[liberationtech] My CPJ blog: Lessons from the Cryptocat debate
Nadim Kobeissi
nadim at nadim.cc
Tue Sep 11 14:18:16 PDT 2012
Thanks, Brian. For my perspective, there's admittedly some frustration
with my work being analyzed in the state it was in months ago,
especially considering that the beta release for Cryptocat 2 is so
close. This is not the first time my work has been covered in a
non-satisfactory fashion and I wish people would contact me first/check
out the Cryptocat blog/etc. to figure out some standing questions they
may have.
I respect your perspective and completely agree with it. I should be
less frustrated.
NK
On 9/11/2012 5:04 PM, Brian Conley wrote:
> Nadim,
>
> I'm quite confused about your frustration and your ire.
>
> Excluding the fact that the title references Cryptocat, the main focus
> of the blogpost is restated in the conclusion:
>
> "The lesson of Cryptocat is that more learning and collaboration are
> needed. Donors, journalists, and technologists can work together more
> closely to bridge the gap between invention and use."
>
> It's not about whether or not Cryptocat is a good or useful tool, Frank
> is using Cryptocat as a device to initiate discussion about this: "These
> days--20 years into what we now know as the Internet--usability testing
> is key to every successful commercial online venture. Yet it is rarely
> practiced in the Internet freedom community."
>
> Would you really disagree?
>
> Secondly, I guess its possible that I'm the only one ignorant of this,
> but I can't recall *ever* hearing of @innonews and a quick reference
> shows that they have 61 followers, one might consider them to be
> leveraging "trolling" to generate traffic.
>
> Thirdly, people will stop taking you seriously if you can't take
> yourself seriously enough to ignore criticism and learn only from
> critiques. A critique is where someone looks at your work and offers
> nuanced suggestions as to what you might do differently, critics
> themselves are often simply self-aggrandizing. Most of what I have read
> in the media criticizing Cryptocat has been just that, criticism and
> self-aggrandizement.
>
> It was great to meet in person, and I look forward to seeing what you
> come up with. I for one am quite excited and inspired by your efforts,
> and look forward to what you come up with next.
>
> Brian
>
>
> On Tue, Sep 11, 2012 at 12:53 PM, Nadim Kobeissi <nadim at nadim.cc
> <mailto:nadim at nadim.cc>> wrote:
>
> Thanks, Frank. I hope I'll never be in the position where I have to
> resort to your blog in order to make my case to a wider audience.
>
> NK
>
> On 9/11/2012 3:51 PM, frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net> wrote:
> > I do not pretend to know something about security technology.
> > I do know something about journalists and human rights defenders
> at risk.
> >
> > What is needed is a constructive dialogue between our two communities.
> > In that regard it is unfortunate that you have declined CPJ's offer to
> > write your own piece for CPJ in response to, or notwithstanding
> mine. It
> > would give you the opportunity to make your case to a much wider
> > audience. The issues are much bigger and more important than
> either of us.
> >
> > Frank Smyth
> > Executive Director
> > Global Journalist Security
> > frank at journalistsecurity.net <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > Tel. + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
> > Cell + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
> > Twitter: @JournoSecurity
> > Website: www.journalistsecurity.net
> <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
> > PGP Public Key
> <http://www.journalistsecurity.net/franks-pgp-public-key>
> >
> >
> > Please consider our Earth before printing this email.
> >
> > Confidentiality Notice: This email and any files transmitted with
> it are
> > confidential. If you have received this email in error, please notify
> > the sender and delete this message and any copies. If you are not the
> > intended recipient, you are notified that disclosing, copying,
> > distributing or taking any action in reliance on the contents of this
> > information is strictly prohibited.
> >
> >
> >
> > -------- Original Message --------
> > Subject: Re: [liberationtech] My CPJ blog: Lessons from the
> Cryptocat
> > debate
> > From: Nadim Kobeissi <nadim at nadim.cc <mailto:nadim at nadim.cc
> <mailto:nadim at nadim.cc>>>
> > Date: Tue, September 11, 2012 3:39 pm
> > To: liberationtech <liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>>>
> >
> >
> > I don't have time for a wall of text. Long story short: if
> @ionnonews
> > "misinterpreted" your article, it's because your article is
> horribly
> > open to misinterpretation. I interpreted your article
> similarly to them
> > and am sure most people did.
