感謝你提出啊,詳見po#520 第5點同第6點
=================
5) 眾籌:App developer 回覆左我關於眾籌既想法(見下文),對方話十分願意免費提供服務給香港人,唔需要眾籌,亦唔想願意捐錢既人有任何被追蹤既風險。
“We are deeply thankful for your gesture to raise money for us providing free access. At this point, we are more than happy to provide this for free to HKers, so no need for any crowdfunding. In addition, we would be concerned that any financial transactions could end up being traced, thus creating a risk for anyone donating. So we feel that it is better to hold off at this time。”
另外,網站仲有詳細既技術性解釋:
“What encryption standards does Parachute use?
All Parachute evidence travels encrypted in a secure pipe with an RSA 2048-bit key signed by a CA. We use a CAA record to prevent unauthorized entities from issuing rogue certificates. We use SSL pinning to ensure malicious governments cannot intercept our data by issuing rogue certificates. We also use HSTS to protect against downgrade attacks. To protect against email spoofing, we sign all our emails with DKIM keys, publish an SPF record, and apply a DMARC policy of "reject" across all our email systems. Organizations have the option to set up E2E encryption, which requires both parties to set up the encryption beforehand, making the data opaque to Parachute, and thus eliminating the need to trust Parachute itself. E2E encryption is only available to organizations who would like to use it, as this feature is not desirable in the normal use case of the Parachute app.”
Kxwx2019-08-02 23:35:58
同上,會去左雲端,所有數據都係美國本土,under 美國jurisdiction
另外,網站仲有詳細既技術性解釋:
“What encryption standards does Parachute use?
All Parachute evidence travels encrypted in a secure pipe with an RSA 2048-bit key signed by a CA. We use a CAA record to prevent unauthorized entities from issuing rogue certificates. We use SSL pinning to ensure malicious governments cannot intercept our data by issuing rogue certificates. We also use HSTS to protect against downgrade attacks. To protect against email spoofing, we sign all our emails with DKIM keys, publish an SPF record, and apply a DMARC policy of "reject" across all our email systems. Organizations have the option to set up E2E encryption, which requires both parties to set up the encryption beforehand, making the data opaque to Parachute, and thus eliminating the need to trust Parachute itself. E2E encryption is only available to organizations who would like to use it, as this feature is not desirable in the normal use case of the Parachute app.”