yeah
I
are
not
hackers.
Actually,
they
are
scammers,
so
they
are
actually
socially
telling
lies
to
people
to
to
make
them
do
mistakes.
So,
for
example,
we
had
a
lot
of
AI
CEOs
where
users
legitimately
send
their
money
to
scammers.
E
So
this
is
also
an
act
attack
in
something
that
we
should
also
try
to
prevent,
because
of
course
we
have
also
these
nodes
features
there
that
there
are
all
the
technicals,
for
example,
the
quantum
resistance
that
is
a
really
unknown,
but
I
think
that
as
stages
or
main
folks
is
the
end
user.
And
of
course
they
having
the
note
securities
is
basic,
but
who
will
run
these
nodes?
E
D
I
would
agree,
and
that
takes
that
takes
an
iterative
process.
Like
you
said,
it
starts
with
potentially
only
a
small
technical
audience
who
understands
these
things,
and
then
we
can
iterate
on
that
to
make
it
a
one-click
deployment
of
becoming
a
status
node
that
runs
safely
on
whatever
you're
running
it
on
whether
it
be
your
mobile,
a
desktop,
a
cert,
a
cloud
server
whatever
or
even
even
like.
You
know,
a
mesh
network
things
like
that
eventually,
because
that
that
then
furthers
some
of
the
other
principles
we
talked
about
in
the
previous
sessions.
D
C
D
Authorization
for
what
okay,
so
you
have
I'm,
assuming
that
you're
gonna
you're
referencing
things
like
how
we
do
authorization
for
let's
just
take
for
an
example
how
we
do
authorization
for
notes.
So
our
self
deployment
of
the
heck
and
D
service
on
note
stuff
status,
that
I
am.
We
currently
have
Google
authentication
and
github
authentication,
and
that
is
so.
D
We
have
that
there,
because
we
assumed
at
least
I
assumed
that
this
was
for
status,
official
communications,
and
if
that
was
the
case,
then
we
should
at
least
guarantee
the
people
who
are
using
it
our
status
employees
or
have
some
type
of
username
that
we
can
attribute
to
them
because
it
if
it
becomes
something.
That's
like
an
official
documentation
of
running
a
note
or
has
some
type
of
address
to
it.
You
need
to
send
money,
we
don't.
We
would
need
attribution
on
who
edits
those
things.
D
C
To
manage
our
code
base
and-
and
that
gets
us
back
to
the
discussion
that
we
were
we've
been
having
earlier
about,
justifying
the
choices
that
we
make
I'm,
actually
there's
actually
less
what
I,
what
it
is
that
I
want
to
throw
into
the
round
is
and
ask
more.
Why
aren't
we
doing
more
to
actually
be
using
our
own
public
keys
from
our
own
system
to
be
doing
authentication
and
building
the
bridges
to
do
so?.
E
So
we
do
a
lot
of
deaths
as
well,
because
we
are
building
smart
contracts
and
there
is
the
this
dilemma
that
we
have
like.
We
need
a
multi
seek
to
to
do
things
in
a
safe
way.
So,
for
example,
I
currently
I
am
the
owner
of
names,
dot,
dot,
stages,
net
dot,
it
and
I.
Am
this
single
owner
of
this
sub
domain?
So
I
could
change
the
records
of
it
at
any
time,
but,
like
it's
not
enabled
yet
this
feature
yeah,
we
are
so
it's
not
deployed
in.
E
Deployed
I
will
move
the
the
disgrace,
which
you
are
multi
sick,
but
then
there
is
this
problem
of
coordination
that
we
need
to
coordinate
you
to
sign.
So
we
don't
have
a
2-butene
status
that
enables
us
to
do
that.
So
I
would
expect
that
stay
supports
a
multi
seek
while
its
beauty,
its
features,
so
I
could
like
interactively
at
the
app
like
I
was
a
multi-sig
not
like
I
am
my
personal
address.
D
See
what
you're
saying
there
and
I
think
what
Michael
was
trying
to
get
to
is
that
we
don't
even
have
to
think
about
smart
contracts
too
much
here
if
we're
just
talking
about
logging
into
various
services
that
we
use
as
an
organization
whether
that
be
the
hack,
MD
stuff.
