[liberationtech] What I've learned from Cryptocat

Tue Aug 7 10:14:58 PDT 2012

>> I know of about two dozen “guides for activists to stay safe online” (by
>> RSF, CPJ, EFF, RSF, etc.; they’re enumerated in my own 8p 30-point
>> cheat-sheet aggregation of data on this topic (aka “the SIDA PDF”)

This.

There are so many things to be argued in this discussion, too many to
engage in, but this is the optimal solution I would love to see out of it.

Yes, there are an impossible number of guides, with various levels of
expertise behind them kept in various stages of currency. Yes, there are
who knows how many experts of various levels of expertise and with
different agendas and alliances involved in all publicity and
recommendations. Yes, every user is a unique individual with their own
needs, risk tolerance and capacity to learn, and it is for them to make
their own informed security decisions.

There is so much talk about the need to get people off of facebook; to me,
the last thing we want to do is get people off facebook and onto another
insecure tool by means of false promises, thereby destroying any faith and
goodwill towards all new security solutions. Facebook is not easy or
intuitive; the only reason most people are on it is because of the lack of
clarity and the constantly shifting targets as alternatives.

What the user groups I know need is reliable information. A transparent
crypto epistemic community that can audit the weaknesses in all the tools
to enable activists and advocacy groups to provide the knowledge bridges
to make recommendations and user guides for all. As in all background
discussion available, and use case / threat models presented in checklist
form. As a bonus, this would be a great starting place for developers of
new tools to see what is currently needed/existing and a resource of
expert opinion for media.

Rather than trying to anticipate the level of knowledge, time or patience
each user is willing to put in, there needs to be one place with all of
the potential solutions and their weaknesses transparently itemized by the
security community. The users can take it from there.

All the best,

H.