don't start measuring lag until after syncing and update readme

2014-11-03 20:43:43 +01:00
parent 6d68bb0bde
commit 87aa1aaf91
2 changed files with 27 additions and 4 deletions
--- a/readme.md
+++ b/readme.md
@@ -2,6 +2,8 @@

 Unity is Strength - Collaboration is Key

+## hold on, it's still a prototype...
+
 ![and_so_it_begins.png](https://github.com/cjdelisle/cryptpad/raw/master/and_so_it_begins.png "We are the 99%")

 CryptPad is the **zero knowledge** realtime collaborative editor.
@@ -21,6 +23,28 @@ To install:
    node ./server.js


+## Security
+
+CryptPad is *private* not *anonymous*. Privacy protects your data, anonymity protects you.
+As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things
+in a CryptPad such as an image which reveals your IP address when your browser automatically
+loads it or a script which plays Rick Asleys's greatest hits. It is acceptable for anyone
+who does not have the key to be able to change anything in the pad or add anything, even the
+server.
+
+The server does have a certain power, it can send you evil javascript which does the wrong
+thing (leaks the key or the data back to the server or to someone else). This is however an
+[active attack] which makes it detectable. The NSA really hates doing these because they might
+get caught and laughed at and humiliated in front of the whole world (again). If you're making
+the NSA mad enough for them to use an active attack against you, Great Success Highfive, now take
+the battery out of your computer before it spawns Agent Smith.
+
+Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea.
+
+
+
+
 [ChainPad]: https://github.com/xwiki-contrib/chainpad
 [CKEditor]: http://ckeditor.com/
 [fragment identifier]: https://en.wikipedia.org/wiki/Fragment_identifier
+[active attack]: https://en.wikipedia.org/wiki/Attack_(computing)#Types_of_attacks