[liberationtech] What I've learned from Cryptocat
Ali-Reza Anghaie
ali at packetknife.com
Mon Aug 6 18:02:33 PDT 2012
On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> The problem is that the little bit is effectively zero.
>
> What's the difference between Facebook chat over SSL and Cryptocat over SSL?
>
> Without a browser extension/plugin - there is little to no difference.
>
> You have to trust the server and the server operator to not be a bad
> actor in both cases.
Except you're trying to solve a resource and environmental OPSEC
problem while effectively reducing the available exfiltration surface
(as it were) to a point where the adversary Nation-State (one use
case) can shut it down even easier. And you're still not addressing
the whole of the problem set an end-user in these hostile environments
will face.
I think a "step back" needs to be taken and look at the sum of
problems the various tiers of activists encounter - and which ones we
can truly solve remotely. Unfortunately almost none of them start w/
technical solutions. -Ali
More information about the liberationtech
mailing list