What
Google
Docs
stuff
doesn't
matter
like
it?
If
why
can't
we
just
use
the
public
and
private
key
we're
using
with
status
to
log
into
these
things,
because
that's
what
we're
using
is
status
identity?
D
B
We
don't
have
enough
people
who
are
writing
dabs
and
so
on,
because
I
think
these
types
of
things,
because
of
churn
them
out
and
just
like
you
sort
of
building
blocks
and
like
here's
a
view
for
this
thing,
and
here
you
can
sign
principles
or
or
whatever,
and
these
types
of
things
but
I
think
maybe
it's
like
kind
of
a
bottleneck
and
we
aren't
enough
people
or
comfortable
creating
these
types
of
mini
tools
in
the
same
way
that
we
are
with
the
web
2
world.
Maybe.
C
E
Need
to
open
a
swarm
about
it
and
exactly
what
we
want,
which
then
we
of
course
do
a
lot
of
discussions
on
top
of
the
designers
features
of
it.
Just
like
the
procedure,
we
are
having
to
build
in
s
user
names
and
floating
the
app
and
gas
relay.
So
we
pass
through
that
process,
and
we
we
in
in
States,
can
build
this.
This
type
of
the
apps
that
I
used
it
for
our
own
company
and,
of
course,
the
the
users
as
well.
C
Basically,
one
quick
installations,
not
somebody
has
to
fourth
your
contract
to
do
that.
Why
can't
we
be
providing
those
as
a
service
that
is
living
on
on
swarmer
ipfs
or
where
people
can?
Just?
Basically,
you
know
with
one
click:
have
that
happened
for
them?
That's
the
world
that
I
want
to
see.
You
know
I
want
to
user
to
be
able
to
with
one-click
installer.
C
You
know
abroad
instance,
and
have
it
served
on
a
decentralized
network
and
I'd
like
that,
that
instance
to
be
able
to
be
logged
into
with
a
status
ID,
and
we
need
to
get
to
the
point
where
it's
just
basically
one
click
for
people
to
do
that,
and
not
torquing
the
contract.
To
do
that.
That's
the
kind
of
infrastructure
that
I'm
talking
about
building,
how.
E
Think
that
is
fair.
Enough
is
a
path
that
we
need
to
which
forward
right.
Now
we
are
using
really
raw
elements
of
material
like
the
crude
metal
of
nature.
You
don't
use
it
in
the
entity
yet
so
we
in
feature
entry
using
the
entity
inside
of
stages.
That
would
open
a
lot
of
possibilities
for
authentication
and
what
you
said
about
about
the
apps
that
you
want
to
install
in
a
click.
It
depends
because
there
is
some
apps
that
you
don't
need
to
install
like
it's
just
you.
E
The
install
is
the
download
of
the
the
self-contained
JavaScript
a
patient
like
reactor,
something
like
this,
and
so
you
don't
need
each
install.
You
just
need
to
run
it
and
what
we
need
to
ensure
that
that
status
will
display
these
desserts
in
a
safe
manner
that
they
did,
cannot
fake
transactions
of
course,
or
mislead
users,
so
that
and
about
the
user
names
being
installable
as
a
click.
We
can
have
that,
like
the
official
stages,
user
names
and-
and
that
could
be
as
a
accession.
D
D
E
D
All
right
so
cool,
how
do
we
start
I
mean
this
is
an
action
item
that
we
should
probably
have
and
I
would
like
to
start
having
people
champion
some
of
these
things
so
that
we
know
who
is
going
to
do
it
and
what
type
of
timeline
we'd
like
I
mean
it
starts
with
exactly
that.
You
said
just
listing
the
things
we
have
do.
We
need
to
start
as.
E
C
Access
to
it,
it's
not
actually
what
it
is.
The
core
is
talking
about.
I
think
he's
talking
about
basically
a
set
of
headers
that
are
on
a
dock
site
that
then
gets
filled
in
if
I
understand
correctly
Cory
you're
building
a
bullet
point
document
on
all
of
these
things,
and
so
what
it
is
is
that
we
basically
swarm
and
people
would
take
to
be
taking
responsibility
for
filling
that
out
on
a
dock
site,
and
the
question
is:
does
that
need
to
be
an
individual
Docs
installer
to
not
rely
on
our
our
current
dockside
I
want.
D
I
want
vodcast
official
status
documentation
very
much
like
hell
signal
has
a
technic
on
all
the
things
they
use
in
the
in
the
interesting
things
around
it.
I
want
us
to
say
these
are
all
of
the
things
that
we
use
both
from
a
application
and
organization
that
have
each
trade
offs,
and
these
are
our
pad.
D
This
is
our
path
forward
to
moving,
and
it
starts
with
us
just
doing
it
internally
too,
so
we
come
together
on
where
things
are
and
how
we
like
to
go
and
then
publishing
that
as
an
official
status
thing
and
that
that
that
speaks
to
a
lot
of
the
principles.
At
the
same
time,
one
is
us
knowing
what
security
guarantees
that
we
have
us
and
being
very
transparent,
and
now
we
operate
and
how
we're
going
to
move
forward
in
terms
of
like
inclusivity,
security
almost
almost.
C
B
D
D
Okay,
let's
see
it's
going
through
the
wall
of
shame
here.
I
have
the
first
thing
that
I
put
there
was
we
don't
secure
the
audit
on
board
core
contributors,
so
this
has
a
few
different
implications.
One
is
I
would
like
this
is
part
of
security
week
is
to
set
a
minimum
bar
of
personal
security
across
the
organization,
as
well
as
odd
two
people
coming
in,
so
they
are
at
that
bar
and
we
like
and
help
them
get
to
it.
If
they're
not
there
as
well
as
maybe
augment
it
as
the
new
people
come
in.
D
How
do
we?
How
do
we
feel
about
that?
Is
that
a
is
that,
because
an
aspect
of
doing
security
audits
is
possibly
you
know
looking
at
them
to
see
if
they're
going
to
be
an
internal
threat,
whether
in
infer
clear
advertently,
is
that
a
is
that
kind
of
getting
into
people's
privacy
too
much
is
that
does
that
clash
of
other
principles?
Is
that
something
we
should
do.
B
D
D
C
Actually,
actually
I
was
a
security
weak
in
having
those
policies
posted
on
on
the
people
out
stocks,
page
and
also
on
on
on
our
security
agent.
I
would
think
people
need
is
sort
of
expectation
and
place
that
we
can
point
them
to
of
what
what
those
expectations
are
and
then,
then
we
could
think
about
questioning
them
in
it
in
a
certain
way.
So.
E
Erica
leave
ours.
Our
systems
should
be
designed
to
be
tolerant
to
these
kind
of
faults.
So
if
one
individual
messes
up
it
should
be
tolerant
to
this,
which,
if
our
systems
are
designed
as
a
way
that
one
person
handles
all
all
this
security,
then
we
are
in
a
bad
design.
So
I
would
not
care
about
so
much
about
talking
about
how
I
start
using
stuff,
but
I
think
many
people
would
care
about
this
and
will
be
paranoid
about
it.
So
I
don't
think
it's.
E
This
is
actually
good,
but
what
is
good
is
to
consider
that
these
people
can
failure,
or
they
can
some
some
time
misbehavior.
We
cannot
assume
that
they
are
forever
a
good
actor,
not
individually,
but
the
key
itself,
the
public
key.
We
cannot
assume
that
it
will
be
always
a
good
good
actor
so
making
it
really
resilient
to
that
that
would.
That
is
what
we
should
move
forward.
D
That
light
another
thing
that
we
don't
have
as
a
company
is
Incident
Response
procedures.
We
may
be
looking
at
a
lot
of
the
threat
detection
around
the
smart
contracts
redeployed,
but
if
something
goes
wrong
within
the
organization,
I'm,
not
sure
everyone
in
the
organization
knows
what
to
do
about
it
or
where
to
go
or
how
to
mitigate
it.
I
agree
we.
B
Cori,
do
you
think
this
is
the
same
s
of
infrastructure
mounting
in
general,
because
it
doesn't
have
to
be
a
malicious
attack
right?
