[liberationtech] What I've learned from Cryptocat

Ali-Reza Anghaie ali at packetknife.com
Mon Aug 6 17:53:48 PDT 2012

On Mon, Aug 6, 2012 at 8:43 PM, Jillian C. York <jilliancyork at gmail.com> wrote:
> It's difficult.  I'm not a technologist, but I understand the issues and the
> user needs well.  My "type," I'd surmise, is few and far between.

The problem isn't that your type is few and far between - the problem
is that InfoSec has almost wholly ignored ESTABLISHED activists. As if
the techniques, acceptable risk levels, etc. are new issues. They're
simply not.

> Security experts have obvious reasons for being conservative, and I get
> that.  Nevertheless, there are a lot of users who would benefit from a
> little bit of added security.  The question, then, as I see it, is:
> How do we provide that little bit while still making users aware of risks?

It's been my experience that providing these risks in-band is just not
doable - and the target end-users don't have time to worry about it.
So OPSEC has to be something that tools like Cryptocat don't assume
responsibility for. These is InfoSec sacrilege but it's the way
activists have traditionally had to work in the first place. As an
example, lets say w/ Iran, you're never - ever - going to be able to
address the OPSEC concerns of a given Internet cafe. What you can do
instead is provide a tool that works from every possible cafe and
trust the end-user to manage the OPSEC of their surroundings such that
perimeter controls, MITM risks, etc. are mitigated another way.

If that's not tenable for Nadim or his particular crowd then a shift
from developer to activist needs to be made. Just like any other
process, the product isn't out their for product's sake - it has
"customers".. and it's not those people who think they need an easier
lazier option to setting up OTR or PGP.

BTW, you're not without understanding and support in the Security
community. Meredith Patterson among others have batted this around
with me on Twitter - and understand the economics of the situation

Good luck Nadim and friends, -Ali
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list