> >
> > I'm so sick of having to deal with horrible coverage of my
> work. First
> > Wired, then Wired (again,) then this. Really, the most
> sensible person
> > has been Chris Soghoian, even though he's been harsh. At least
> he checks
> > his facts, is constructive and isn't just a pretentious nobody
> > pretending to know something about security.
> >
> > NK
> >
> > On 9/11/2012 3:07 PM, frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>> wrote:
> > > Nadim,
> > >
> > > I read about the browser plug-in being added nearly two
> months, as you
> > > state, in Forbes on July 30.
> > >
> http://www.forbes.com/sites/jonmatonis/2012/07/30/cryptocat-increases-security-in-move-away-from-javascript-encryption/
> >
> > > Yet it was a month and six weeks later, respectively, when
> Chris and
> > > Patrick each wrote their critiques in response to the first
> Wired
> > > piece. I also read your exchange with Patrick some weeks
> ago, and I have
> > > spoken to Patrick, albeit before he wrote his piece in Wired.
> > >
> > > What I have not read here or elsewhere is anything
> indicating that there
> > > is now a consensus that Crypocat has been fixed. (And that
> is essential
> > > for me and CPJ, as I explain below.) Instead I reflected
> what I think is
> > > accurate; that you are others are still working to make sure
> it is
> > > secure. I think most readers would conclude that I have
> faith that it is
> > > being secured. And this is quite different from what @innonews
> > > erroneously tweeted that I and CPJ said that Cryptocat is
> unsafe.
> > >
> > > If anything, Nadim, I was responding to Patrick for ending
> his article
> > > and seemingly the conversation by saying that PGP and
> Pidgin/OTR are
> > > harder to user but they are really secure. My point (Patrick
> and I have
> > > been having this discussion for over a decade) is that these
> tools'
> > > relative lack of usability still keeps them out of the reach
> of people
> > > who really do need to use them. And my point in the piece is
> that
> > > everyone who cares about human rights should care more about
> usability.
> > >
> > > I also gave you credit here, and I think, in the piece, for
> finally
> > > making a tool that really achieves usability.
> > >
> > > Please know, too, none of this is abstract for me. In May,
> as I told you
> > > a few weeks later at Google, I trained a group of investigative
> > > journalists in El Salvador and from Peru in May in how to
> use Cryptocat,
> > > as I was convinced it was safe. (Also telling them no one
> tool is ever
> > > completely safe.) After Chris' piece, I found myself
> unexpectedly
> > > telling the same journalists that Cryptocat had
> vulnerabilities that I,
> > > for one, as a non-technologist, was not aware of before. I
> sent them
> > > Chris' piece, and told them that, if they wish to continue using
> > > Cryptocat, they should do so with caution.
> > >
> > > For me, and for CPJ, the decision to recommend a tool is a
> weighty one.
> > > It would be irresponsible to recommend a tool to journalists
> unless
> > > there is a clear consensus within this community that the
> tool is safe.
> > > I thought there was a consensus before. I then learned that
> there was
> > > not one. And then I wrote what I think is accurate; there is
> now a
> > > consensus that whatever vulnerabilities Cryptocat did have
> before are
> > > now in the process of being fixed.
> > >
> > > To be clear where we disagree. I did not say that CPJ is now
> verifying
> > > Cryptocat is fixed and safe to use. As a non-technologist
> that would
> > > never be role.
> > >
> > > I realize that you see the piece as an attack on Crypocat.
> It was not
> > > meant to be and I do not think most readers, who are not
> technologists,
> > > of CPJ's blog will see it that way, either. It was meant as
> a call for
> > > more usability, using Cryptocat, in fact, as a model.
> > >
> > > Frank
> > >
> > > Frank Smyth
> > > Executive Director
> > > Global Journalist Security
> > > frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>>
> > > Tel. + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
> > > Cell + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
> > > Twitter: @JournoSecurity
> > > Website: www.journalistsecurity.net
> <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
> > <http://www.journalistsecurity.net>
> > > PGP Public Key
> <http://www.journalistsecurity.net/franks-pgp-public-key>
> > >
> > >
> > > Please consider our Earth before printing this email.
> > >
> > > Confidentiality Notice: This email and any files transmitted
> with it are
> > > confidential. If you have received this email in error,
> please notify
> > > the sender and delete this message and any copies. If you
> are not the
> > > intended recipient, you are notified that disclosing, copying,
> > > distributing or taking any action in reliance on the
> contents of this
> > > information is strictly prohibited.
