What Andrew said. And anyone who glibly says that people's lives can rely on the privacy of their software like that is lying, naive, and/or stupid, to be blunt. We had releases in the wild of Tor we knew people were using (and may still be) that are out of date and we know are security compromised - and we have no way to reach every one of those people ever (nor would she even with registered users necessarily) to make them update, and it makes me weep. So every release you sweat because, if there's a security compromise, an exploit found, a bug somewhere (and hey even my archgeeks are only human ;) -- I mean, Roger Dingledine, Nick Mathewson and Andrew are angels. How many release engineers have to worry if they miss something, people could get hauled away from their families, tortured, and/or killed? It may not be the commonest case of some person using it for pedestrian daily privacy, but it is our critical case that we must model and plan for - and understand and empathize with - and it's thousands of activists, journalists, and so on. No glib "yes" answers please. If you aren't losing sleep you don't get it. Write social apps for suburbia, where you can lie or be naive or be stupid and it won't stand out. In the "Zynga" community of practice that seems to be normative at least - not that it's good for society either, but perhaps it's habit forming, sheep and shepherd. Don't do "social app" marketing to activists. Do risk assessment and education. Open your source, do not register your users (either they give you real PID which you can be forced to give up, or it's encouraging them to break TOS on probably a US email provider - which in any US service makes any activist a felon under the US law Aaron Swartz was accused under - this is my current area of research). Yrs, ---- Shava Nerad shava23@gmail.com On Mar 5, 2013 1:48 PM, <liberationtech@lewman.us> wrote:

On Tue, 5 Mar 2013 10:16:12 -0800 Yosem Companys <companys@stanford.edu> wrote:

...

The cautionary tale that many reference is the case of Hushmail, an encrypted mail service that used to claim that "not even a Hushmail employee with access to our servers can read your encrypted email, since each message is uniquely encoded before it leaves your computer" b words that echo Wickr's own proclamations. Sell tells Mashable that Wickr's "architecture eliminates backdoors; if someone was to come to us with a subpoena, we have nothing to give them."

They can, and will, be asked for "envelope data". Since wickr requires you create an account, they know who is communicating with whom, when, how often, and how much data. They may even know the file names transferred, even if they don't know the contents. They get to learn your email address and your IP addresses. This alone lets them build a nice social network map of you.

As it's running on a mobile phone, wickr can learn GPS location, cell tower, altitude and lots of other data provided by the phone itself (name, contacts, etc) if they want to do so.

And as a final thought, they will get preservation requests for messages from law enforcement. Since you're storing content on their servers, even if you think you control how long, they can copy off the messages (also for backups) for law enforcement.

-- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE