Re: Tox.im

newer
Calyx institute announces...

older
Re: Pixel Dust Is Futile like FOIPA

Markus Ottela

3 Feb 2015 3 Feb '15

7:55 p.m.

On 03.02.2015 20:38, rysiek wrote:

...

...
yet the source of randomness and crypto implementation are not explained properly. The wiki talks about public keys and PFS without explaining the relation between the two. https://github.com/irungentoo/toxcore/blob/master/docs/updates/Crypto.md ACK. So, the PDF I linked to goes a *bit* further (just a wee bit). Go have a look at the "Crypto" section: https://jenkins.libtoxcore.so/job/Technical_Report/lastSuccessfulBuild/artif...

So, at least not a "we hold your keys -- FOR SAFETY!!1!" kind of snakeooil. Half of an "AOK" from me here.

Just because it could be worse doesn't mean it couldn't be better. Thanks for the whitepaper, I'll have a look when I've the time.

...

...
*5. There is no threat model* "/With the rise of government monitoring programs/" implies it's designed to be secure against state surveillance. "Tox does not cloak IP addresses when communicating with other users" In disclaimer it is also just stated that "/Tox prevents message contents from being read or altered by third parties, or anyone else other than the intended recipient/", yet it doesn't even bother to evaluate the system against HSAs or MSAs. True. One has to consider their own threat model and assess if Tox is the answer. Tox does *not* provide anonymity, it at least *tries* to provide OTR- like features (encryption, integrity, etc.).

...

...
*7. Neglects general sad state of host security *

Well, yes, and my beef with Tox is also that the private keys do not require a passpharse to unlock. So that's a no-no in my book. This only changes the type of attack: a keylogger has to be used along

IIRC the DH signing keys are bound the the account ID. Appelbaum recommended in his 31c3 talk 'Reconstructing Narratives' that users rotate their OTR keys often and verify the hash using off-band channel. I'm not sure it's a convenient thing users have to re-add their contacts every time the DH signing key needs to be refreshed. It's sort of good thing users are immediately using the public signing key (Tox ID) but the issue is, while the Tox ID doesn't have to be secret, it must be authentic: so users unaware of this can be subjected to MITM attack. the private key exfiltration tool.

...

Still, this doesn't look like snakeoil; rather like a good idea with not-so- stellar execution, which *might* get better.

Am I missing anything?

I would argue the current OTR/PGP/ZRTP implementation has limited lifespan regardless of execution, given the fact intelligence community is expanding end-point exploitation to mass surveillance levels: methodology is changing, not the scale: https://www.youtube.com/watch?v=FScSpFZjFf0&t=37m35s There's a lot of misconception on 0-days being expensive 'one-time-hacks' that must be used only when necessary. How many anti-virus programs detect and report these? What percentage of users are running some sort of IDS? How many users assume sudden system crash is due to malfunctioning exploit/payload? A 0-day is more like a master key for given OS with average lifespan of 300 days ( http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf )

...

Could we have a *separate* thread for it? I'm really interested in having a more in-depth discussion of Tox and this could potentially hi-jack this thread. Much obliged.

I agree it should be separate. I tried to keep that section short and the intention was to provide contrast and show each of these can be addressed simultaneously.

Attachments:

attachment.html (text/html — 6.6 KB)

Show replies by date

rysiek

3 Feb 3 Feb

9:06 p.m.

New subject: Tox.im

Dnia wtorek, 3 lutego 2015 21:52:34 piszesz:

...

Just because it could be worse doesn't mean it couldn't be better.

True. But the state of affairs right now is that people are massively using Skype. So even not-so-well implemented free-software crypto peer-to-peer audio-video and IM app is a step-up (as long as it's not being sold as end- all-problems-heal-your-dog-panaceum). And I would not call Tox snakeoil mainly because snakeoil salesmen *ignore* criticism and *willfully and knowingly* sell bullshit; Tox is at least *trying* to get things working and properly implemented, as far as I can see. So there's a huge difference in (perceived? apparent? true?) intentions.

...

Thanks for the whitepaper, I'll have a look when I've the time.

It's 7 pages, hardly a "white paper", and the Crypto section is about 6 lines. It's a stub, but it does contain *some* info.

...

...
True. One has to consider their own threat model and assess if Tox is the answer. Tox does *not* provide anonymity, it at least *tries* to provide OTR- like features (encryption, integrity, etc.).

IIRC the DH signing keys are bound the the account ID. Appelbaum recommended in his 31c3 talk 'Reconstructing Narratives' that users rotate their OTR keys often and verify the hash using off-band channel.

Yeah, and I stand by my "still better than Skype, and no intentional nastiness so far found". ;)

...

I'm not sure it's a convenient thing users have to re-add their contacts every time the DH signing key needs to be refreshed. It's sort of good thing users are immediately using the public signing key (Tox ID) but the issue is, while the Tox ID doesn't have to be secret, it must be authentic: so users unaware of this can be subjected to MITM attack.

