[liberationtech] What I've learned from Cryptocat

Mon Aug 6 18:59:01 PDT 2012

On 2012.08.06 18.40, Jacob Appelbaum wrote:
> Eleanor Saitta:
>> It is true that you have to trust the server operator in both cases.
>> However, having a server configuration which does not completely
>> compromise user privacy (vs. the operator) by default, like Facebook
>> does, is still a significant improvement in many use cases, as is the
>> ability to have a diversity of server operators.
> 
> That is only true if they play nice.

No, some potentially good server operators, in aggregate, are better for
a population of users than a single operator known to leak data under
many conditions.

> So this is where a lot of people take issue - you say "will be" without
> the acknowledgement that SSL has major issues and that it is thus,
> broken by many actors, right now. At least with the plugin version, we
> can try to mitigate that harm right now.

Except that with your harm mitigation, you push many potential users
back to plaintext, where they are guaranteed to be owned.  What
percentage of potential cryptocat users would the plugin version have to
stop from using the tool for you to accept that there was a place for
the non-plugin version?

If it's 100%, what you're actually saying is that you would rather those
users had no security than even a chance at security through diversity.

>> It has been 21 years since PGP was released.  To this day, it remains a
>> niche product at best.  Users with real world security concerns rarely
>> if ever use encrypted email.  It is exactly this attitude which is to blame.
> 
> Right and OTR is the counter example. Will Cryptocat be the middle
> ground, where it's perfectly easy to use cryptography but missing key
> items that make it safe?

OTR in a traditional thick client is an example of a tool which provides
good security while being realistically usable for technical users with
full access to their machine.  Don't get me wrong, it's great, but there
are also users who can and will not be able to use it.  They need tools too.

> It seems that you're speaking generally here because otherwise, it's
> unbelievably rude and frankly, silly. For better or worse - I've
> contributed countless hours to helping Nadim with Cryptocat.

I am largely speaking generally, but I'm also speaking specifically in
the sense that you've actively undermined the utility of a tool here by
encouraging Nadim to not make it available to users who cannot install
software, which is and was the only reason to use it.  Having both
versions available is a reasonable compromise, but suggesting that the
web version never be used is counterproductive given the userbase in
question.  I understand and appreciate your contributions in time -- I'm
definitely not attempting to minimize that -- but you're still refusing
to acknowledge that there exists an underserved userbase.

E.

-- 
Ideas are my favorite toys.