[liberationtech] What I've learned from Cryptocat

Mon Aug 6 18:08:21 PDT 2012

On 2012.08.06 17.51, Jacob Appelbaum wrote:
> Jillian C. York:
>> It's difficult.  I'm not a technologist, but I understand the issues and
>> the user needs well.  My "type," I'd surmise, is few and far between.
>>
>> Security experts have obvious reasons for being conservative, and I get
>> that.  Nevertheless, there are a lot of users who would benefit from *a
>> little bit* of added security.  The question, then, as I see it, is:
>>
>> *How do we provide that little bit while still making users aware of risks?*
> 
> The problem is that the little bit is effectively zero.
> 
> What's the difference between Facebook chat over SSL and Cryptocat over SSL?
> 
> Without a browser extension/plugin - there is little to no difference.
> 
> You have to trust the server and the server operator to not be a bad
> actor in both cases.

It is true that you have to trust the server operator in both cases.
However, having a server configuration which does not completely
compromise user privacy (vs. the operator) by default, like Facebook
does, is still a significant improvement in many use cases, as is the
ability to have a diversity of server operators.

If you insist on only permitting tools which offer a mythical "perfect"
standard of security, you ensure that many at risk users will use
plaintext tools that offer no security at all.

Yes, it is likely that cryptocat will be broken in a non-plugin version,
and that people will die because of it.  However, it is also likely that
cryptocat will save lives, vs. plaintext alternatives, and that a plugin
version of cryptocat will also be broken at some point, and that people
will die because of that.

We need an ecosystem of tools, not a magic bullet.  The Security
Community as such has done much good over the years.  However, security
professionals who are unwilling to acknowledge that different users have
different needs, that online security exists within a larger
constellation of risk analysis, and that usability can and often does
trump pure security even when viewed purely through risk analysis and
outcomes are doing a grave disservice to both their field and their users.

It has been 21 years since PGP was released.  To this day, it remains a
niche product at best.  Users with real world security concerns rarely
if ever use encrypted email.  It is exactly this attitude which is to blame.

If you want to continue being irrelevant, go right ahead.  The rest of
us have real world problems to solve.

E.

-- 
Ideas are my favorite toys.