Yes. But now we're discussing the proto and the implementation, so I assume we moved forward from the "is it snakeoil" question. At least I hope so.

...

...
...
*7. Neglects general sad state of host security *

Well, yes, and my beef with Tox is also that the private keys do not require a passpharse to unlock. So that's a no-no in my book.

This only changes the type of attack: a keylogger has to be used along the private key exfiltration tool.

"Using seatbelts only means that the type of the car accident has to change: faster and with flying debris." I'll take the seatbelts, though. I'm fine with making the attacker spend a bit more time and resources if they want to get me. There are no bulletproof solutions anyway.

...

...
Still, this doesn't look like snakeoil; rather like a good idea with not-so- stellar execution, which *might* get better.

Am I missing anything?

I would argue the current OTR/PGP/ZRTP implementation has limited lifespan regardless of execution, given the fact intelligence community is expanding end-point exploitation to mass surveillance levels: methodology is changing, not the scale: https://www.youtube.com/watch?v=FScSpFZjFf0&t=37m35s

And the point here is... what exactly? "Don't use encryption, because it *might* be broken one day?"

...

There's a lot of misconception on 0-days being expensive 'one-time-hacks' that must be used only when necessary. How many anti-virus programs detect and report these? What percentage of users are running some sort of IDS? How many users assume sudden system crash is due to malfunctioning exploit/payload? A 0-day is more like a master key for given OS with average lifespan of 300 days ( http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf )

And that changes... what exactly? This affects *any and all* desktop-usable security solutions, so let's just assume that this is the baseline we have to work with and assess the solutions on their own merits, eh?

...

...
Could we have a *separate* thread for it? I'm really interested in having a more in-depth discussion of Tox and this could potentially hi-jack this thread. Much obliged.

I agree it should be separate. I tried to keep that section short and the intention was to provide contrast and show each of these can be addressed simultaneously.

Thanks. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Markus Ottela

10:54 p.m.

New subject: Tox.im

On 03.02.2015 23:06, rysiek wrote:

...

Dnia wtorek, 3 lutego 2015 21:52:34 piszesz:

True. But the state of affairs right now is that people are massively using Skype. So even not-so-well implemented free-software crypto peer-to-peer audio-video and IM app is a step-up (as long as it's not being sold as end- all-problems-heal-your-dog-panaceum).

And I would not call Tox snakeoil mainly because snakeoil salesmen *ignore* criticism and *willfully and knowingly* sell bullshit; Tox is at least *trying* to get things working and properly implemented, as far as I can see.

So there's a huge difference in (perceived? apparent? true?) intentions. They are ignoring the criticism they should be warning users about constant issues in endpoint security: Subrosa, Ricochet, TextSecure, Cryptocat and Threema have all included a threat model/warning, Tox should do so too. Notifying users about risks is what keeps them safe, not moving to slightly more secure products they assume are impenetrable. Conscious ignoring of this on the developers part equals selling "bullshit".

Lets assume they put the warning on the web page. Now every user who reads the security warning begins to think "Ok, so given my contacts, reputation and opsec, my private key is compromised with probability P. Am I still going to write this or do I upgrade my tools? Am I under constant monitoring? Do I need to regenerate my keys?". In the beginning of Citizenfour, Snowden gives a warning to Poitras about private keys: even though PGP encrypts private key at rest. After that, Laura bought an airgapped machine and created new PGP keypair.

...

...
I'm not sure it's a convenient thing users have to re-add their contacts every time the DH signing key needs to be refreshed. It's sort of good thing users are immediately using the public signing key (Tox ID) but the issue is, while the Tox ID doesn't have to be secret, it must be authentic: so users unaware of this can be subjected to MITM attack. Yes. But now we're discussing the proto and the implementation, so I assume we moved forward from the "is it snakeoil" question. At least I hope so.

Again, security is a process, not a product: unless the implementation of crypto is secure and users know how to use it, properly written Salsa20 implementation isn't going to do much good. Writing a good manual is the responsibility of the developer.

...

...
...
...
*7. Neglects general sad state of host security * Well, yes, and my beef with Tox is also that the private keys do not require a passpharse to unlock. So that's a no-no in my book. This only changes the type of attack: a keylogger has to be used along the private key exfiltration tool. "Using seatbelts only means that the type of the car accident has to change: faster and with flying debris."

I'll take the seatbelts, though. I'm fine with making the attacker spend a bit more time and resources if they want to get me. There are no bulletproof solutions anyway. Here's a Metasploit payload Meterpreter. How hard do you think it's for me to automate the two Armitage GUI functionalities of browsing files and logging keystrokes once I buy a 0-day from Vupen with tax money?

https://4.bp.blogspot.com/-9SL6twrYlLg/UcKHmH8QkyI/AAAAAAAAALg/GogP6DN4KIs/s... Now think about Fox Acid, Metasploit, with a budget. Then think of things like Quantuminsert that automate this process on mass scale. Your seat belt is a bad analogy. There are no bulletproof solutions but there are better ones.

