[liberationtech] What I've learned from Cryptocat
Jacob Appelbaum
jacob at appelbaum.net
Mon Aug 6 18:55:38 PDT 2012
Ali-Reza Anghaie:
> On Mon, Aug 6, 2012 at 9:08 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Ali-Reza Anghaie:
>>>
>>> Except you're trying to solve a resource and environmental OPSEC
>>> problem while effectively reducing the available exfiltration surface
>>> (as it were) to a point where the adversary Nation-State (one use
>>> case) can shut it down even easier. And you're still not addressing
>>> the whole of the problem set an end-user in these hostile environments
>>> will face.
>>
>> Huh?
>>
>> If your internet cafe has a key logging or a screen logging system,
>> they're equal. If they can break SSL, you lose on the network.
>
> Let me try this again - sorry.
>
> If Cryptocat only works on fewer available systems because it's trying
> to build in more technical resiliency then it also becomes easier to
> shutdown in hostile environments (e.g. Iran). On top of that it also
> reduces the number of people capable of using it at all.
>
I think that's a false dichotomy. It still works - there is simply a
more secure alternative for users who can click a button. This also
allows for decentralized use where users don't have to trust the server
as much as they might trust Nadim's main server.
> I think I have to throw together a table w/ real-world use/region
> examples from say Iran to communicate it better. -Ali
>
Seems great.
All the best,
Jake
More information about the liberationtech
mailing list