[liberationtech] What I've learned from Cryptocat

Ali-Reza Anghaie ali at packetknife.com
Tue Aug 7 06:35:42 PDT 2012 

Sounds great - I'd love a copy. I'm trying to consolidate experiences
against experience levels and in my case ~regional~ options under disparate
groups of IRGC monitoring and control.

Thanks for the offer - look forward to it. And will report back thoughts on
the use-cases I was thinking on. -Ali


On Tue, Aug 7, 2012 at 8:39 AM, Eric S Johnson <crates at oneotaslopes.org>wrote:

> The donor-funded Information Security Coalition is the largest
> digital-security-for-activists project, so its mentors / cybersecurity
> officers are among the best repositories of activists & journos’
> experiential information that is key to outlining an online-freedom threat
> model for each target country. But it would be hard to get consensus among
> all the possible actors in this field; the techsec training I recently held
> for Zim activists might lead me to different conclusions than those of the
> (at least two, just counting folks on LibTech) others who were there,
> independently of each other and me, doing similar work just in the last
> couple months. And that’s just one country. (Or maybe we’d agree. There’s a
> surprising lack of cooperation/communication among the main players, even
> though their absolute number is rather small.)****
>
>                It’s my impression that the biggest disagreement is over
> whether we should be trying to teach everyone the maximum (on the
> assumption that the bad guys are practically omnipotent, or could be), or
> whether we should come to terms with the fact that if the solutions we
> provide are too hard, no one will use them, which leads us to settling for
> some version of “good enough.” (A classic example might be IM: some insist
> we teach Pidgin+OTR (or Psi+OpenPGP, or whatever), which is the nuclear
> option but which trainees, practically speaking, don’t end up using; others
> settle for Skype, for which we can describe theoretical attacks but which,
> in practice, has so far proved secure from inline interception, and which
> trainees do use because its UI’s great one’s interlocutors are probably
> also on it (Metcalfe’s law).)****
>
> ** **
>
> I know of about two dozen “guides for activists to stay safe online” (by
> RSF, CPJ, EFF, RSF, etc.; they’re enumerated in my own 8p 30-point
> cheat-sheet aggregation of data on this topic (aka “the SIDA PDF”), which
> I’m happy to share with anyone who requests it—many of you have seen /
> contributed to it), but the leading one is probably “Security in a Box”
> (aka SiaB, by TTC+FLD) (currently (constantly?) being updated). Most of
> these guides are informed by a lot of field experience (e.g. I’ve worked
> in/on almost all the hostile countries—I even live in one of them).****
>
> ** **
>
> Best,****
>
> Eric****
>
> PGP<http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2>
> ****
>
> ** **
>
> *From:* liberationtech-bounces at lists.stanford.edu [mailto:
> liberationtech-bounces at lists.stanford.edu] *On Behalf Of *Ali-Reza Anghaie
> *Sent:* Tuesday, 07 August 2012 04:40
> *To:* Luke Allnutt
> *Cc:* liberationtech-bounces at lists.stanford.edu;
> liberationtech at lists.stanford.edu
>
> *Subject:* Re: [liberationtech] What I've learned from Cryptocat****
>
> ** **
>
> On Tue, Aug 7, 2012 at 4:25 AM, Luke Allnutt <AllnuttL at rferl.org> wrote:**
> **
>
>
> With Frank's message in mind, do list members have thoughts about the best
> dumbed-down guide for activists to stay safer online?
>
> I know EFF, MobileActive, and Movements.org have done some good work in
> this field, but wondered whether there is a consensus on a good short,
> easy-to-understand document for activists? ****
>
> ** **
>
> If there is an existing consensus - it's bound to be part of the problem..
> ****
>
> ** **
>
> Snark aside, I'm serious.****
>
> ** **
>
> The biggest problem I've seen w/ any of these is the total lack of
> understanding how all of these same target users dealt with Government
> surveillance ~before~ us and what carryover behaviors still work for them
> now.****
>
> ** **
>
> Set aside the Cryptocat project, where do the list managers or various
> Faculty and Staff suggest we can gather the "requirements" from all of our
> personal experiences. At least we have them to then start categorizing and
> consolidating into a "message" for those trying to help the activists under
> fire. -Ali****
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders. You may ask for a reminder here:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120807/2e3761ca/attachment.html>

More information about the liberationtech mailing list