...

...
...
Still, this doesn't look like snakeoil; rather like a good idea with not-so- stellar execution, which *might* get better.

Am I missing anything? I would argue the current OTR/PGP/ZRTP implementation has limited lifespan regardless of execution, given the fact intelligence community is expanding end-point exploitation to mass surveillance levels: methodology is changing, not the scale: https://www.youtube.com/watch?v=FScSpFZjFf0&t=37m35s And the point here is... what exactly? "Don't use encryption, because it *might* be broken one day?" No, the point here is, don't put TCB on a computer that does networking. Why are you putting emphasis on the word 'might' when Snowden says NSA bypasses encryption *every day*: https://www.youtube.com/watch?v=YxPKoXTKDc8#t=48m53s

...

And that changes... what exactly? This affects *any and all* desktop-usable security solutions, so let's just assume that this is the baseline we have to work with and assess the solutions on their own merits, eh? No, let's not assume. I've a small desk but it's still able to handle the three laptops in a configuration that does not have the issue.

The community has already accepted the host security as part of snake oil check. What on earth is the check doing here if we should accept OS vulnerabilities as a "baseline"? If the product isn't going to address it, it better not neglect it at least, Tox doesn't do even that. I'm not trying to hijack this Tox discussion to say TFC is the solution. I'm trying to say it's pointless to create anything secure on a setup the features of which are limited(/rigged) to begin with. That's why smartphone is part of the snake oil checklist. The very first step says the product has to be FOSS, without free OS, no encryption software stands a chance. Without endpoint security, it's the same. The community is already praising $1,300 Novena laptops - I'm saying we can achieve higher security with set of three $200 COTS laptops and a few extra components.

rysiek

11:59 p.m.

New subject: Tox.im

Hi, this is getting absurdly long. I am going to answer this one part below. Dnia środa, 4 lutego 2015 00:54:07 Markus Ottela pisze:

...

...
And that changes... what exactly? This affects *any and all* desktop-usable security solutions, so let's just assume that this is the baseline we have to work with and assess the solutions on their own merits, eh?

No, let's not assume. I've a small desk but it's still able to handle the three laptops in a configuration that does not have the issue.

The community has already accepted the host security as part of snake oil check. What on earth is the check doing here if we should accept OS vulnerabilities as a "baseline"? If the product isn't going to address it, it better not neglect it at least, Tox doesn't do even that.

Answer A: Well then, do a damn pull request and fix it. With the amount of typing done in this thread already you could have done it 3 times over. :) Answer B: Can you please direct me towards any software that in your opinion does not have a problem with the "host security" part? A single example of any program, say any communication program, like IM, VoIP, e-mail client, etc, installable on a chosen operating system. Answer C (I think I'll go with this one): On a more serious vein, I see I'm dealing with a view that security is binary. That one can only be safe in a meaningful sence, when one has three laptops in a particular setup on their desk. Problem is, people DIE, NOW, because they use Skype. Not because they misjudged a particular way software A uses crypto primitive B or some such, but because they are using an inherently fucked up, security wise, software to communicate. Those people do not have the privilege of having a desk with 3 laptops, they often don't even have damn ADMIN RIGHTS on their laptop. Giving them a tool that works on their (insecure, I agree!!) platforms and yet LOWERS their exposure actually can save lives. This is something that has to be rammed into the heads of people with a baseball bat. Ideal setups don't exist, that's why they are "ideal". Here, have a read: https://medium.com/message/81e5f33a24e1 Especially this part: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Managing all the encryption and decryption keys you need to keep your data safe across multiple devices, sites, and accounts is theoretically possible, in the same way performing an appendectomy on yourself is theoretically possible. This one guy did it once in Antarctica, why can’t you? (...) So the question I put to hackers, cryptographers, security experts, programmers, and so on was this: What’s the best option for people who can’t download new software to their machines? The answer was unanimous: nothing. They have no options. They are better off talking in plaintext I was told, “so they don’t have a false sense of security.” Since they don’t have access to better software, I was told, they shouldn’t do anything that might upset the people watching them. But, I explained, these are the activists, organizers, and journalists around the world dealing with governments and corporations and criminals that do real harm, the people in real danger. Then they should buy themselves computers, I was told. That was it, that was the answer: be rich enough to buy your own computer, or literally drop dead. I told people that wasn’t good enough, got vilified in a few inconsequential Twitter fights, and moved on. Not long after, I realized where the disconnect was. I went back to the same experts and explained: in the wild, in really dangerous situations — even when people are being hunted by men with guns — when encryption and security fails, no one stops talking. They just hope they don’t get caught. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I accept Tox could warn about some issues better. I accept that desktop security is a joke. But for the love of Dog, that is not what I am asking when I'm asking if Tox is a sane thing to look into. I'm asking about "do we know of serious security bugs or fuckups in this software". I am asking "can anybody point out any serious, SNAFU-level bugs in the protocol design". And so on.

