Making an informed decision as a user or a developer when it comes to real-world tradeoffs between usability and security of course hinges upon your threat model. I think this is ultimately an empirical question -- we should be aiming to create a taxonomy of various actual tools packaged and sold by companies like FinFisher, beyond just the brochures. For example, Morgan and Citizen Lab did an excellent analysis recently of FinSpy (in case you missed it: http://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-expo...). Expanding this research and getting an inside view into the industry will help everyone make non-speculative decisions about threat models. It's a difficult problem -- getting this inside view -- but it seems worthwhile. Is anyone working towards compiling such a list? And I'll just add that I agree with Moxie about recommending gchat over cryptocat for users in jurisdictions where Google is unlikely to hand over information to LE. However, even in this case it may not be so black and white. The FinSpy software mentioned above, for example, may intercept Google's chat traffic because it's a popular service, and may ignore cryptocat because it is relatively unknown. This isn't an argument that cryptocat v1 is a tenable long-term alternative, but just shows that it's very difficult to be maximally protect every single user when it comes to real-world recommendations. Finally, I'll just support the idea that usability is critical and the burden of making something usable should always be on the developer, never on the intelligence or know-how of the user. Although I agree cryptocat v1 has significantly more security issues than v2, I think the sacrifice in usability moving to v2 is significant and I'd hypothesize that installing an extension is much harder for people than visiting a website. Though, again, it's an empirical question that can be answered rigorously through user experience research. On 08/07/2012 08:02 AM, Maxim Kammerer wrote:

On Tue, Aug 7, 2012 at 4:21 AM, Moxie Marlinspike wrote:

...

However, my position is that Google Chat is currently more secure than CryptoCat. To be more specific, if I were recommending a chat tool for activists to use, *particularly* outside of the United States, I would absolutely recommend that they use Google Chat instead of CryptoCat. Just as I would recommend that they use GMail instead HushMail.

The security of CryptoCat v1 is reducible to the security of SSL, as well as to the security of the server infrastructure serving the page. Any attacker who can intercept SSL traffic can intercept a CryptoCat chat session, just as any attacker who can compromise the server (or the server operator themselves) can intercept a CryptoCat chat session. Are you equating passive attacks with active attacks? If I understand how CryptoCat works correctly, it is resistant against passive interception attacks, whereas Google Chat stores cleartext on Google servers, which are easily accessible to law enforcement. Active attacks against SSL can be mitigated by pinning CryptoCat certificates, so you are left with what, compromise of server infrastructure? That requires LE jurisdiction where the servers are located, domain expertise, and dealing with the risk that the compromise is detected. All that vs. Google servers, which, if I remember right, provide a friendly interface to user accounts once served with a simple wiretapping order (and as has been already mentioned, Google is a multinational corporation, subject to a multitude of jurisdictions, and is known to bend over for whoever is in charge).

_______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE