Topic: auto update defaults dangerous?

I've been checking out FireGPG.

By default, automatic updates were enabled.

For the parts of the world where FireGPG is most needed (especially this week), this is a big red flag to use of (illegal) encryption software.

Obviously running old crypto software can be a vulnerability too, but I don't even know if auto updates fetch the moment I installed.

Is this just a Beta thing?  Is Beta FireGPG secure enough for real world secure uses?

Nice work on FireGPG.  Having hours examining alternatives, I say it is desperately needed.

Re: auto update defaults dangerous?

I don't understand what you want, but you can disable auto update, and let's firefox check them himself...

Autoupdate is just a beta thing,  but FireGPG is probably secure enough. If you want a relay secure gamil, don't compose the mail into the gmail composition's windows. A feature to compose in a external windows is planned.

Re: auto update defaults dangerous?

the_glu wrote:

I don't understand what you want

Iran has 100% monitoring of outbound traffic. 

The auto update request to a known FireGPG IP allows the gov't very easily to track FireGPG users in the country, even if they got their copy from a USB drive.

This is a potentially dangerous behavior.

Does auto update check when FireGPG is first installed, before the user can turn it off?

Will Firefox's own update mechanism directly access a FireGPG specific IP anyway?

Re: auto update defaults dangerous?