> > >
> > >
> > >
> > > -------- Original Message --------
> > > Subject: Re: [liberationtech] My CPJ blog: Lessons from
> the Cryptocat
> > > debate
> > > From: Nadim Kobeissi <nadim at nadim.cc
> <http://nadim@nadim.cc> ><mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>
> > <http://nadim@nadim.cc>>>
> > > Date: Tue, September 11, 2012 1:34 pm
> > > To: liberationtech <liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>>
> > > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <http://mailto:liberationtech@lists.stanford.edu>>>
> > >
> > >
> > > Frank,
> > > Please, tell me more about how your allusion at the end
> of your post
> > > absolves you of the culpability of fact-checking!
> > >
> > > Furthermore, I have confirmed with Chris concerning the
> browser plugin
> > > issue when I met him last week in D.C., while Patrick
> Ball and I had an
> > > exchange that was posted on libtech weeks ago under the
> > > migraine-inducing "What I learned from Cryptocat" thread.
> > >
> > > Did you even ask Chris or Patrick about the browser
> plugin platform?
> > > I'll eat a shoe if you did. I've been working for weeks
> on this and it's
> > > people like you who just make me feel like all my effort
> is completely
> > > worthless.
> > >
> > > NK
> > >
> > > On 9/11/2012 1:24 PM, frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>> wrote:
> > > > Nadim,
> > > >
> > > > Toward the end of the piece, I said: some critics are
> now working with
> > > > Kobeissi to help clean up and secureCryptocat.
> > > >
> > > > What you are saying is that Cryptocat is now a
> browser-plugin only
> > > > application, and that therefore, if I understand your
> point, the
> > > > vulnerabilities alluded to by Chris and now Patrick
> are now all fixed.
> > > >
> > > > Are they? If they are, I have not yet read
> confirmation that they are
> > > > from others in this community. I'd welcome any input here.
> > > >
> > > > And, Nadim, I have and continue to support you for
> finally building a
> > > > truly user-friendly tool. We need tools that are both
> secure and
> > > > easier-to-use, and that was the point of the piece.
> > > >
> > > > Frank
> > > >
> > > >
> > > >
> > > > Frank Smyth
> > > > Executive Director
> > > > Global Journalist Security
> > > > frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>>
> > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>>
> > > > Tel. + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
> > > > Cell + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
> > > > Twitter: @JournoSecurity
> > > > Website: www.journalistsecurity.net
> <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
> > <http://www.journalistsecurity.net>
> > > <http://www.journalistsecurity.net>
> > > > PGP Public Key
> <http://www.journalistsecurity.net/franks-pgp-public-key>
> > > >
> > > >
> > > > Please consider our Earth before printing this email.
> > > >
> > > > Confidentiality Notice: This email and any files
> transmitted with it are
> > > > confidential. If you have received this email in
> error, please notify
> > > > the sender and delete this message and any copies. If
> you are not the
> > > > intended recipient, you are notified that disclosing,
> copying,
> > > > distributing or taking any action in reliance on the
> contents of this
> > > > information is strictly prohibited.
> > > >
> > > >
> > > >
> > > > -------- Original Message --------
> > > > Subject: Re: [liberationtech] My CPJ blog: Lessons
> from the Cryptocat
> > > > debate
> > > > From: Nadim Kobeissi <nadim at nadim.cc
> <http://nadim@nadim.cc> ><http://nadim@nadim.cc
> > <http://nadim@nadim.cc>> ><mailto:nadim at nadim.cc
> <mailto:nadim at nadim.cc> <http://nadim@nadim.cc>
> > > <http://nadim@nadim.cc <http://nadim@nadim.cc>>>>
> > > > Date: Tue, September 11, 2012 1:14 pm
> > > > To: liberationtech
> <liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>>
> > > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <http://mailto:liberationtech@lists.stanford.edu>>
> > > > <mailto:liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> > <http://mailto:liberationtech@lists.stanford.edu>
> > > <http://mailto:liberationtech@lists.stanford.edu
> > <http://mailto:liberationtech@lists.stanford.edu>>>>
> > > >
> > > >
> > > > I can't even-
> > > >
> > > > Frank sent me this article about 15 minutes ago
> and I answered with the
> > > > notion that Cryptocat has been a browser-plugin
> only app for more than a
> > > > month, and that his article is just incredibly
> ignorant and frustrating
> > > > as a result of it ignoring that.
