[liberationtech] What I've learned from Cryptocat
Dan Auerbach
dan at eff.org
Tue Aug 7 09:02:20 PDT 2012
Making an informed decision as a user or a developer when it comes to
real-world tradeoffs between usability and security of course hinges
upon your threat model. I think this is ultimately an empirical question
-- we should be aiming to create a taxonomy of various actual tools
packaged and sold by companies like FinFisher, beyond just the
brochures. For example, Morgan and Citizen Lab did an excellent analysis
recently of FinSpy (in case you missed it:
http://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/).
Expanding this research and getting an inside view into the industry
will help everyone make non-speculative decisions about threat models.
It's a difficult problem -- getting this inside view -- but it seems
worthwhile. Is anyone working towards compiling such a list?
And I'll just add that I agree with Moxie about recommending gchat over
cryptocat for users in jurisdictions where Google is unlikely to hand
over information to LE. However, even in this case it may not be so
black and white. The FinSpy software mentioned above, for example, may
intercept Google's chat traffic because it's a popular service, and may
ignore cryptocat because it is relatively unknown. This isn't an
argument that cryptocat v1 is a tenable long-term alternative, but just
shows that it's very difficult to be maximally protect every single user
when it comes to real-world recommendations.
Finally, I'll just support the idea that usability is critical and the
burden of making something usable should always be on the developer,
never on the intelligence or know-how of the user. Although I agree
cryptocat v1 has significantly more security issues than v2, I think the
sacrifice in usability moving to v2 is significant and I'd hypothesize
that installing an extension is much harder for people than visiting a
website. Though, again, it's an empirical question that can be answered
rigorously through user experience research.
On 08/07/2012 08:02 AM, Maxim Kammerer wrote:
> On Tue, Aug 7, 2012 at 4:21 AM, Moxie Marlinspike
> <moxie at thoughtcrime.org> wrote:
>> However, my position is that Google Chat is currently more secure than
>> CryptoCat. To be more specific, if I were recommending a chat tool for
>> activists to use, *particularly* outside of the United States, I would
>> absolutely recommend that they use Google Chat instead of CryptoCat.
>> Just as I would recommend that they use GMail instead HushMail.
>>
>> The security of CryptoCat v1 is reducible to the security of SSL, as
>> well as to the security of the server infrastructure serving the page.
>> Any attacker who can intercept SSL traffic can intercept a CryptoCat
>> chat session, just as any attacker who can compromise the server (or the
>> server operator themselves) can intercept a CryptoCat chat session.
> Are you equating passive attacks with active attacks? If I understand
> how CryptoCat works correctly, it is resistant against passive
> interception attacks, whereas Google Chat stores cleartext on Google
> servers, which are easily accessible to law enforcement. Active
> attacks against SSL can be mitigated by pinning CryptoCat
> certificates, so you are left with what, compromise of server
> infrastructure? That requires LE jurisdiction where the servers are
> located, domain expertise, and dealing with the risk that the
> compromise is detected. All that vs. Google servers, which, if I
> remember right, provide a friendly interface to user accounts once
> served with a simple wiretapping order (and as has been already
> mentioned, Google is a multinational corporation, subject to a
> multitude of jurisdictions, and is known to bend over for whoever is
> in charge).
>
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list