[liberationtech] What I've learned from Cryptocat
Jacob Appelbaum
jacob at appelbaum.net
Mon Aug 6 18:08:10 PDT 2012
Ali-Reza Anghaie:
> On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> The problem is that the little bit is effectively zero.
>>
>> What's the difference between Facebook chat over SSL and Cryptocat over SSL?
>>
>> Without a browser extension/plugin - there is little to no difference.
>>
>> You have to trust the server and the server operator to not be a bad
>> actor in both cases.
>
> Except you're trying to solve a resource and environmental OPSEC
> problem while effectively reducing the available exfiltration surface
> (as it were) to a point where the adversary Nation-State (one use
> case) can shut it down even easier. And you're still not addressing
> the whole of the problem set an end-user in these hostile environments
> will face.
Huh?
If your internet cafe has a key logging or a screen logging system,
they're equal. If they can break SSL, you lose on the network.
>
> I think a "step back" needs to be taken and look at the sum of
> problems the various tiers of activists encounter - and which ones we
> can truly solve remotely. Unfortunately almost none of them start w/
> technical solutions. -Ali
>
Sure, I generally agree about the need for perspective.
All the best,
Jake
More information about the liberationtech
mailing list