[liberationtech] What I've learned from Cryptocat
Eric S Johnson
crates at oneotaslopes.org
Tue Aug 7 05:39:49 PDT 2012
The donor-funded Information Security Coalition is the largest
digital-security-for-activists project, so its mentors / cybersecurity
officers are among the best repositories of activists & journos'
experiential information that is key to outlining an online-freedom threat
model for each target country. But it would be hard to get consensus among
all the possible actors in this field; the techsec training I recently held
for Zim activists might lead me to different conclusions than those of the
(at least two, just counting folks on LibTech) others who were there,
independently of each other and me, doing similar work just in the last
couple months. And that's just one country. (Or maybe we'd agree. There's a
surprising lack of cooperation/communication among the main players, even
though their absolute number is rather small.)
It's my impression that the biggest disagreement is over
whether we should be trying to teach everyone the maximum (on the assumption
that the bad guys are practically omnipotent, or could be), or whether we
should come to terms with the fact that if the solutions we provide are too
hard, no one will use them, which leads us to settling for some version of
"good enough." (A classic example might be IM: some insist we teach
Pidgin+OTR (or Psi+OpenPGP, or whatever), which is the nuclear option but
which trainees, practically speaking, don't end up using; others settle for
Skype, for which we can describe theoretical attacks but which, in practice,
has so far proved secure from inline interception, and which trainees do use
because its UI's great one's interlocutors are probably also on it
(Metcalfe's law).)
I know of about two dozen "guides for activists to stay safe online" (by
RSF, CPJ, EFF, RSF, etc.; they're enumerated in my own 8p 30-point
cheat-sheet aggregation of data on this topic (aka "the SIDA PDF"), which
I'm happy to share with anyone who requests it-many of you have seen /
contributed to it), but the leading one is probably "Security in a Box" (aka
SiaB, by TTC+FLD) (currently (constantly?) being updated). Most of these
guides are informed by a lot of field experience (e.g. I've worked in/on
almost all the hostile countries-I even live in one of them).
Best,
Eric
<http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2>
PGP
From: liberationtech-bounces at lists.stanford.edu
[mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Ali-Reza
Anghaie
Sent: Tuesday, 07 August 2012 04:40
To: Luke Allnutt
Cc: liberationtech-bounces at lists.stanford.edu;
liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] What I've learned from Cryptocat
On Tue, Aug 7, 2012 at 4:25 AM, Luke Allnutt <AllnuttL at rferl.org> wrote:
With Frank's message in mind, do list members have thoughts about the best
dumbed-down guide for activists to stay safer online?
I know EFF, MobileActive, and Movements.org have done some good work in this
field, but wondered whether there is a consensus on a good short,
easy-to-understand document for activists?
If there is an existing consensus - it's bound to be part of the problem..
Snark aside, I'm serious.
The biggest problem I've seen w/ any of these is the total lack of
understanding how all of these same target users dealt with Government
surveillance ~before~ us and what carryover behaviors still work for them
now.
Set aside the Cryptocat project, where do the list managers or various
Faculty and Staff suggest we can gather the "requirements" from all of our
personal experiences. At least we have them to then start categorizing and
consolidating into a "message" for those trying to help the activists under
fire. -Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120807/e411415f/attachment.html>
More information about the liberationtech
mailing list