> > > >
> > > > Relevant links:
> > > >
> https://blog.crypto.cat/2012/08/moving-to-a-browser-app-model/
> > > >
> https://blog.crypto.cat/2012/09/cryptocat-2-demo-video-posted/
> > > >
> > > > Excuse me while I now go waterboard myself,
> > > > NK
> > > >
> > > > On 9/11/2012 1:07 PM, frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>>
> > > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>> wrote:
> > > > > Hi everybody,
> > > > >
> > > > > Below is my CPJ blog on the Cryptocat debate. It
> makes some of the same
> > > > > points that I already made here a few weeks ago.
> And please know that my
> > > > > intent is to help work toward a solution in
> terms of bridging invention
> > > > > and usability. I know there are different views,
> and I have already
> > > > > heard some. Please feel free to respond. (If you
> wish you may wish to
> > > > > copy me at frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>>
> > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>>
> > > > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>
> > > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>>> to avoid me
> missing
> > > > your note
> > > > > among others.)
> > > > >
> > > > > Thank you! Best, Frank
> > > > >
> > > > >
> http://www.cpj.org/security/2012/09/in-cryptocat-lessons-for-technologists-and-journal.php
> > > >
> > > > >
> > > > >
> > > > > *In Cryptocat, lessons for technologists and
> journalists*
> > > > >
> > > > > By Frank Smyth/Senior Adviser for Journalist
> Security
> > > > > <http://www.cpj.org/blog/author/frank-smyth>
> > > > > /Alhamdulillah! /Finally, a technologist
> designed a security tool that
> > > > > everyone could use. A Lebanese-born,
> Montreal-based computer scientist,
> > > > > college student, and activist named Nadim
> Kobeissi had developed a
> > > > > cryptography tool, Cryptocat
> <https://crypto.cat/>, for the Internet
> > > > > that seemed as easy to use as Facebook Chat but
> was presumably far more
> > > > > secure.
> > > > > Encrypted communications are hardly a new idea.
> Technologists wary of
> > > > > government surveillance have been designing free
> encryption software
> > > > > since the early 1990s
> <http://www.pgpi.org/doc/overview/>. Of course, no
> > > > > tool is completely safe, and much depends on the
> capabilities of the
> > > > > eavesdropper. But for decades digital safety
> tools have been so hard to
> > > > > use that few human rights defenders and even
> fewer journalists (my best
> > > > > guess is one in a 100) employ them.
> > > > > Activist technologists often complain that
> journalists and human rights
> > > > > defenders are either too lazy or foolish to not
> consistently use digital
> > > > > safety tools when they are operating in hostile
> environments.
> > > > > Journalists and many human rights activists, for
> their part, complain
> > > > > that digital safety tools are too difficult or
> time-consuming to
> > > > > operate, and, even if one tried to learn them,
> they often don't work as
> > > > > expected.
> > > > > Cryptocat promised
> > > > >
> <http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all>
> > > > > to finally bridge these two distinct cultures.
> Kobeissi was profiled
> > > > >
> <http://www.nytimes.com/2012/04/18/nyregion/nadim-kobeissi-creator-of-a-secure-chat-program-has-freedom-in-mind.html>
> > > > > in /The New York Times/; /Forbes/
> > > > >
> <http://www.forbes.com/sites/jonmatonis/2012/07/19/5-essential-privacy-tools-for-the-next-crypto-war/>
> > > > > and especially /Wired/
> > > > >
> <http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all>
> > > > > each praised the tool. But Cryptocat's sheen
> faded fast. Within three
> > > > > months of winning a prize associated with /The
> Wall Street Journal/
> > > > > <http://datatransparency.wsj.com/>, Cryptocat
> ended up like a cat caught
> > > > > in storm--wet, dirty, and a little worse for
> wear. Analyst Christopher
> > > > > Soghoian--who wrote a /Times/ op-ed last fall
> > > > >
> <http://www.nytimes.com/2011/10/27/opinion/without-computer-security-sources-secrets-arent-safe-with-journalists.html>
> > > > > saying that journalists must learn digital
> safety skills to protect
> > > > > sources--blogged that Cryptocat had far too many
> structural flaws
> > > > >
> <http://paranoia.dubfire.net/2012/07/tech-journalists-stop-hyping-unproven.html?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=AroundWeb>
> > > > > for safe use in a repressive environment.
