[liberationtech] Fwd: Re: When It Comes to Human Rights, There Are No Online Security Shortcuts | Threat Level | Wired.com

Fri Aug 10 12:30:13 PDT 2012

Here's the reply I sent to Patrick:

Patrick,
Thanks for your well-wishes, but I'm under the impression that
actually participating in the conversation and technical debate would
be far, far more productive than ample servings of high-level
gratuitous formality. It's one thing to compliment Jake and I on the
research we're doing and then writing an article that almost fully
does not pay heed to it, and entirely another to actually delve into
that discussion yourself instead of ignoring it in favor of a piece
with a picture of yourself at its top and two paragraphs on how
experts like you need to be consulted at its bottom.

There's a certain amount of honest contribution that I'm expecting
here, and your article, while better than most that have surrounded
this topic, would have been better served actually contributing to the
conversation that *is* fixing Cryptocat, instead of dismissing it
entirely in favor of things less worthwhile.

NK

On Fri, Aug 10, 2012 at 12:25 PM, Katrin Verclas
<katrin at mobileactive.org> wrote:
> ---------- Forwarded message ----------
> From: "Patrick Ball" <pball at benetech.org>
> Date: Aug 10, 2012 3:21 PM
> Subject: Re: [liberationtech] When It Comes to Human Rights, There Are No
> Online Security Shortcuts | Threat Level | Wired.com
> To: "Katrin Verclas" <katrin at mobileactive.org>
> Cc: "Nadim Kobeissi" <nadim at nadim.cc>
>
> [Katrin: feel free to repost to the list if you want, the traffic is too
> high so I don't want to join. I lurk occasionally.]
>
>
> Nadim,
>
> Research is great, and I am personally delighted you're doing it. Great
> things may come of it, and the notes in the later part of the thread to
> which Katrin alludes are very interesting. As I noted in the op-ed, the
> browser extension may mature into a really useful tool -- once it's been
> tested and reviewed and tested some more.
>
> For the meantime: mark it alpha. In a giant, blinking font write: "not for
> use by people who are really at risk." Writing "with some limitations" is
> insufficient warning to non-technical users in a space where the risks are
> this high. Leaving it up with the implication that it's tested software that
> people at risk can depend on is irresponsible.
>
> It's really cool that you and Jake and others are thinking up neat ideas at
> dinner. You're both very smart and creative guys, and that's a great place
> to start. It's not something you should then make public for vulnerable
> people to depend on.
>
> Schneier taught me years ago that security is really really hard. We can't
> trust it until we've tested every which way anyone in good or bad faith can
> think up. Even then, there might always be another crack, but our confidence
> increases with each positive review and new attack our tool withstands. Your
> browser extension may get there, but it's a ways off yet. I hope you
> persist. Good luck.
>
> -- PB.
>
>
> On 10 Aug 2012, at 12:07, Katrin Verclas wrote:
>
>> Patrick, care to comment? You might also want to review the conversation
>> on the libtech list (all 62 messages) where a lot of issues related to
>> Cyrptocat and security and activism has been discussed in great detail, and
>> with a lot of thought and care.
>>
>> (And, for the record, I have no editorial judgement one way or another -
>> really just shared a link here.  I have appreciated, however, the really
>> good conversation on this on libtech)
>>
>> Katrin
>>
>> On Aug 10, 2012, at 2:40 PM, Nadim Kobeissi wrote:
>>
>>> I'm sorry to have to say this, but this piece seems to expressly
>>> ignore a lot of the research and discussion that's already happened
>>> about Cryptocat and (I'm sorry) is very self-promotional of Ball and
>>> Martus. The discussion around improving code delivery, which has been
>>> going on for months, is completely ignored and instead there's a
>>> picture of Patrick Ball in an article in which he asks Cryptocat to
>>> 'consult experts.' If Mr. Ball had bothered weighing into any
>>> conversation before writing this piece, or contacting me at all, I
>>> would perceive the article as far more honest.
>>>
>>> NK
>>>
>>>
>>> On Fri, Aug 10, 2012 at 6:15 AM, Katrin Verclas <katrin at mobileactive.org>
>>> wrote:
>>>> and Ball from Martus/Benetech weighs in...
>>>>
>>>> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/
>>>>
>>>>
>>>> _______________________________________________
>>>> liberationtech mailing list
>>>> liberationtech at lists.stanford.edu
>>>>
>>>> Should you need to change your subscription options, please go to:
>>>>
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>> If you would like to receive a daily digest, click "yes" (once you click
>>>> above) next to "would you like to receive list mail batched in a daily
>>>> digest?"
>>>>
>>>> You will need the user name and password you receive from the list
>>>> moderator
>>>> in monthly reminders. You may ask for a reminder here:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>> Should you need immediate assistance, please contact the list moderator.
>>>>
>>>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
>>
>> Katrin Verclas
>> MobileActive.org
>> katrin at mobileactive.org
>>
>> skype/twitter: katrinskaya
>> (347) 281-7191
>>
>> Check out SaferMobile.org
>> Using Mobile Technology More Securely. For Activists, Rights Defenders,
>> and Journalists.
>> https://safermobile.org
>>
>> MobileActive.org: A global network of people using mobile technology for
>> social impact
>> http://mobileactive.org
>>
>>
>>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list moderator
> in monthly reminders. You may ask for a reminder here:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech