[liberationtech] What I've learned from Cryptocat

Mon Aug 6 18:31:46 PDT 2012

On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> Without a browser extension/plugin - there is little to no difference.

But is there one _with_ a browser extension/plugin?
Especially on a browser platform that gets transparent pushed upgrades?

I'm very skeptical.

I especially skeptical that this kind of claim is being made without
the context of the people being protected.  Perhaps depending on
Google not to cooperate with people who would kill you is reasonable
if you're in Iran... but matters are less clear if you are a political
enemy of a jurisdiction where they have a sizable legal presence.

Is the best solution we have to secure tools presenting practical
barriers to usage making sure that less secure tools are roughly as
hard to use?

Of course, I get it… The problem is that the user doesn't reasonable
have the free time to understand all the minutia of difference
security threat models and defenses, some which are quite subtle.   So
when you tell a user something is "secure" it damn well better be as
secure as we can make it, because people with their lives on the line
are inevitably going to make the wrong calls with respect to how much
security they need.

And I've experienced first hand people having bogus expectations of
cryptocat privacy and chat partners being unwilling to switch to OTR
instead.

But— there are millions and millions of people still using plaintext
chat, open to countless numbers of totally undetectable passive
observers. There are millions of people using facebook chat which is
now (according to the popular press) utilizing machine learning based
analysis to identify "criminal" discussions for reporting (and even if
now the reporting furthers human welfare, no one sane would assume it
would stop there forever). All of this insecure activity contributes
to corporate and government addiction to easy surveillance, an
addiction which will make eliminating the insecurity harder.

Tools that make improving security easy, even if they do an incomplete
job of it, can make a real improvement in the total welfare... but if
only they can be prevented from siphoning off activity which would use
the more secure tools.

My preferred method of addressing this concern is to simply hide all
mention of security / encryption, etc. if you're not able to provide a
state of the art solution.   Let casual users _think_ it's as insecure
as plain-text, because thats all you're able to really promise that it
is.  Users who know they need security and are willing to get it won't
get tempted away.

This advice might apply to the authors of tools like Mumble, which has
it's own entirely security unrelated use-cases... Unfortunately, I
don't know how you market a tool such as cryptocat and get people to
use it in the first place when it's major advantage is that it's on
average probably more secure than the alternatives.