Remove Croc from recommendations

[dngray]

This is a follow up of #886

We're removing Croc, see issue: schollz/croc#468

We may consider it when schollz/croc#467 is completed.

For now as an alternative, we suggest using Magic Wormhole.

[netlify]

✅ Deploy Preview for privacyguides ready!

Name	Link
🔨 Latest commit	71dcde6
🔍 Latest deploy log	https://app.netlify.com/sites/privacyguides/deploys/624dc8b7f55f46000830dbd0
😎 Deploy Preview	https://deploy-preview-927--privacyguides.netlify.app/file-sharing
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[netlify]

✅ Deploy Preview for privacyguides ready!

Name	Link
🔨 Latest commit	a54fe21
🔍 Latest deploy log	https://app.netlify.com/sites/privacyguides/deploys/624dfc33e83fa20009156c44
😎 Deploy Preview	https://deploy-preview-927--privacyguides.netlify.app/tools
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[ghost]

Remember to remove from the tools page too

[realguyman]

@dngray As @lx-is already stated, it is still present here (to clarify): https://deploy-preview-927--privacyguides.netlify.app/tools/#file-sharing.

Please remove it from there, then we should be ready to merge.

[samuel-lucas6]

He has blocked me as I cannot comment on any issues. I don't think there's much hope of SIEC being removed, which is very unfortunate. I'm not sure why RedRocket was unconcerned when investigating, although they note weird design decisions in their conclusion. The developer's blog again reinforces the fact that he views SIEC as a good choice.

[dngray]

In general, this is something that concerns us, experimental crypto should never make it into products as a default which people depend on.

[schollz]

croc author here. Had some time today so I defaulted croc to P-256 instead of SIEC as of v9.5.3.

Ps. Yeah samuel-lucas6 is banned from croc temporarily for doubling down on troll behavior (inflammatory comments, etc).

[samuel-lucas6]

I defaulted croc to P-256 instead of SIEC as of v9.5.3.

A wise decision. If you had clarified your initial reply to the Curve25519 issue, then I would have done the PR for that myself, but you chose not to answer my question.

It's notable that you have still not removed SIEC despite closing the GitHub issue, meaning a risk of potential insecurity remains for a reason you have yet to justify because you did not respond to my questions.

Ps. Yeah samuel-lucas6 is banned from croc temporarily for doubling down on troll behavior (inflammatory comments, etc).

My intent was never to troll. However, I was and will continue to be accusatory and infuriated because you are blatantly avoiding my questions, brushing off criticism related to SIEC, and comfortable with your design decisions despite potential harm to your users.

For the final time, let me make myself very clear:

• It is a very large project: croc has 18.9k stars, 843 forks, 148,766 total downloads, and the previous version (v9.5.2) currently has 15,730 downloads.
• It is a security related project: the README says 'securely transfer files and folders' and 'provides end-to-end encryption' at the top.
• You have an obligation to the users of the project to attempt to provide security if you are marketing it as secure: there's no warning about SIEC and see above.
• Yet you are using a curve designed by your brother that has received minimal peer review and cryptanalysis despite extremely popular curves being accessible to you and recommended in guidance online and books. You implemented a PAKE, meaning you have read into cryptography and are well aware of these facts.

Like most open-source software, I, the maintainer, have no obligation to any aspect or any use of this software by anyone.

If you do not want this security obligation, then I suggest you avoid security projects.

[schollz]

I was and will continue to be accusatory

Then you were and will continue to be a troll and the ban will be permanent.

you chose not to answer my question

People exhibiting troll-like behaviors are not worth answering to.

Anyways, this privacy guide is new to me. I think its a great project, but I don't want any part of it. 👋