...

I'm not trying to hijack this Tox discussion to say TFC is the solution. I'm trying to say it's pointless to create anything secure on a setup the features of which are limited(/rigged) to begin with.

...

That's why smartphone is part of the snake oil checklist.

How about we let stef talk about that himself. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Juan

4 Feb 4 Feb

12:27 a.m.

New subject: Tox.im

On Wed, 04 Feb 2015 00:59:06 +0100 rysiek wrote:

...

Problem is, people DIE, NOW, because they use Skype.

And the source(s) for that claim is...?

rysiek

1:03 a.m.

New subject: Tox.im

Dnia wtorek, 3 lutego 2015 21:27:03 Juan pisze:

...

On Wed, 04 Feb 2015 00:59:06 +0100

rysiek wrote:

...
Problem is, people DIE, NOW, because they use Skype.

And the source(s) for that claim is...?

https://about.okhin.fr/posts/Stupid_journos/ Stop killing people, stop using Skype! - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A journalists friend of mine pointed me to a news flash from AFP - REF: 29578 DVBP 729 GLN20 (4) AFP (295) , if it means something to you - in which they killed someone. Or, if it's not the case, he will be killed soon. Why? First, they used his full name in the text, and the city where he lives. This is, in essence, like putting a target on his forehead and waiting for snipers, tanks and/or mortars to kill him. But worse, they used the infamous malware named Skype to contact him. Besides the huge privacy issue related to using something that has been 'accidentaly' deployed in the last Windows Update, it is of public knowledge that Skype is used as a trojan to identify and hunt activists in Syria. The EFF posted about it, kaspersky, posted about it, even the original writer of the tool used inside Skype to deploy the Remote Access Tool has wrote about it along iwth a removal tool. So, journalists now knows, for month, that it is dangerous to use Skype. It is also dangerous to use closed and proprietary software. A lot of people are telling this for months now and even make propositions to use alternative, free and decentralized systems, because it is the only way to enforce some bits of privacy. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Or this (linked within): https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware Oh, I also appreciate how you're the first to jump in and criticize Tor, but for some reason you don't really seem to have a problem with Skype. Double standards much? :) ~~~=:) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Juan

2:05 a.m.

New subject: Tox.im

On Wed, 04 Feb 2015 02:03:44 +0100 rysiek wrote:

...

Or this (linked within): https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware

"Trojans, including one disguised as a Skype encryption tool, which covertly install spying software onto the infected computer," Not a problem of skype per se, so your claim is bullshit.

...

Oh, I also appreciate how you're the first to jump in and criticize Tor,

Just as I appreciate you licking the boots of the US military and its spies.

...

but for some reason you don't really seem to have a problem with Skype. Double standards much? :)

Lol. You are lying barefacedly. I never said I don't have a problem with skype. I have a problem with any kind of garbage coming from the US, ESPECIALLY from the pentagon. Unlike you.

