[liberationtech] What I've learned from Cryptocat

[Moxie Marlinspike]

On 08/06/2012 06:22 PM, Douglas Lucas wrote:
> Is not Riseup accessed over SSL webmail a comparable analogy to current
> Cryptocat? And yet activists without their own .mx trust Riseup, and no
> one says there's little to no difference between Facebook email and
> Riseup email.

I actually disagree with your premise.  I don't see Riseup as a
"security" project, but as a project that's value is in self-sufficiency
and self-control.

This might be an unpopular opinion, but if I were talking with an
activist, and they wanted to strictly prioritize the *security* of their
email without any other consideration, I would recommend GMail over
Riseup.  Again, no offense to the awesome people at Riseup, but I
believe that Google has probably done a better job in maintaining their
SSL infrastructure, server security, and authentication systems (2FA, etc).

I think this even applies to activists in the US.  I don't think it has
ever happened, but I don't expect the members of Riseup to go to jail
for me if they were ever presented with a warrant for my stored emails.
 Or, as with the box that was recently seized, the US government might
not even ask first.

- moxie

-- 
http://www.thoughtcrime.org