It's
just
any
kind
of
incident.
I
was
talking
to
take
a
bunch
about
that
and
how
we
can
get
some
kind
of
basic
model
like
page
duty
or
something
like
this
and
and
enabling
people
to
sort
of
check.
What's
wrong
with
the
mail
server
and
these
types
of
things
do
you
think
that's
the
same
piece
of
work
or
do
you
think
are
different?
They.
D
B
D
And
behind
that
I
want
I,
want
everyone
in
the
organization
to
feel
safe,
whether
that
be
personal
safety
or
organizational
safety,
if
they
feel
something's
going
on,
and
they
should
have
a
very
clear
and
concise
route
to
report
that
that
help
it
have
people
respond
to
it
quickly,
even
outside
the
organization.
If
someone,
if
even
if
just
a
contributor
or
someone
who
was
looking
at
what's
going
on,
feels
like
something's
going
on
that
shouldn't
be
going
on,
they
should
also
have
a
place
to
report
it
to
us
as
status,
so
that
we
can.
E
Someone
is
like
sending
emails
personally
directed
to
try
to
scam
someone,
so
that
is
yeah
is
that
it's
very
important
to
report
it
I
agree
because
then
someone
could
like
take
out
the
keyhole
others,
for
example,
of
a
multi-sig
and
try
just
came
out
and
together.
Maybe
they
could
succeed.
Of
course,
the
more
amount
of
users
you
have
in
this
multi-agency
intrusion
it
difficult
it's
the
arm,
but
I
guess
it's
unlikely,
but
yeah.
It's
very
important
to
report.
It.
E
C
Next
question
I'd
like
to
ask
from
the
Wall
of
shame:
quarry
is
about
our
guarantees
around
darkness,
push
notifications,
web
to
services,
mail
services,
etc.
Do
you
see
that
becoming
part
of
the
of
the
of
the
dock
site,
or
do
you
think
that
we
need
to
be
doing
more
public
based
communication
about
that?
What
a
and
how
do
other
people
feel
about
that
as
well?.
D
So
my
quick
answer
is:
there's
a
few
things
moving
in
that
direction,
one
is
the
docks
we
just
recently
said
if
we're
detailing
all
the
things
we
currently
use
and
the
security
guarantees
around
them,
that'll
help
signal
that,
as
well
as
things
like
breaking
whisper
or
where
we
read,
we
were
specifically
trying
to
figure
out
and
do
formal
to
the
scaling
tests
on
on
whisper
and
darkness
to
see
like
how
that
stuff
works.
I
think
part
of
that
endeavor
will
also
help
bring
herself
that's
alight.
So.
B
I
agree
and
I
wrote
this
one
down
and
I.
Definitely
would
you
say:
query
I
also
think
that
outside
of
whisper,
because
because
right
now,
in
terms
of
how
we
talk
about
it,
we
say
like
well
whispers
its
talking's
protocol
and
we
write
to
the
marking
material
and
so
on
and
we're
gonna
better
it.
But
it's
sort
of
lacking
this
kind
of
intellectual
rigor
where
wisp
is
not
the
only
thing
we're
using
and
and
if
you
look
at
mail
service,
a
personification
and
probably
a
bunch
of
web
to
services.
B
We
use
taste
of
all
have
an
impact
in
terms
of
darkness
and
I
know
for
a
fact
that
mail
service
and
and
push
notification
that
they
don't
have
the
same
security
guarantees.
Yet
we
don't
sort
of
make
his
explicit
and
I
think
the
fact
that
is
not
explicit
and
it's
that
sort
of
leads
us
to
not
prioritize
certain
pieces
of
work
that
will
maybe
mitigate
this,
for
example,
when
it
comes
to
push
duplications
of
finding
a
better
way
and
possibly
explicit
about
what
it
means
to
trust,
a
mail
server.
B
There's
an
apparel
piece
of
work.
That's
going
on
that
Dustin's
been
looking
a
bit
on,
which
is
this
analytics
product,
the
idea
being
that
sort
of
looking
at
metadata
leakage
in
general
and
then
using
it
at
love
as
a
form
of
analytics
and
then
work
on
sort
of
mitigating
it.
