From 52296e226a51e98448a49ac0a93fd0480c08f055 Mon Sep 17 00:00:00 2001 From: Filipe Farinha Date: Mon, 22 Aug 2016 08:54:42 +0800 Subject: [PATCH] clarify how mitm attack is mitigated --- readme.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index e5cf49ad9..70a5a24b5 100644 --- a/readme.md +++ b/readme.md @@ -79,9 +79,10 @@ If you use Mac, you can `brew install chromedriver`. CryptPad is *private*, not *anonymous*. Privacy protects your data, anonymity protects you. As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things in a CryptPad such as an image which reveals your IP address when your browser automatically -loads it or a script which plays Rick Astleys's greatest hits. It is acceptable for anyone +loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone who does not have the key to be able to change anything in the pad or add anything, even the -server. +server, however the clients will notice this because the content hashes in ChainPad will fail to +validate. The server does have a certain power, it can send you evil javascript which does the wrong thing (leaks the key or the data back to the server or to someone else). This is however an