[liberationtech] CryptoParty Handbook
Jacob Appelbaum
jacob at appelbaum.net
Tue Oct 9 10:41:28 PDT 2012
ttscanada:
> On 12-10-09 4:23 AM, Bernard Tyers - ei8fdb wrote:
>> Sending a PGP encrypted e-mail to you mom, should be as easy as
>> sending an un-encrypted e-mail to your mom. But the education of
>> why you should be sending an e-mail encrypted should also be given.
>> Granted, a valid threat-model should be explained, as a given.
>
> Thank you. I understand that this is a *crypto* party discussion -
> but I really hope the end result of this manual focuses on use cases
> and threat modeling as well as the technology.
I agree entirely. We need to look at the real uses. We should stop
degrading the hypothetical mom though, the question is about literacy
and to suggest that women are less literate is pretty offensive.
Obviously, it wasn't intended in that way but boy, I've certainly had
someone read me the riot act for saying that exact example.
> Some ideas of security rely far more on technical contortions than
> real life assessment, the equivalent of entering a crowd wearing a
> flame retardant SWAT suit instead of just taking an alley. Secure
> anonymity is frequently the dead opposite of security based on trust
> networks such as pgp signed emails which depend on a real life
> identity being known and completely remove deniability or ease of
> frequently switching identities.
I think this is rather bogus. Anonymity, in terms of traffic analysis
resistance, as far as the local network is concerned is not in conflict
with identified services.
I regularly sign or encrypt email with GPG that is sent with Thunderbird
(with TorBirdy) via Gmail over Tor. I do this because location anonymity
is important to me and without Tor's anonymity, gmail would know every
location and so too would my location be revealed by the headers in my
email. Additionally, I think this makes it harder to target a specific
MITM flaw in my email client - there were years where you could
downgrade the STARTTLS in some email clients. While a Tor exit node
might be able to do that if the flaw exists, the Tor exit node doesn't
know that I'm me automatically, so selective targeting becomes
significantly harder. Not impossible, of course.
Juts today - I was on a network that blocked chat services and what we
found was that most people didn't notice because their chat was running
over Tor with TLS, a few were going to Tor Hidden Services - only those
that felt they didn't "need anonymity" were impacted. Oh the irony of
thinking of the issue of anonymity as only personal privacy, rather than
the larger issue of traffic analysis, surveillance, filtering and
censorship.
> Let's not lose track of the end goal, which is security not just
> security tools.
>
The end goal for me is about social justice and law alone has not and
will not produce social justice in isolation. We also need various
innovations working in concert with policies. We won't have security
without code to back it up - that is what we're seeing all over the
world with the massive expansion of surveillance and censorship. The
people, corporations, and governments running national firewalls were
supposedly doing it for benevolent reasons. As expected from historical
context, they're expanding their power and their impact, to benefit of
powerful stake holders, to keep their position and influence well secured.
All the best,
Jacob
More information about the liberationtech
mailing list