...

~~~=:)

Zenaan Harkness

2:38 a.m.

New subject: Tox.im

On 2/4/15, Juan wrote:

...

On Wed, 04 Feb 2015 02:03:44 +0100 rysiek wrote:

...
Oh, I also appreciate how you're the first to jump in and criticize Tor,

Just as I appreciate you licking the boots of the US military and its spies.

:) Come one rysiek, you should know better by now around here - you just got Juan'ed... And I'm not saying that's a bad thing either :)

rysiek

3:25 a.m.

New subject: Tox.im

Dnia środa, 4 lutego 2015 13:38:21 Zenaan Harkness pisze:

...

On 2/4/15, Juan wrote:

...
On Wed, 04 Feb 2015 02:03:44 +0100

rysiek wrote:

...
Oh, I also appreciate how you're the first to jump in and criticize Tor,

Just as I appreciate you licking the boots of the US military and its spies. : :)

Come one rysiek, you should know better by now around here - you just got Juan'ed...

Nah, I was perfectly aware of what I was signing up for. It's a kind of a sport of mine. Hope the list can forgive me for generating this bit of additional noise.

...

And I'm not saying that's a bad thing either :)

I guess it's fine as long as nobody gets hurt. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Markus Ottela

1:40 a.m.

New subject: Tox.im

On 04.02.2015 01:59, rysiek wrote:

...

Hi,

this is getting absurdly long.

I am going to answer this one part below.

Dnia środa, 4 lutego 2015 00:54:07 Markus Ottela pisze:

...
...
And that changes... what exactly? This affects *any and all* desktop-usable security solutions, so let's just assume that this is the baseline we have to work with and assess the solutions on their own merits, eh? No, let's not assume. I've a small desk but it's still able to handle the three laptops in a configuration that does not have the issue.

The community has already accepted the host security as part of snake oil check. What on earth is the check doing here if we should accept OS vulnerabilities as a "baseline"? If the product isn't going to address it, it better not neglect it at least, Tox doesn't do even that.

Answer A: Well then, do a damn pull request and fix it. With the amount of typing done in this thread already you could have done it 3 times over. :)

...

Answer B: Can you please direct me towards any software that in your opinion does not have a problem with the "host security" part? A single example of any program, say any communication program, like IM, VoIP, e-mail client, etc, installable on a chosen operating system. TFC stands for Tinfoil Chat. cs.helsinki.fi/u/oottela/tfc.pdf // pages 9 and 10 explain how why

...

Answer C (I think I'll go with this one): On a more serious vein, I see I'm dealing with a view that security is binary. That one can only be safe in a meaningful sence, when one has three laptops in a particular setup on their desk.

Problem is, people DIE, NOW, because they use Skype. Not because they misjudged a particular way software A uses crypto primitive B or some such, but because they are using an inherently fucked up, security wise, software to communicate. It depends on your threat model and how technically skilled your adversary is. If adversarial government decides to buy malware from say, Hacking Team

...

Those people do not have the privilege of having a desk with 3 laptops, they often don't even have damn ADMIN RIGHTS on their laptop. Giving them a tool that works on their (insecure, I agree!!) platforms and yet LOWERS their exposure actually can save lives. If you're not in control of the laptop, you shouldn't be trusting your

Tox developer team were not interested in implementing it in similar fashion. Using three computers was the main obstruction: A successor for Skype that makes the headlines is the one that you get everyone to use because it's easy to setup. It wouldn't get any attention nor media coverage if it wasn't free as in 'next, yes, next, next, install'. I'd rather not meddle with Tox source: to quote the Norton's article you posted "C is good for two things: being beautiful and creating catastrophic 0days in memory management." Tox is written in C, by people who seem to have limited understanding on computer security and programming. I do too, but a least I selected an approach that doesn't require 0-day free code, or OS. there is no key exfiltration risk. TCB is the Trusted Computing Base, the system responsible for cryptographic operations. that automatically replaces Tox IDs inside unencrypted emails to those owned by the state, it'll still get you killed unless you know what you're doing. Just telling the user to meet the contact and exchange Tox ID in person is enough not to get MITM'd. Just warning the user about not saying the most sensitive stuff on Tox might be enough to not to get killed. life on it; Tox does very little if there's a keylogger present, neither does TFC if you're not in control of the two TCB computers.

...

This is something that has to be rammed into the heads of people with a baseball bat. Ideal setups don't exist, that's why they are "ideal".

Here, have a read: https://medium.com/message/81e5f33a24e1

Especially this part:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Managing all the encryption and decryption keys you need to keep your data safe across multiple devices, sites, and accounts is theoretically possible, in the same way performing an appendectomy on yourself is theoretically possible. This one guy did it once in Antarctica, why can’t you? That part sounds like infomercial trying to overcomplicate a problem.

You need one device to store the (a)symmetric encryption keys (TCB 1) You need another to store the (a)symmetric decryption keys (TCB 2) You need third one to transmit encrypted messages. You need data diodes to enforce unidirectional communication between the devices. That's all.

...

So the question I put to hackers, cryptographers, security experts, programmers, and so on was this: What’s the best option for people who can’t download new software to their machines? The answer was unanimous: nothing. They have no options. They are better off talking in plaintext I was told, “so they don’t have a false sense of security.” Since they don’t have access to better software, I was told, they shouldn’t do anything that might upset the people watching them. But, I explained, these are the activists, organizers, and journalists around the world dealing with governments and corporations and criminals that do real harm, the people in real danger. Then they should buy themselves computers, I was told.

