[liberationtech] OkayFreedom

Sun Oct 28 23:14:19 PDT 2012

Perhaps there should be a 'TripAdvsor' for digital security tools ... 

On 29/10/2012, at 12:58 PM, Nadim Kobeissi wrote:

> Hm. I'm frustrated by Eric's reply to the point where I'm going to do a
> complete audit of OkayFreedom and post any vulnerabilities and exploits
> I may find in public on my blog, including detailed instructions on how
> to break everything.
> 
> Expect something within weeks.
> NK
> 
> On 10/28/2012 9:46 PM, Eric S Johnson wrote:
>>> misremember the entire discussion; it happens to all of us!
>> 
>> I imagine we each remember what best supports our own point of view. I'm
>> sure it happens to all of us!
>> 
>>> open at the moment for those in the US is if we will have some kind of
>>> justice for this spying on all of us. It sure seems bleak.
>> 
>> Yes, it does. I hope all the Amcits on this list have voted (or will do so)!
>> 
>>> to make their own choices, to show data and stories about lessons we've
>>> learned the hard way, and when we are able, to offer solidarity where it
>>> is possible and welcome. 
>>> What matters is that users must be protected against serious
>>> attackers.
>> 
>> Agreed.
>> 
>>> I personally feel like it is often suggested
>>> that the burden to show something is unsafe is on us. 
>> 
>> You assume everything is unsafe. Saying "telephones are dangerous. VPNs are
>> dangerous. Anything Microsoft is dangerous. Everything's dangerous"--well,
>> okay, sure, so is walking across the street (let alone just breathing,
>> especially for those of us who live in China). But if you have only ten
>> minutes to get this journo in Gyanja, Gomel, or Gonder to do something
>> different, even you (let alone the rest of us relative neophytes) aren't
>> going to be able to get him using TAILS. So, we have to prioritise.
>> 	One way to prioritise is to assign various levels of likelihood to
>> the possible threats. And one way to do that, in turn, is to assess what we
>> do know about the threats which have proven problematic in the past. Sure,
>> we don't know what we don't know: epistemology and all that. But we can
>> tally up what we have learned, and use that as a basis, however imperfect,
>> for saying to the activist from Gweru: if we only have ten minutes, the goal
>> is to move toward mitigating problem X (and we'll only be able to provide
>> the simple solution which takes partial care of the problem--not a solution
>> which would keep the NSA off Jake's back, but a solution which is likely to
>> make this particular person safer). If we have an hour, we should be able to
>> help mitigate X, Y, and Z. Ideally, we'll have three days, and then we can
>> help mitigate all 15 top problems.
>> 	To "there's no point in anything less than perfection"--well, yes,
>> we'll have to agree to disagree on that. I think there's huge value in
>> getting someone to use a solution which is "more secure" in their particular
>> context (ideally we get that knowledge from on-the-ground research in
>> addition to reports in Western media), even if it's not a perfect solution.
>> 
>> What I don't get is why you work so hard to discredit folks rather than
>> educating them. All of us on this list know you're a God (despite your
>> sarcastic "perhaps I'm just dense"). We all understand you know more about
>> cybersecurity and cybersurveillance (never mind that you hate certain words)
>> than the rest of us combined. Everyone loves gaining from your experience
>> (e.g. (just to name the most recent examples) your teardown of OkayFreedom,
>> the VPN security paper to which you referred a couple days ago, etc.).
>> 
>> Best,
>> Eric
>> 
>> --
>> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

--------------------------------
Sam de Silva
skype: samonthenet
sam at media.com.au
+61 412 238 041