But
but
I
guess
in
general
is
just
being
more
honest
about.
B
And
I
think
also
social
with
that,
which
is
maybe
a
bigger
table,
to
get
what
are
people's
faults
in
terms
of
recent
allocation
like
how
many
people
are
spending
Sears
time,
honest
I,
think
Cory
was
pushing
this
break
and
whisper
product,
which
is
a
great
idea,
but
but
I
guess
a
more
generally
also
in
terms
of
resourcing
new
methods
on
like
how
much
do
people
feel
like
us
as
an
organization?
Are
we
spending
enough
time
on
these
things
or
what
would
people
like
to
see
in
terms
of
us
being
more
rigorous
about
this.
D
C
D
D
A
D
F
Based
on
Hester's
comment
like
I
think
it
would
be
interesting.
I
know
we
were
exploring
and
talking
about
it
before,
but
really
helping
users
understand
these
implications
and
showing
them
the
choices
they're
making
it
helps.
You
learn
right
about
about
what's
happening.
If
something
is
you
know,
public
or
private,
or
you
know,
I
think
there
there
could
be
some
work
that
we
could
do
together
in
the
UI
to
really
help
show
the
implications
of
the
choices
you
make.
I
mean
agnostic
of
whatever
design
language.
F
That
is
I
mean
just
in
terms
of
teaching
a
user,
because
a
lot
of
this
is
quite
technical
and
for
them
just
to
visually
understand
what
they
are
or
see.
The
repercussions
of
these
choices,
I
think
helps
them
immediately.
Learn
like
when
you
see
something
that
you've
done,
or
you
know,
there's
a
direct
implication
of
like
your
finances.
People
will
pay
attention,
I
think
to
like
this
choice
and
understand
so
I
think
in
some
ways
after
we
have
this
foundation,
it
will
be
really
interesting
to
explore
how
we
can
communicate
that.
C
C
D
There's
quite
a
bit
going
on
right
there
and
the
deterministic
builds
Channel
I,
know
that
there's
quite
a
quite
a
bit
of
work
underway
and
that
what
that
does
is
also
enable
a
lot
of
the
other
things
that
we're
trying
to
work
on,
especially
in
terms
of
the
points
made
in
inclusivity
of
getting
the
app
to
people
into
people's
hands
through
means
outside
of
the
app
store.
And
that
is
it's
it's
hard
to
verify
that
you've
built
something
correctly.
D
D
Yeah,
you
should
be
able
to
basically
build
something
about
yourself
and
then
look
at
how
the
company
that
built
it
or
that
wrecks
the
code,
builds
it
and
compared
them
through
the
hash.
The
final
hash,
in
which
they're
done,
if
those
match
that
you
say
alright
I,
did
that
correctly
and
things
work
as
they
intended
to
or
like.
F
D
Up
into
the
point
of
the
changes
they
make,
if
you
make
any
changes
whatsoever,
that
hash
is
gonna,
that
hash
is
gonna,
be
gone
so
like
if
someone
is
using
a
forked
version
of
status,
which
we
hope
to
enable
very
soon
like
we
increase
the
e
that
you
use
the
ease
of
building
status.
That
makes
it
easier
to
be
able
to
fork
and
make
their
own
version
and
make
the
modifications
that
they
want,
which
is
something
we
really
want
to
enable
in
terms
of
inclusivity.
D
Then
they
would
have
to
then
signal
their
specific,
build
fingerprint
and
then
people
would
know
that
they
got
the
right
one
from
them,
but
in
terms
of
providing
a
reference
implementation,
which
is
what
status
should
be
doing,
we
have
to
say
this
is
the
fingerprint
of
our
build.
If
you
build
what
we
make
and
you
want
to
use
to
use
it
the
way
we
use
it.
This
is
what
you
should
get
and
if
you
get
something
that's
different,
you
should
you
should
know
what
why
it's
different
and
where
it
came
from
or
know
something's
wrong.
D
That's
not
currently
possible
other
than
they
download
it
from
us
from
our
official,
I,
P
and
and
and
online
documents,
and
assume
that
it's
done
correctly
or
they
get
it
from
the
app
stores.
So
what
the
app
stores
are
somewhat
of
a
signal
of
correct
builds,
because
you
can
only
put
something
in
the
app
store
from
us.
D
B
You
would
have
multiple
kissinger's
I
have
a
question
which
ago
sort
of
the
Pyramid
of
pain
and
these
things,
because
there's
obviously
a
lot
of
things
we
can
do
in
terms
of
research
and
and
also,
if
you
go
into
private
transactions
and
and
like
all
these
types
of
things.
What
what
do
you
folks
in
terms
of
like
how
can
we
make
the
problem
or
sort
of
not
this
problem,
but
or
these
guarantees
like?
B
How
can
we
make
it
sort
of
more
like
we're
building
something
where
we
start
with
the
very
basics
and
I'm
sure
that
those
are
taken
care
of,
and
so
that
a
reflects
the
pyramid
of
shame
in
terms
of
how
we
do
raises
allocation
and
what
we
pay
attention
to
it?
What
point
in
time
do
any
thoughts
on
that
query?.
D
E
A
We
need
to
find
ways
to
to
integrate
the
implication
in
in
the
user
interface
itself,
so
I
totally
agree
with
education
of
contributors
when
it
comes
to
education
of
like
and
end
users,
I,
don't
think
it's
a
sufficiently
effective
way
to
make
sure
our
security
measures
will
work.
There's
a
lot
of
things
that
I've
learned
and
yet
do
anyway.
C
Okay
Hester,
but
how
do
you
feel
about
us
being
able
to
say?
Well
in
essence,
we
told
you,
so
how
do
you
feel
about
that?
We
just
we
have
this
in
the
user
flow
and
that
information
is
there.
Do
you
feel
like
that
would
decrease
the
user
experience
if
they
have
short
messages
or
combined
with
images
that
are
that
are
explained
to
them
security
implications?
Can
that
be?
You
know
a
part
of
our
brand
identity?
That
is,
that
is,
that
is
useful.
I.
A
C
E
What
they,
what
they
did
is
is
actually
they
made
really
scary
message
and
a
lot
of
text
and
try
to
make
the
user
actually
go
to
that
process
of
understanding
and
and
III
think
it
it's
really
good
what
was,
in
my
opinion,
it's
good
the
idea
they
have,
and
maybe
we
can
try
to
make
that
text
even
more
easier.
So
with
with
graphics,
maybe
a
video.
Maybe
you
know
we
try
to
figure
out
something
like
this,
because
I
totally
agree
really
important.
E
You
have
these
security
education
because
it's
this
is
the
main
fact
AK
vector
difficulty.
Of
course
we
need
to
take
care
of
our
bills
being
deterministic
and
make
everything
safe
in
the
in
in
our
stages
that
I
am
website,
but
the
magnetic
vector
R
of
we
are
going
to
have
our
scammers.
So
this
is
what
we,
how
we
prevent
people
sending
money
to
bad
III
cos,
for
example,
yeah
I
think
it's
it's
relevant.
E
C
D
Spent
a
tremendous
amount
of
time
talking
with
with
my
crypto
tailor,
tailored
them
about
about
these
very
issues
and
I
and
I
heavily
respect
their
their
allocation
of
resources
to
help
educate
users.
I
mean.
If
we
want
to
be
the
the
portal
to
ethereal,
want
people
to
access
aetherium
through
status,
then
we
need
to
have
them
feel
safe
about
using
status,
and
that
comes
with
our
attempts
to
help
educate
them
in
two
things.
B
B
We
had
slack
completely
open
and
then
we
had
a
lot
of
scammers
and
people
lost
tens
of
thousands
of
dollars
because
people
sent
these
links
and
they
tended
to
be
certain
people
in
status
and
so
on,
and
that
led
to
sort
of
the
closing
of
slack
and
then
sort
of
having
riot
and
doing
this
sort
of
custom,
whitelist
logic
thing
which
was
like
kind
of
semi,
centralized
kind
of
moderation
tool
and
as
we're
moving
to
so
status
with
links
and
so
on.
