[liberationtech] Chromebooks for Risky Situations?

[Brian Conley]

>
>
> I actually think that we all pass the buck. It is part of the current
> discourse - perhaps the only person that doesn't pass the buck is Micah.
> He's like some kind of Gnu/Saint, really.
>

I guess I'm not really sure I follow. I don't know Micah and wouldn't
endeavor to suggest he may or may not "pass the buck."

I don't think its passing the buck if you observe the tools being used in
the environment, compare them with the threat model, and do your best to
advise them how to properly counter the threat with what they have. OF
course you also have to be willing to say "i don't have the knowledge to
counter your threat, it seems you'd be better of with X,Y,Z and I'd suggest
you talk to ___."

I tend not to "train from a box" because I don't feel its appropriate. This
has gotten me in trouble with a number of bigger development agencies, who
are unwilling to provide additional background research on their trainees
needs, in order to provide a truly relevant training.


> >
> > My point is that if knowledgeable individuals are not willing to spend
> the
> > time to assist less knowledgeable people to get the first leg up in the
> > much-less-than-obvious world of FOSS/FLOSS/Whatever, then they are just
> as
> > responsible for security risks and endangerment as people who ignorantly
> > recommend windows, mac, etc because as you put it "When we encourage
> people
> > to say, buy a Macbook or a Chromebook because we're happy to support it
> > over say, Windows, we're making things worse."
>
> I disagree. The packaging system alone for most systems encourages a
> safe way to install nearly all software. Thanks to the nearly impossible
> UX choices, we don't see a lot of accidental malware on GNU/Linux
> systems. I wish I was kidding but this is actually an improvement over
> say, Windows or Mac OS X software packages that promote downloading
> anything and everything insecurely, running it and then updating willy
> nilly over the same insecure channels.
>

Its sounds like you're saying that if someone isn't willing to assist
users/trainees to understand how to administer their computers safely and
securely, that person should recommend GNU/Linux because its fairly safe
out of the box.

In my work, I find its quite difficult to recommend Linux, as I noted
previously, because its not what users are dealing with already, and they
have need for some pretty serious multimedia capabilities and
interoperability with other's work. As far as I understand, this is still
not really available on Linux.

Because of this, I would *never* tell someone just to use X and pass the
buck. I do my best to inform them about a variety of issues. You'll
remember I noted on this list last year that Frontline Defenders and
Tactical Tech fail to clearly denote the limits on TrueCrypt's hidden
containers vis a vis journaling file systems.

Additionally, I think you may be mistaken in some environments regarding
the "updating willy nilly" issue. As far as I've experienced in Iraq,
Afghanistan, and several other developing economies/emerging
democracies/whatever, most Windows machines are still running IE 6,
apparently because the "auto update" feature was disabled by the machine's
vendor, in order to prevent updates from locking down the machine's pirated
operating system. In this case, I'm not sure how they'd get accidental
malware, because "willy nilly" updates have been disabled. I believe more
"accidental malware" occurs because of poor digital hygiene.

>
> > Again, just as I still haven't heard a strong argument why google hangout
> > is "as bad" or "worse" than Skype, I don't yet see good arguments why
> > Chromebook is such a bad option for "many" use cases. In fact, I don't
> see
> > why a lot of mobile devices that are wifi only might be such bad options.
> > However, don't worry, I won't be advocating for you to use a windows
> mobile
> > or apple tablet anytime soon.
> >
>
> This is the wrong framing entirely. Allow me to re-frame it: I haven't
> heard a strong argument as to why Google or Skype is safe at all.
>
> Thus, I'll conclude that neither are very safe for anything at all,
> though they may thwart some people with little time on their hands.
>
>
Sure, and this is great for your level of knowledge, time, and wilingness
to adapt. This is an issue we disagree about, and probably will continue.

Many users use Skype, they use skype because it is ubiquitous despite
knowing the threats or not. I don't believe the best solution to this
problem is to say "hey why don't you use Google hangout, its awesome!"

However, as we know, users are often hesitant to use less broadly adopted
tools, no matter how many times we suggest jitsi, csipsimple, redphone,
pidgin, etc. (and in some places some of these tools are illegal! see:
Indian policy on encrypted telephone commuications, for example using
TextSecure would be a violation of Indian anti-terrorism law). In this
case, I think we have a responsibility to at least push users to marginally
better solutions. This standard public health practice.

Let me lay out the reasons I believe Google Hangout is marginally better:

1. Tom-Skype problem. Until now, there is no reported fake/rogue Google
Hangout, there is no tom-hangout, for example. The implementation of google
hangout seems to ensure that users are generally using the real google
hangout. Of course this means you have to trust Google, which is why I have
repeatedly said I would never advise someone who's enemy is the US
government or an ally of the US government to depend on Google.

2. Malware distribution problem. An enemy cannot masquerade as me and
convince a friend or colleague to download malware, because google hangout
is not setup for direct file sharing.

Do I trust Google not to share my information, ever? No, of course not. But
do I trust Google not to share my information with the chinese government?
I certainly trust them more than I trust Skype or Yahoo, or a number of
others.

<snip>

> >
> >>
> >> He is also talking about how the threats to a user might include Google
> >> itself (eg: my legal cases!) or perhaps even the network you're using
> >> (hint: ChromeOS has no way to protect you against such an attacker, so
> >> no, it isn't safe to use everywhere or perhaps anywhere depending on
> >> your trust of the local network).
> >>
> >
> > Again, depending on your threat model. Who said "everywhere" or "anywhere
> > for everyone?"
> >
>
> I don't agree at all. I see that there is a larger context here where
> even non-activists have to deal with transitive risks. That is to say -
> my friend doesn't have the same security concerns or politics as I do
> but they still shouldn't bareback with the internet as we're connected.
> The local network is a huge threat and a personal threat model might be
> non-existent, I find that to be irrelevant when we speak of society as a
> whole, or even of a small group of activists.
>

I'm not sure I follow. It seems like you're saying we have two options:

1. tell everyone to use existing FLOSS software/hardware

2. do #1 and pressure other corporations to open their code.

I agree with both of those points. If there's a larger point I'm missing,
I'd be happy to hear it. I'm not sure I follow how it affects you if I'm
using a chromebook on the same network you are on.

Again, I don't know whether I'd recommend a chromebook. I probably wouldn't
because they aren't widely available. I find that "strange hardware" is
more of a threat or alarm than "dangerous hardware."


>
> >
> >>
> >>> It seems like you are being needlessly confrontational or outright
> >> ignoring
> >>> the quite reasonable counter arguments to various linux
> >> OSes,Ubuntu/gentoo/
> >>> etc etc being made here.
> >>
> >> Most of arguments I've heard here boil down to privileged wealthy people
> >> complaining that learning and mutual aid or solidarity is simply too
> >> hard. The worst is when people who train people in risky situations make
> >> those kinds of statements.
> >>
> >
> > LOL. I'm, frankly, quite offended if you are indeed suggesting that I am
> > making those statements.
> >
>
> I'm sorry if you feel offended by what I've said. I feel quite strongly
> that the people doing trainings are the ones who should set the positive
> example. Or at least, if they set a negative example, they should do so
> with open eyes in a declarative manner. I don't really see that
> happening in this thread.
>

I hope I've clarified some of this. I endeavor to advise individuals about
the threats served by their current habits, and advise on the best
options/tools for surmounting them.

Until now I've never advised someone to use Google Hangout as a
secure/safer alternative to Skype. I always advise them to use open source
solutions, such as the various tools mentioned above. I think its
interesting to consider the possibility, for the reasons laid out, that
google hangout may be a better last ditch push, or an acceptable middle
ground if *I* must interact with a user in a threatened environment.


>
> > Also, remember that I'm currently involved in developing what is probably
> > the first FOSS(FLOSS?) tool for mobile multimedia reporting that is built
> > on secure-by-design principles.
>
> I support your efforts, just as I support OpenWatch. That doesn't change
> that corporate controlled laptops include a bunch of trade-offs that are
> hard for people to understand.
>

Sure, but I think the point is, in *some* cases these trade-offs may be
*acceptable.* ALSO, we should ALWAYS endeavor to inform users what the
trade-offs are in ANY tools we advise them to use.

Also we don't disagree about this.


>
> >
> > Why? because traveling to various risky places and training people in
> > person will never ever scale, and is in fact potentially dangerous for
> the
> > trainees. Instead we're developing a tool to help them learn on their own
> > and at a distance, and that will give them relevant pointers on-the-job,
> > oh, and publishes to the YouTube API with resumable upload over Tor. So
> > yeah, we are thinking about this stuff from a user-first perspective and
> > not a "privileged wealthy people" perspective.
> >
>
> I applaud you for this work and I can't wait to use it myself. I do hope
> it is obvious that Android phones are actually a sign of wealth though.
>

Thanks, but perhaps less a sign of wealth than a laptop or desktop running
Linux, no? Also the Linux computer depends on regular access to electricity
which in many places is probably a higher sign of wealth than a lower-end
smartphone.

Also, in my work, I tend to interact with individuals on the wealthier end
of the local community. Journalists and media activists tend to have
greater wealth and privilege (though surely not always). And of course,
android devices are dropping in price and rising in accessibility all the
time.

Lastly I should note the work wouldn't be possible without the great folks
at Guardian Project, and the support and advice of Free Press Unlimited and
Radio Free Asia.



> > What even counts as wealthy? should we get into class and privilege
> debates
> > here? That seems like something no one ever ever wins.
> >
>
> In my view for this discussion, wealth and privilege boil down to
> autonomy - we get to choose between a chromebook, a thinkpad, a macbook,
> etc. If we're making that choice, we should make a choice where the
> hardware and the software really respects the freedoms that a user
> wants, needs and without such respect, it will otherwise harm them.
>

OK, I can certainly accept that, and happy to note my own failure in that
realm thus far. (I use a couple year old refurbished Macbook)


>
> While in Burma recently, I met a man who was sentenced to fifteen years
> in prison for receiving an email with a political cartoon. He served
> four years (!) hard labor before being released. The State took him,
> forced him to give up his gmail password and then charged him under
> their anti-hacking laws.
>

I guess you could get a similar sentence in the UK these days, for not
dissimilar actions. (perhaps without the "hard labor" but certainly several
years, no?)


>
> So, what is privilege? In this context, it is the notion that there is a
> threat model where nothing will harm you, as you are afforded some kind
> of innocence. I mean, it took me some time to really wrap my head around
> his case; in the end, he believes the government itself sent the email
> to set him up! So, imagine saying, "oh yeah, that is out of scope for my
> threat model" to someone like him?
>

This sounds pretty standard to me for southeast asia, or at least, quite
similar to my own experience with the authorities in China.

Also, I don't think its ever about *my* threat model, its about the
user/trainee/local's threat model, and helping them adapt an appropriate
understanding of the threat.


>
> >
> >>
> >> It's frankly, really and seriously embarrassing.
> >>
> >
> > Yep, it would be seriously embarassing if it was accurate or relevant,
> > luckily for us all, its not!
>
> We probably disagree. I thought we were debating the merits of a
> chromebook for a risky situation, something that I find well,
> questionable at the time and certainly questionable in how we're
> evaluating the so-called risk.
>

Sure, I guess I forked the discussion in my mind to being more about
whether Linux/FLOSS operating systems or softwares are always better. I
don't believe they are, which is probably obvious.

I believe they should be, and could be in the future.

I'm really excited to find out whether the work we've been doing on android
with FFMPEG, etc can be used by Linux developers as well to dramatically
improve video editing software as well. we will see!


>
> All the best,
>

You too.

Brian


> Jake
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 



Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130209/68ec58c7/attachment.html>