> > > > > An expert writing in /Wired/ agreed. Responding
> to another /Wired/ piece
> > > > > just weeks before, Patrick Ball said the prior
> author's admiration of
> > > > > Cryptocat was "inaccurate, misleading
> andpotentially dangerous
> > > > >
> <http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/2/>."
> > > > > Ball is one of the Silicon Valley-based
> nonprofit Benetech
> > > > > <http://www.benetech.org/> developers ofMartus
> > > > >
> <http://www.benetech.org/human_rights/martus.shtml>, an encrypted
> > > > > database used by groups to secure information
> like witness testimony of
> > > > > human rights abuses.
> > > > > But unlike Martus, which uses its own software,
> Cryptocat is a
> > > > > "host-based security" application that relies on
> servers to log in to
> > > > > its software. And this kind of application makes
> Cryptocat potentially
> > > > > vulnerable
> > > > >
> <http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/>
> > > > > to manipulation through theft of login
> information--as everyone,
> > > > > including Kobeissi, now seems to agree.
> > > > > So we are back to where we started, to a degree.
> Other, older digital
> > > > > safety tools are "a little harder to use, but
> their security is real,"
> > > > > Ball added in /Wired/. Yet, in the real world,
> fromMexico
> > > > >
> <http://www.cpj.org/blog/2011/09/mexican-murder-may-mark-grim-watershed-for-social.php>
> > > > > to Ethiopia
> > > > >
> <http://www.cpj.org/2012/07/ethiopia-sentences-eskinder-six-others-on-terror-c.php>,
> > > > > from Syria
> > > > >
> <http://www.cpj.org/security/2012/05/dont-get-your-sources-in-syria-killed.php>
> > > > > to Bahrain
> > > > >
> <http://www.cpj.org/2012/09/bahrain-should-scrap-life-sentence-of-blogger-alsi.php>,
> > > > > how many human rights activists, journalists,
> and others actually use
> > > > > them? "The tools are just too hard to learn.
> They take too long to
> > > > > learn. And no one's going to learn them," a
> journalist for a major U.S.
> > > > > news organization recently told me.
> > > > > Who will help bridge the gap?
> Information-freedom technologists clearly
> > > > > don't build free, open-source tools to get rich.
> They're motivated by
> > > > > the recognition one gets from building an
> exciting, important new tool.
> > > > > (Kind of like journalists breaking a story.)
> Training people in the use
> > > > > of security tools or making those tools easier
> to use doesn't bring the
> > > > > same sort of credit.
> > > > > Or financial support. Donors--in good part, U.S.
> government agencies
> > > > >
> <http://www.fas.org/sgp/crs/row/R41120.pdf>--tend to back the
> > > > > development of new tools rather than ongoing
> usability training and
> > > > > development. But in doing so, technologists and
> donors are avoiding a
> > > > > crucial question: Why aren't more people using
> security tools? These
> > > > > days--20 years into what we now know as the
> Internet--usability testing
> > > > > is key to every successful commercial online
> venture. Yet it is rarely
> > > > > practiced in the Internet freedom community.
> > > > > That may be changing. The anti-censorship
> circumvention tool Tor has
> > > > > grown progressively easier to use, and donors
> and technologists are now
> > > > > working to make it easier and faster still.
> Other tools, like Pretty
> > > > > Good Privacy <http://www.pgpi.org/> or its
> slightly improved German
> > > > > alternative <http://www.gnupg.org/>, still seem
> needlessly difficult to
> > > > > operate. Partly because the emphasis is on open
> technology built by
> > > > > volunteers, users are rarely if ever redirected
> how to get back on track
> > > > > if they make a mistake or reach a dead end. This
> would be nearly
> > > > > inconceivable today with any commercial
> application designed to help
> > > > > users purchase a service or product.
> > > > > Which brings us back to Cryptocat, the
> ever-so-easy tool that was not as
> > > > > secure as it was once thought to be. For a time,
> the online debate among
> > > > > technologists degenerated into thekind of vitriol
> > > > >
> <http://www.wired.com/threatlevel/2012/08/security-researchers/all/> one
> > > > > might expect to hear among, say, U.S.