This
will
be
a
problem
again.
B
C
D
G
A
G
Also
think
about,
like
some
special
modes,
if
there
is
some
features
that
are
not
super
secure
now,
for
example,
if
it's
push
notifications
that
you
know
are
not
encrypted
or
whatever
can
you
mean
just
let's
a
couple
of
notes?
One
of
them
is
paranoia
to
mood,
and
if
you
choose
it,
then
by
default
you
have
all
features
that
are
lacking.
Let's
say
security
now
switched
off,
and
then
we
just
list
them.
Okay,
you,
you
enabled
paranoid
mode.
Then
you
will
not
get
push.
G
Notifications,
you'll
not
get
my
own
server
history
and
but
you
will
get
something
so
joy
generally
might
get
like
some
medium
mode
like
you
know
something
between
and
then
I
use
all
features,
but
be
informed
that
at
the
moment
they
have
this
and
this
and
this
things
that
are
not
yet
secured.
That's
it
so,
of
course,
the.
C
Donor
discussion
about
revolution
mode
and
people
were
talking
about
different
naming
conventions
and
I.
Think
that
that
the
approach
that
that
Met
has
suggested
visually
is
is
exactly
what
takes
that
into
account.
Is
that
we
use
that
we
use
color
and
shape
and
information
to
delineate
the
types
of
features
that
people
are
and
then
are
enabling
and
that
maybe
we
should
be
looking
towards
building
those
types
of
components.
G
Okay,
I'm
not
sure,
like
from
implementation,
point
of
view
what
you
should
do
to
show
persons
that
push
notification
is
enabled
like,
but
okay,
it's
it's,
of
course
a
design
question.
But
it's
it's
like
the
same
thing
as
Hester
mentioned
about
you,
know,
being
educated,
being
informed
and
actually
acting
on
it
and
sometimes
really
when,
when
I'm,
using
my
crypto,
for
example
and
I,
just
I
just
know
what
what
was
written,
maybe
half
on
that
pop-ups
I,
just
click
through
next
next.
G
Maybe
there
are
more
features
as
they
have
no
idea
and,
for
example,
may
salvers
if
they
will
not
go
to
some
advanced
mode.
They
will
never
see
this
and
they
don't
need
to
think
about
it.
So
it's
like
an
umbrella
where
we
just
you
know,
combine
the
features
that
are
secure,
not
very
secure
and
totally
not
secure
and
help
our
users
to
make
the
choice.
And
of
course
education
is
super
important
and,
for
example,
if
someone
is
proposing
you
one
Israel
and
they
all
send
you
tennis
or
wet
this.
G
Probably
we
can't
moderate
because
we
don't
want
to
moderate
anything
like
we
want
everyone
to
to
be
able
to
participate.
So
this
where
we
need
to
educate
only,
but
in
the
places
where
we
can
provide
something,
then
we
can
say
hey
turn
a
paranoid
mode
and
you
are
secure,
I,
think,
that's,
that's
it.
We
don't
need
to
waste
like
I,
don't
know
an
hour
of
your
time
to
just
to
use
it.
I
agree.
C
With
that
so
Hester
just
posted
in
the
chat
where
it
is
that
she
a
document
about
where
does
she
thinks
that
we
can
surf
that
in
the
interface
hester?
Could
you
add
that
to
the
wall
ashamed
action
point
under
education
in
the
hack
and
d
document?
That
would
be
great,
so
we're
five
minutes
away
from
the
end
of
this
session.
Do
we
want
to
wrap
this
up
in
any
sort
of
way?
Have
we
come
to
a
to
a
good
understanding
of
where
we're
at
and
where
do
we
want
to
go.
D
C
D
D
D
B
D
D
Want
to
make
sure
that,
like
we
leave
from
this,
with
with
like
clear
knowledge
on
how
we
move
forward,
we
have
we
have
a
lot
of
The
Wall
of
shame
items
that
we
can
then
bring
into
more
like
concentrated
while
the
shame
things.
But
then
the
action
items
associated
with
them
I
want
to
make
sure
we
start
working
on
those
too.
So
the.