[liberationtech] Fwd: Re: When It Comes to Human Rights, There Are No Online Security Shortcuts | Threat Level | Wired.com

Katrin Verclas katrin at mobileactive.org
Fri Aug 10 12:25:37 PDT 2012 

---------- Forwarded message ----------
From: "Patrick Ball" <pball at benetech.org>
Date: Aug 10, 2012 3:21 PM
Subject: Re: [liberationtech] When It Comes to Human Rights, There Are No
Online Security Shortcuts | Threat Level | Wired.com
To: "Katrin Verclas" <katrin at mobileactive.org>
Cc: "Nadim Kobeissi" <nadim at nadim.cc>

[Katrin: feel free to repost to the list if you want, the traffic is too
high so I don't want to join. I lurk occasionally.]


Nadim,

Research is great, and I am personally delighted you're doing it. Great
things may come of it, and the notes in the later part of the thread to
which Katrin alludes are very interesting. As I noted in the op-ed, the
browser extension may mature into a really useful tool -- once it's been
tested and reviewed and tested some more.

For the meantime: mark it alpha. In a giant, blinking font write: "not for
use by people who are really at risk." Writing "with some limitations" is
insufficient warning to non-technical users in a space where the risks are
this high. Leaving it up with the implication that it's tested software
that people at risk can depend on is irresponsible.

It's really cool that you and Jake and others are thinking up neat ideas at
dinner. You're both very smart and creative guys, and that's a great place
to start. It's not something you should then make public for vulnerable
people to depend on.

Schneier taught me years ago that security is really really hard. We can't
trust it until we've tested every which way anyone in good or bad faith can
think up. Even then, there might always be another crack, but our
confidence increases with each positive review and new attack our tool
withstands. Your browser extension may get there, but it's a ways off yet.
I hope you persist. Good luck.

-- PB.


On 10 Aug 2012, at 12:07, Katrin Verclas wrote:

> Patrick, care to comment? You might also want to review the conversation
on the libtech list (all 62 messages) where a lot of issues related to
Cyrptocat and security and activism has been discussed in great detail, and
with a lot of thought and care.
>
> (And, for the record, I have no editorial judgement one way or another -
really just shared a link here.  I have appreciated, however, the really
good conversation on this on libtech)
>
> Katrin
>
> On Aug 10, 2012, at 2:40 PM, Nadim Kobeissi wrote:
>
>> I'm sorry to have to say this, but this piece seems to expressly
>> ignore a lot of the research and discussion that's already happened
>> about Cryptocat and (I'm sorry) is very self-promotional of Ball and
>> Martus. The discussion around improving code delivery, which has been
>> going on for months, is completely ignored and instead there's a
>> picture of Patrick Ball in an article in which he asks Cryptocat to
>> 'consult experts.' If Mr. Ball had bothered weighing into any
>> conversation before writing this piece, or contacting me at all, I
>> would perceive the article as far more honest.
>>
>> NK
>>
>>
>> On Fri, Aug 10, 2012 at 6:15 AM, Katrin Verclas <katrin at mobileactive.org>
wrote:
>>> and Ball from Martus/Benetech weighs in...
>>>
>>> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/
>>>
>>>
>>> _______________________________________________
>>> liberationtech mailing list
>>> liberationtech at lists.stanford.edu
>>>
>>> Should you need to change your subscription options, please go to:
>>>
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>> If you would like to receive a daily digest, click "yes" (once you click
>>> above) next to "would you like to receive list mail batched in a daily
>>> digest?"
>>>
>>> You will need the user name and password you receive from the list
moderator
>>> in monthly reminders. You may ask for a reminder here:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>> Should you need immediate assistance, please contact the list moderator.
>>>
>>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
> Katrin Verclas
> MobileActive.org
> katrin at mobileactive.org
>
> skype/twitter: katrinskaya
> (347) 281-7191
>
> Check out SaferMobile.org
> Using Mobile Technology More Securely. For Activists, Rights Defenders,
and Journalists.
> https://safermobile.org
>
> MobileActive.org: A global network of people using mobile technology for
social impact
> http://mobileactive.org
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120810/4a5b540c/attachment.html>

More information about the liberationtech mailing list