That was it, that was the answer: be rich enough to buy your own computer, or literally drop dead. I told people that wasn’t good enough, got vilified in a few inconsequential Twitter fights, and moved on. The issue is global whether it's occupy movement fighting against economic segregation in the West, or dissidents in 3rd world countries. The difference is the threat model. In west it's HSAs, in poor countries, MSAs at top, unless it's the US doing surveillance against Afghans etc.

...

Not long after, I realized where the disconnect was. I went back to the same experts and explained: in the wild, in really dangerous situations — even when people are being hunted by men with guns — when encryption and security fails, no one stops talking. They just hope they don’t get caught.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I accept Tox could warn about some issues better. I accept that desktop security is a joke. But for the love of Dog, that is not what I am asking when I'm asking if Tox is a sane thing to look into.

I'm asking about "do we know of serious security bugs or fuckups in this software". I am asking "can anybody point out any serious, SNAFU-level bugs in the protocol design". And so on. I get what you mean. You're trying to evaluate the skillset of developers in terms of how things are implemented and programmed. I'm trying to say they've a bigger job to do and so far they have failed at it.

Yaron Greenwald

3:34 a.m.

New subject: Tox.im

On 02/03/2015 08:40 PM, Markus Ottela wrote:

...

...
Those people do not have the privilege of having a desk with 3 laptops, they often don't even have damn ADMIN RIGHTS on their laptop. Giving them a tool that works on their (insecure, I agree!!) platforms and yet LOWERS their exposure actually can save lives. If you're not in control of the laptop, you shouldn't be trusting your life on it; Tox does very little if there's a keylogger present, neither does TFC if you're not in control of the two TCB computers.

Why is it that everyone here rocks at threat models as long as they get to own a computer. Why is it that everyone here can consider everything from if a Global Passive Adversary is directly targeting you to if your next door neighbor is doing, I dunno, Van-Eck Phreaking or something like that, but can't *possibly* consider the use case of "my government can break into any computer it wants, and I'm running from netcafe to netcafe, and just need them to not be able to find me for the next one or two weeks". A keylogger only compromises you once they find the logs to read -- But say they've got a thumb drive with their data and software, two legs (or one, or none, depending, I suppose), a car, and the driving will to *keep running and fighting*. "You shouldn't be trusting your life" my rear. Half of these people are expecting a knock on their door every day. You think they're gonna just give up because they can't be Perfectly Cryptographically Secure? So we can give up on them, or we can give them whatever help they can get. Two. Choices. ...sorry for ranting. But, like, could we *please* at least consider scenarios where people don't control their computer? Instead of just totally dismissing them off-hand? Like, there *is* stuff they can do, and there *is* stuff we can do for them. And it's just... *wrong* to just say "go hang".

stef

5:14 p.m.

New subject: Tox.im

On Tue, Feb 03, 2015 at 10:34:16PM -0500, Yaron Greenwald wrote:

...

Why is it that everyone here rocks at threat models as long as they get to own a computer. Why is it that everyone here can consider everything from if a Global Passive Adversary is directly targeting you to if your

lets not forget the local active adversaries. finfisher sells to a lot of customers, not only the nsa has such capabilities - assuming you allude to the (5|9|many)eyes alliance with he GPA, or do you mean cloudflare?

...

next door neighbor is doing, I dunno, Van-Eck Phreaking or something like that, but can't *possibly* consider the use case of "my government can break into any computer it wants, and I'm running from netcafe to netcafe, and just need them to not be able to find me for the next one or two weeks".

A keylogger only compromises you once they find the logs to read --

hackingteam has that market covered i guess.

...

But say they've got a thumb drive with their data and software, two legs (or one, or none, depending, I suppose), a car, and the driving will to *keep running and fighting*.

"You shouldn't be trusting your life" my rear. Half of these people are expecting a knock on their door every day. You think they're gonna just give up because they can't be Perfectly Cryptographically Secure?

indeed. however they also endanger their support networks and if the brave sacrifice themselves for some community which is compromised in the mean time because of the 'immma compromised already' attitude does not advance their cause very much if there's no one left to die for. furthermore cryptographically secure is as the 7 rules show only one aspect, as long as people can be tricked with spear-phishing emails or fancy linkedin pages to install malware. crypto means only one thing, increasing the likelihood of malware instead of in-transit interception of plaintext communication. which brings us directly to host security and its dismal state. how many of these brave souls have updated their gear lately? how much malware is running on those hosts? how many believe that antivirus is something positive and not a system level backdoor?

...

So we can give up on them, or we can give them whatever help they can get. Two. Choices.