> presidential campaigns. But wounds
> > > > > have since healed and some critics are now
> working with Kobeissi to help
> > > > > clean up and secure Cryptocat.
> > > > > Life and death, prison and torture remain real
> outcomes
> > > > >
> <http://www.cpj.org/reports/2011/12/journalist-imprisonments-jump-worldwide-and-iran-i.php>
> > > > > for many users, and, as Ball noted in/Wired/,
> there are no security
> > > > > shortcuts in hostile environments. But if tools
> remain too difficult for
> > > > > people to use in real-life circumstances in
> which they are under duress,
> > > > > then that is a security problem in itself.
> > > > > The lesson of Cryptocat is that more learning
> and collaboration are
> > > > > needed. Donors, journalists, and technologists
> can work together more
> > > > > closely to bridge the gap between invention and use.
> > > > > Frank Smyth is CPJ's senior adviser for
> journalist security. He has
> > > > > reported on armed conflicts, organized crime,
> and human rights from
> > > > > nations including El Salvador, Guatemala,
> Colombia, Cuba, Rwanda,
> > > > > Uganda, Eritrea, Ethiopia, Sudan, Jordan, and
> Iraq. Follow him on
> > > > > Twitter @JournoSecurity
> <https://twitter.com/#!/JournoSecurity>.
> > > > >
> > > > >
> > > > > *Tags:*
> > > > >
> > > > > * Cryptocat <http://www.cpj.org/tags/cryptocat>,
> > > > > * Hacked <http://www.cpj.org/tags/hacked>,
> > > > > * Internet <http://www.cpj.org/tags/internet>,
> > > > > * Martus <http://www.cpj.org/tags/martus>,
> > > > > * Nadim Kobeissi
> <http://www.cpj.org/tags/nadim-kobeissi>,
> > > > > * Patrick Ball
> <http://www.cpj.org/tags/patrick-ball>,
> > > > > * Pretty Good Privacy
> <http://www.cpj.org/tags/pretty-good-privacy>,
> > > > > * Tor <http://www.cpj.org/tags/tor>
> > > > >
> > > > > September 11, 2012 12:12 PM ET
> > > > >
> > > > > Frank Smyth
> > > > > Executive Director
> > > > > Global Journalist Security
> > > > > frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>>
> > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>>
> > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>>
> > > > <mailto:frank at journalistsecurity.net
> <mailto:frank at journalistsecurity.net>
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>
> > > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>
> > > <http://mailto:frank@journalistsecurity.net
> > <http://mailto:frank@journalistsecurity.net>>>>
> > > > > Tel. + 1 202 244 0717
> <tel:%2B%201%20202%20244%200717>
> > > > > Cell + 1 202 352 1736
> <tel:%2B%201%20202%20352%201736>
> > > > > Twitter: @JournoSecurity
> > > > > Website: www.journalistsecurity.net
> <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
> > <http://www.journalistsecurity.net>
> > > <http://www.journalistsecurity.net>
> > > > <http://www.journalistsecurity.net>
> > > > > PGP Public Key
> <http://www.journalistsecurity.net/franks-pgp-public-key>
> > > > >
> > > > >
> > > > > Please consider our Earth before printing this
> email.
> > > > >
> > > > > Confidentiality Notice: This email and any files
> transmitted with it are
> > > > > confidential. If you have received this email in
> error, please notify
> > > > > the sender and delete this message and any
> copies. If you are not the
> > > > > intended recipient, you are notified that
> disclosing, copying,
> > > > > distributing or taking any action in reliance on
> the contents of this
> > > > > information is strictly prohibited.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Unsubscribe, change to digest, or change
> password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > > > >
> > > > --
> > > > Unsubscribe, change to digest, or change password at:
> > > >
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > > >
> > > >
> > > >
> > > > --
> > > > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > > >
> > > --
> > > Unsubscribe, change to digest, or change password at:
> > > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > >
> > >
> > >
> > > --
> > > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > >
> > --
> > Unsubscribe, change to digest, or change password at:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> --
>
>
>
> Brian Conley
>
> Director, Small World News
>
> http://smallworldnews.tv <http://smallworldnews.tv/>
>
> m: 646.285.2046
>
> Skype: brianjoelconley
>
> public
> key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCEEF938A1DBDD587 <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0>
>
>
>
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
More information about the liberationtech
mailing list