[liberationtech] What I've learned from Cryptocat

bou bou at aktivix.org
Tue Aug 7 09:13:21 PDT 2012 

hi,

i collaborate on a server-project similar to riseup, a lot smaller but
similar in inception.

On 07/08/12 02:45, Moxie Marlinspike wrote:
> I actually disagree with your premise.  I don't see Riseup as a
> "security" project, but as a project that's value is in self-sufficiency
> and self-control.

self-sufficiency and self-control seems to produce more overall
security, or may be better called, overall privacy/control over your own
communications.
> This might be an unpopular opinion, but if I were talking with an
> activist, and they wanted to strictly prioritize the *security* of their
> email without any other consideration, I would recommend GMail over
> Riseup.  

riseup and other activist projects do not isolate "security" from other
considerations like privacy.

encryption may be better provided by gmail. However, gmail will more
probably give data to governments and/or corporations when asked than
riseup. Moreover, gmail stored data is of valuable information to
governments (oppressive or not) about who is talking to whom, (mapping)
which riseup makes a point of not keeping. That may not be technically
security but it is something that activists should value and a reason
not to choose google (or facebook or hushmail for that matter) over
riseup for instance.


> Again, no offense to the awesome people at Riseup, but I
> believe that Google has probably done a better job in maintaining their
> SSL infrastructure, server security, and authentication systems (2FA, etc).

i may be repeating myself but what is the point of having a good ssl
infrastructure if the data they have available is going direct to those
the activist campaign against?

> I don't expect the members of Riseup to go to jail for me if they were ever presented with a warrant for my stored emails.

I do expect them to contact me so that we collaboratively agree on the
best course of action for all. I do not think i can expect any one whose
livelihood depends on the commercialisation of my communications to risk
the continuation of their business by challenging those in power.

better off undetected

-- 
https://network23.org/bou

More information about the liberationtech mailing list