so by definition not having control over a device means the device can do whatever it wants within the limits of its capabilities. so this means you cannot ensure confidentiality, authenticity, anonymity, etc. the probability of a device acting against the will/interest of its user is pretty high already considering only commercial adversaries. however if the person is one of special interest because of 1/ the person itself is interesting or 2/ the person is one with weak security standards and in close proximity to persons of interest, in this case the probability of the device acting against the interest of the user is quite higher. so of course if your threat model is currently the littlesis one, then rot13 does protect you against 90% of adversaries. however disregarding more advanced adversaries can reduce your future agency against them enormously. like john travolta by the time scientology became an adversary for him, they had all the compromise to bind him. the other point that is ignored, is the asymmetry in the capabilities and modus operandi of the opposing adversaries. if we are considering the model of the arabian spring where you have people against some regime. the government has the monopoly of violence, and other stuff, that makes them able to work extralegally, also there's experience for many years in suppression of mass movements (look at cointelpro, or how the occupy movement got nowhere). on the other side, for citizens one of the expensive tools there exists in such an asymmetric setting is the sacrifice, like the soviets in the 2nd world war everyone gets ammunition but only 1 out of 5 soldiers a gun. the others get an order of inheritance of the gun. worked quite well, however it was very wasteful and tragic. of course losses can be cut, but they require efforts and resources that like the soviets, avg people hypnotized by us propaganda lack.

...

...sorry for ranting. But, like, could we *please* at least consider scenarios where people don't control their computer? Instead of just

i did a bit of that consideration i hope. let me ask you what scenarios can you envision where there is no control of devices and thus no authenticity, confidentiality, etc? and yet useful for people above the littlesis adversary model? i think the context of the littlesis model is of little interest in this community though.

...

totally dismissing them off-hand? Like, there *is* stuff they can do, and there *is* stuff we can do for them.

can you be a bit more specific what you mean, and why you think that it would be efficient? what are your metrics for "success" or "efficiency"? let me try too: there's a few things that can be done, 1/ eliminate all snakeoil 2/ educate the few people that are actually doing things 3/ most importantly go harass the vendors that profit from the sabotaged infrastructure that these brave souls trust blindly. i'm sorry, the fact that we have not much to protect ourselves with is mostly due to the profit silicon valley, they wanted as fast as much users as possible, sacrificing everything for their quarterly profits, the externalities of this as it can be euphemised are on the victims. to do real stuff, the opsec is very hard and will be limited to only a few, and even most of them will fall, so everyone should expect to be owned and the wider consequences of that. although i think it's a great idea to raise the general costs for adversaries, i think this is much more expensive than you think. as an attacker i'll attack the cheapest way possible to maximise my results, surely. so when you start raising the cost of the cheapest way, i do not care about this until the cost is higher than the second cheapest attack. in which case it becomes the cheapest, and i use that. if i do my job well, i will continue a bit the old attack, so i force you to overspend on that defense, and make my life easier for some more time.

...

And it's just... *wrong* to just say "go hang".

i don't know where this comes from, but this is indeed wrong if anyone ever implied that, and it's not only a journalistic tool. lastly - allow me to naively exaggerate a bit - i think such regular "why can't you save us all" is very distracting in a community that is allegedly about writing code, not mails. our resources are limited and we are already motivated to work on this stuff. having to explain things over and over again should be handled by the people enjoying publicity and attention, not those enjoying good math, code and obscurity. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

stef

5:34 p.m.

New subject: Tox.im

On Wed, Feb 04, 2015 at 06:14:06PM +0100, stef wrote:

...

let me try too: there's a few things that can be done

please go and bash mozilla to spend their warchest on UX of security features like cert handling, or a proper enigmail ui instead of ever more rounded corners, new ui experiences and transparent tabs. what a waste. also proper sandboxing would be wise to spend on. why does no one ever bash those only the depressing cypherpunks that say stuff no one wants to hear? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

rysiek

5 Feb 5 Feb

10:06 a.m.

New subject: Tox.im

Dnia środa, 4 lutego 2015 18:34:36 stef pisze:

...

On Wed, Feb 04, 2015 at 06:14:06PM +0100, stef wrote:

...
let me try too: there's a few things that can be done

please go and bash mozilla to spend their warchest on UX of security features like cert handling, or a proper enigmail ui instead of ever more rounded corners, new ui experiences and transparent tabs. what a waste.

Or fucking EME and "Firefox Hellno", the latter being superfluous, the former simply evil. Can I quote the above (anonymously or otherwise, as you prefer) if I ever write anywhere about it?

...

also proper sandboxing would be wise to spend on. why does no one ever bash those only the depressing cypherpunks that say stuff no one wants to hear?

+1 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

stef

10:51 a.m.

New subject: Tox.im

On Thu, Feb 05, 2015 at 11:06:16AM +0100, rysiek wrote:

...

Dnia środa, 4 lutego 2015 18:34:36 stef pisze:

...
please go and bash mozilla to spend their warchest on UX of security features like cert handling, or a proper enigmail ui instead of ever more rounded corners, new ui experiences and transparent tabs. what a waste.

Or fucking EME and "Firefox Hellno", the latter being superfluous, the former simply evil.

what is eme and firefoxhellno? a joke that i don't get?

...

Can I quote the above (anonymously or otherwise, as you prefer) if I ever write anywhere about it?

only on the condition that you mention also the fact that DRM and advertising have seen great efforts spent on. their sabotage of critical infrastructure deserves nothing but contempt. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

GDR!

3:43 p.m.

New subject: Tox.im

On Thu, 5 Feb 2015 11:51:28 +0100 stef wrote:

...

what is eme and

DRM built into Firefox https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/

...

firefoxhellno? a joke that i don't get?

