Pond and Keybase [was peerio.com]

Mirimir mirimir at riseup.net
Wed Jan 14 15:40:37 PST 2015


On 01/14/2015 03:09 PM, Cathal Garvey wrote:
>> So it would be prudent to use pseudonyms, and to access via some mix
>> of VPN(s), JonDonym and Tor (according to ones need for anonymity vs
>> speed). And using devices with removable local storage, there would be
>> no traces to be inspected by adversaries.
> 
> Well, I use my real name in most places and communicate a lot with
> real-world friends and family by email, su using Peerio is therefore a
> step up in security for me even if I continue to go by my usual name and
> use my usual IPs.
> 
> If you need hard anonymity, this is only a marginal gain over regular
> email because metadata (when, who, how, where) is a significant threat
> to anonymity. So yea, use a burner email when setting up a peerio
> account (no longer required after setup, probably a throwback to
> email-as-salt in miniLock plus contact discovery by known email
> address), then use through Tor (do research whether websockets are
> tor-safe?).
> 
>> Cool. But still, how is peerio more secure spideroak, for example?
> 
> Spideroak appears to be more about file storage and sync, whereas Peerio
> seems to me to simply be a better approach to server:client email. It's
> down to the bone: message-passing with attachments, and a nice UI.

How about Pond as email replacement?

> As a crypto-app, it's targeted at the mainstream, and people who
> interact with the mainstream. People on this list will have better, more
> secure ways of communicating, but Nadim (to his credit) excels at making
> crypto-apps that can appeal to normal users while adding a significant
> privacy. It's an easier sell from "us" to "them".

I'm curious what you (and others here) think about Keybase, which also
seems heavily targeted at normal users. There was some discussion here
in mid 2014, but Keybase has been tweaked a lot since then. I'm quite
impressed with its usability, but I don't have the expertise to properly
evaluate its security. I am uncomfortable with the option of uploading
private GnuPG keys, and counting on symmetric encryption for securing
them. Better I think would be helping users understand how to properly
migrate keys between devices, or perhaps to use smartcards.

> On 14/01/15 21:52, Mirimir wrote:
>> On 01/14/2015 01:01 PM, Cathal Garvey wrote:
>>> Well, anyone with a brain knows they do, and that statements from a US
>>> company are meaningless because nobody wants to go to jail over an NSL.
>>
>> :)
>>
>>> What a top-level observer can see (AFAIK) is who's logged in, probably
>>> what their username/keyID is, and how much they're talking to the
>>> server.
>>>
>>> Because peerio uses miniLock formatted messages, the potential exists
>>> for minimal-knowledge service, but from the github docs it seems the
>>> server maintains an entry for which user is allowed to access which
>>> encrypted files, and therefore reveals to an observer who's the
>>> recipient.
>>>
>>> So, it's a metadata-rich service, little better in that regard than
>>> email.. although the encryption is pretty well designed and unless you
>>> set up a "PIN" there's no permanent storage of private keys even on your
>>> computer, so it's also quite secure when crossing borders.
>>
>> So it would be prudent to use pseudonyms, and to access via some mix of
>> VPN(s), JonDonym and Tor (according to ones need for anonymity vs
>> speed). And using devices with removable local storage, there would be
>> no traces to be inspected by adversaries.
>>
>> Cool. But still, how is peerio more secure spideroak, for example?
>>
>>> Also, there is a feature that clearly relies on compliant clients, where
>>> you can delete files from the server including copies sent to clients.
>>> Obviously if the attached files are downloaded from the system, this
>>> can't reach them, but it will destroy any "authenticated" copies of the
>>> messages from the server, if it works (you're trusting the server).
>>> OPSEC wise, this is a nice feature because it means you can clean up
>>> after yourself and keep the authenticated-data-at-rest on either end of
>>> a conversation to a minimum.
> 



More information about the cypherpunks mailing list