clarify how mitm attack is mitigated

2016-08-22 08:54:42 +08:00 · 2016-08-22 08:54:42 +08:00 · 52296e226a
parent a3f6fe8843
commit 52296e226a
1 changed files with 3 additions and 2 deletions
--- a/readme.md
+++ b/readme.md
@ -79,9 +79,10 @@ If you use Mac, you can `brew install chromedriver`.
 CryptPad is *private*, not *anonymous*. Privacy protects your data, anonymity protects you.
 As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things
 in a CryptPad such as an image which reveals your IP address when your browser automatically
-loads it or a script which plays Rick Astleys's greatest hits. It is acceptable for anyone
+loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone
 who does not have the key to be able to change anything in the pad or add anything, even the
-server.
+server, however the clients will notice this because the content hashes in ChainPad will fail to
+validate.

 The server does have a certain power, it can send you evil javascript which does the wrong
 thing (leaks the key or the data back to the server or to someone else). This is however an