On 02/03/2015 08:40 PM, Markus Ottela wrote:
Those people do not have the privilege of having a desk with 3 laptops, they often don't even have damn ADMIN RIGHTS on their laptop. Giving them a tool that works on their (insecure, I agree!!) platforms and yet LOWERS their exposure actually can save lives. If you're not in control of the laptop, you shouldn't be trusting your life on it; Tox does very little if there's a keylogger present, neither does TFC if you're not in control of the two TCB computers.
Why is it that everyone here rocks at threat models as long as they get to own a computer. Why is it that everyone here can consider everything from if a Global Passive Adversary is directly targeting you to if your next door neighbor is doing, I dunno, Van-Eck Phreaking or something like that, but can't *possibly* consider the use case of "my government can break into any computer it wants, and I'm running from netcafe to netcafe, and just need them to not be able to find me for the next one or two weeks". A keylogger only compromises you once they find the logs to read -- But say they've got a thumb drive with their data and software, two legs (or one, or none, depending, I suppose), a car, and the driving will to *keep running and fighting*. "You shouldn't be trusting your life" my rear. Half of these people are expecting a knock on their door every day. You think they're gonna just give up because they can't be Perfectly Cryptographically Secure? So we can give up on them, or we can give them whatever help they can get. Two. Choices. ...sorry for ranting. But, like, could we *please* at least consider scenarios where people don't control their computer? Instead of just totally dismissing them off-hand? Like, there *is* stuff they can do, and there *is* stuff we can do for them. And it's just... *wrong* to just say "go hang".