[liberationtech] DecryptoCat

Jonathan Wilkes jancsika at yahoo.com
Tue Jul 9 22:37:23 PDT 2013 

On 07/09/2013 02:33 PM, Jacob Appelbaum wrote:
> Jonathan Wilkes:
>> On 07/09/2013 10:29 AM, Jacob Appelbaum wrote:
>>> Patrick Mylund Nielsen:
>>>> On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl <eugen at leitl.org> wrote:
>>>>
>>>>> On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote:
>>>>>> If it's so easy, go ahead and produce a more secure alternative that
>>>>> people
>>>>>
>>>>> You mean something like http://dee.su/ ?
>>>>>
>>>>> And http://dee.su/cables ?
>>>>>
>>>>>
>>>> No, I mean an alternative to Cryptocat (i.e. an OTR client with
>>>> multiparty
>>>> communication) that is more secure, and as easy to use.
>>>>
>>> While Cryptocat has OTR - the multi-party communication is not the OTR
>>> protocol.
>>>
>>> Cables is as easy to use as email. Generally it is used with an email
>>> client.
>> Email for someone that doesn't already have it:
>> 1. Turn on _any_ computer.
>> 2. Load up _any_ OS.

Here I went overboard-- of course there are all kinds of computers and 
OSes that don't run modern browsers.  I'm just thinking of the most 
common modern devices, like what someone brings into a coffee house or 
uses on public transit to send and receive messages.

>> 3. Run _any_ browser.
>> 4. Go to www.gmail.com.
>> 5. Sign up.
>> 6. Send a message to bob at wherever.com, whose email address you recall
>> from memory.
>>
> You are hilariously oversimplifying the problem.

No, it's just that signing up for Gmail for people who are ignorant 
about the consequences to society of communicating insecurely over the 
internet is frighteningly simple.  If you walk into a coffee house and 
look at the setup people have on their smartphones, tablets, and 
laptops, it's probably some form of leaving messages on a centralized 
service and accessing through a client or smartphone app; that way they 
don't have to worry about syncing, and setting up a new device is as 
easy as entering a human readable login and a password into an app and 
voila.  Very few of those devices even have a usb connection and are 
locked down to the point where you couldn't even boot into a secure 
GNU/Linux distribution if you wanted to, so Cables is a nonstarter.

I'm not proposing Gmail as a solution to "the problem"-- I'm saying your 
statement that using Cables is as easy as using email-- even on a 
machine where it's easy to install-- is not accurate.  At the very least 
your statement ignores the problem of human unreadable addresses and 
only applies to uses of email where the messages reside on a single 
machine of the user that isn't accessible easily from other devices.  
That isn't the most usable form of sending messages insecurely so it 
isn't fair to compare it to the most usable form of sending messages 
securely.  Put another way: the easiest way of using email is less of a 
hassle than the easiest way of using Cables.  I think it's important to 
state that clearly, as well as say that using Cables is as easy as using 
encrypted email (in which case Cables would be superior as it has lots 
of features which sending end-to-end encrypted messages over a 
centralized email service would not).

As far as "the problem": yes, my use of a centralized service is a 
problem and I'd like to rectify it.

>   How did you find
> bob at wherever.com's address exactly? And while many people use email with
> a web browser, surely you don't suggest that people don't use heavy
> email clients (gmail app, thunderbird, outlook, applemail, claws, etc)?
>
>> What are the steps for sending Bob a message using Cables?
>>
>> This isn't rhetorical, I'd actually like to know what the steps are.
> Roughly I think this is correct:
>
> 0. Download https://www.dee.su/liberte
> 1. Boot any modern computer with the usb disk inserted
> 2. launch Claws email client
> 3) write message to bob's cable address and press send

Thanks, I'll try out that setup.

-Jonathan

>
> If you have a supported platform, you can skip 0-2 and replace it with
> 'install cables' - as one might install a modern browser.
>
> If you're going to say that using Gmail easily happens in any browser on
> any OS, I guess I'd tend to disagree.
>
> If we add "securely" into the picture, I guess I'd just laugh and laugh
> and laugh. Sadly. It is really a bummer that PRISM exists and that
> Google appears to be under the boot of that system. Though accessing
> Gmail with Chrome is clearly better than any other choice!
>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

More information about the liberationtech mailing list