A chat client built into Firefox https://www.mozilla.org/en-US/firefox/hello/

rysiek

4:20 p.m.

New subject: Tox.im

Dnia czwartek, 5 lutego 2015 16:43:56 GDR! pisze:

...

On Thu, 5 Feb 2015 11:51:28 +0100

stef wrote:

...
what is eme and

DRM built into Firefox https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/

For the record: http://rys.io/en/141

...

...
firefoxhellno? a joke that i don't get?

A chat client built into Firefox https://www.mozilla.org/en-US/firefox/hello/

Or, a joke nobody gets. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Peter Gutmann

1:30 a.m.

New subject: Tox.im

Yaron Greenwald writes:

...

Why is it that everyone here rocks at threat models as long as they get to own a computer. Why is it that everyone here can consider everything from if a Global Passive Adversary is directly targeting you to if your next door neighbor is doing, I dunno, Van-Eck Phreaking or something like that, but can't *possibly* consider the use case of "my government can break into any computer it wants, and I'm running from netcafe to netcafe, and just need them to not be able to find me for the next one or two weeks".

This is why we have cryptography, it provides us with a precise mathematical framework for debating the implications of various paranoid delusions. No matter how the gubmint is trying to get you, there's bound to be some cryptographic pixie dust of some form that you can sprinkle to help you feel better. Peter.

rysiek

4 Feb 4 Feb

4:58 a.m.

New subject: Tox.im

OHAI, first of all, all that Yaron just wrote. Very much so. Dnia środa, 4 lutego 2015 03:40:02 Markus Ottela pisze:

...

I get what you mean. You're trying to evaluate the skillset of developers in terms of how things are implemented and programmed. I'm trying to say they've a bigger job to do and so far they have failed at it.

No. I'm trying to assess if Tox is legitimately a better, or "better-stay- away", alternative to Skype. So far I see three serious problems: - no warning for users about a few things (like "Tox does not provide anonymity", etc); - written in C, and the code is "TFC" as defined in my mail in another thread; ;) - no good protocol documentation, so no way to to easily: - write other implementations; - assess the quality of the protocol. Apart from these, there are the questions I brought up earlier, which might or might not translate to more serious problems. For the time being I'm going to use Tox for not-mission-critical stuff and testing, and will suggest it to Skype users wanting to talk to me. I will not advocate its use as a security tool. Am I missing anything? Can anybody provide any answers to the questions I mentioned, and provide below? - does the transport layer have encryption? (does the middle layer do that all or...?) - where is the documentation of the cryptography? - is there any hmac done at all? - what is the tox id for a seed with all 0? - how does the tox implementation handle different byte alignment? - how does the tox implementation handle different byte endiness? - how well stressed is the tox implementation? benchmarks? - where is the rest of the documentation? - where can I find a full view of how tox works from bottom to top? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

stef

2:04 a.m.

New subject: Tox.im

On Wed, Feb 04, 2015 at 12:59:06AM +0100, rysiek wrote:

...

Answer B: Can you please direct me towards any software that in your opinion does not have a problem with the "host security" part? A single example of any program, say any communication program, like IM, VoIP, e-mail client, etc, installable on a chosen operating system.

i can: pond stores the key material in tpm, whether to trust tpm or not is open for debate. gpg is able to work with smartcards, and qubes has this split-pgp mode. these are all quite cool approaches to the host security problem. i think in general it is about compartmentalization of sensitive material, if possible in external fully controlled hw with very simple observable interfaces.

...

Problem is, people DIE, NOW, because they use Skype. Not because they

they will they as well if they use the right tools but wrongly. :/

...

How about we let stef talk about that himself.

you troll. :) -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

rysiek

3:23 a.m.

New subject: Tox.im

Dnia środa, 4 lutego 2015 03:04:56 stef pisze:

...

On Wed, Feb 04, 2015 at 12:59:06AM +0100, rysiek wrote:

...
Answer B: Can you please direct me towards any software that in your opinion does not have a problem with the "host security" part? A single example of any program, say any communication program, like IM, VoIP, e-mail client, etc, installable on a chosen operating system.

i can: pond stores the key material in tpm, whether to trust tpm or not is open for debate. gpg is able to work with smartcards, and qubes has this split-pgp mode. these are all quite cool approaches to the host security problem.

Nice, didn't know about pond. Still, Tox got a no-no from me on host security (for as simple thing as not having a password on private keys), so... ;) Maybe it's a good moment to add a point to your list of snakeoil tell-tales: - "does not have decent documentation of protocols/mode of operation available" As Tox shows (as if it needed to be shown...), source code is not enough, by far. Had the protocol been documented, we would already have a Python implementation, probably, which would solve the "oh crap, C" problem.

...

i think in general it is about compartmentalization of sensitive material, if possible in external fully controlled hw with very simple observable interfaces.

Absolutely.

...

...
Problem is, people DIE, NOW, because they use Skype. Not because they

they will they as well if they use the right tools but wrongly. :/

That's true.

...

...
How about we let stef talk about that himself.

you troll. :)

Always at your service. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

3514

Age (days ago)

3516

Last active (days ago)

List overview

Download

20 comments

8 participants

participants (8)

GDR!
Juan
Markus Ottela
Peter Gutmann
rysiek
stef
Yaron Greenwald
Zenaan Harkness

Re: Tox.im

Markus Ottela

rysiek

Markus Ottela

rysiek

Juan

rysiek

Juan

Zenaan Harkness

rysiek

Markus Ottela

Yaron Greenwald

stef

stef

rysiek

stef

GDR!

rysiek

Peter Gutmann

rysiek

stef

rysiek

tags

participants (8)