Tox.im

[Yaron Greenwald]

On 02/03/2015 08:40 PM, Markus Ottela wrote:
>> Those people do not have the privilege of having a desk with 3
>> laptops, they
>> often don't even have damn ADMIN RIGHTS on their laptop. Giving them a
>> tool
>> that works on their (insecure, I agree!!) platforms and yet LOWERS their
>> exposure actually can save lives.
> If you're not in control of the laptop, you shouldn't be trusting your
> life on it; Tox does very little if there's a keylogger present, neither
> does TFC if you're not in control of the two TCB computers.

Why is it that everyone here rocks at threat models as long as they get
to own a computer. Why is it that everyone here can consider everything
from if a Global Passive Adversary is directly targeting you to if your
next door neighbor is doing, I dunno, Van-Eck Phreaking or something
like that, but can't *possibly* consider the use case of "my government
can break into any computer it wants, and I'm running from netcafe to
netcafe, and just need them to not be able to find me for the next one
or two weeks".

A keylogger only compromises you once they find the logs to read --

But say they've got a thumb drive with their data and software, two legs
(or one, or none, depending, I suppose), a car, and the driving will to
*keep running and fighting*.

"You shouldn't be trusting your life" my rear. Half of these people are
expecting a knock on their door every day. You think they're gonna just
give up because they can't be Perfectly Cryptographically Secure?

So we can give up on them, or we can give them whatever help they can
get. Two. Choices.


...sorry for ranting. But, like, could we *please* at least consider
scenarios where people don't control their computer? Instead of just
totally dismissing them off-hand? Like, there *is* stuff they can do,
and there *is* stuff we can do for them. And it's just... *wrong* to
just say "go hang".