Hi Libtech, Moxie Marlinspike <moxie@thoughtcrime.org> wrote:
However, my position is that Google Chat is currently more secure than CryptoCat. To be more specific, if I were recommending a chat tool for activists to use, *particularly* outside of the United States, I would absolutely recommend that they use Google Chat instead of CryptoCat. Just as I would recommend that they use GMail instead HushMail.
The security of CryptoCat v1 is reducible to the security of SSL, as well as to the security of the server infrastructure serving the page. Any attacker who can intercept SSL traffic can intercept a CryptoCat chat session, just as any attacker who can compromise the server (or the server operator themselves) can intercept a CryptoCat chat session.
Maxim Kammerer replied:
Are you equating passive attacks with active attacks? If I understand how CryptoCat works correctly, it is resistant against passive interception attacks, whereas Google Chat stores cleartext on Google servers, which are easily accessible to law enforcement. Active attacks against SSL can be mitigated by pinning CryptoCat certificates, so you are left with what, compromise of server infrastructure? That requires LE jurisdiction where the servers are located, domain expertise, and dealing with the risk that the compromise is detected. All that vs. Google servers, which, if I remember right, provide a friendly interface to user accounts once served with a simple wiretapping order (and as has been already mentioned, Google is a multinational corporation, subject to a multitude of jurisdictions, and is known to bend over for whoever is in charge).
Maxim's comments match my thoughts with regards to both current Cryptocat over SSL and my analogy to Riseup webmail over SSL. If Riseup does what they say they do[1], emails sitting on their servers are not mined for advertising or LE (unlike Facebook chat, or as Maxim suggests, gmail); their servers do not log IPs; IPs are not embedded in emails; and outgoing emails to other secure email providers are encrypted (StartTLS). Furthermore, it appears Riseup plans[2] encryption for stored emails on their servers in the future. Such a scheme would make the emails difficult for LE, or more broadly, attackers, to get, even with a warrant -- not only would they have to obtain forced decryption power, which I don't think they have as of yet in the US, but also Riseup might not be able to provide the relevant keys in any case. (That the NSA has copies is a vulnerability, but perhaps not a relevant one, as to my knowledge LE can't introduce NSA copies as evidence.) Similarly with current Cryptocat over SSL: if the server and server operator do what they say they do, there aren't data-mining operations going on for the benefit of LE or advertisers. Both Riseup and current Cryptocat over SSL rely on good SSL connections and also trust that the server and server operator aren't compromised (including incorrect implementations). Those 3 dependencies are far from ideal, but at least the risk calculations are ones some activists without access to OTR or PGP or their own .mx can make. Better than known bad actors, known bad servers. Maybe my technical understanding is lacking something here, but I believe the above to be correct. :-Douglas 1. https://help.riseup.net/en/email#what-is-special-about-riseup-net-email 2. https://we.riseup.net/riseuplabs+fsoc/personally-encrypted-imap-storage _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE