[liberationtech] Wickr: Can the Snapchat for Grown-Ups Save You From Spies?

Tue Mar 5 12:48:42 PST 2013

What Andrew said.  And anyone who glibly says that people's lives can rely
on the privacy of their software like that is lying, naive, and/or stupid,
to be blunt.

We had releases in the wild of Tor we knew people were using (and may still
be) that are out of date and we know are security compromised - and we have
no way to reach every one of those people ever (nor would she even with
registered users necessarily) to make them update, and it makes me weep.

So every release you sweat because, if there's a security compromise, an
exploit found, a bug somewhere (and hey even my archgeeks are only human ;)
-- I mean, Roger Dingledine, Nick Mathewson and Andrew are angels.

How many release engineers have to worry if they miss something, people
could get hauled away from their families, tortured, and/or killed?  It may
not be the commonest case of some person using it for pedestrian daily
privacy, but it is our critical case that we must model and plan for - and
understand and empathize with -  and it's thousands of activists,
journalists, and so on.

No glib "yes" answers please.  If you aren't losing sleep you don't get
it.  Write social apps for suburbia, where you can lie or be naive or be
stupid and it won't stand out.  In the "Zynga" community of practice that
seems to be normative at least - not that it's good for society either,
but perhaps it's habit forming, sheep and shepherd.

Don't do "social app" marketing to activists.  Do risk assessment and
education.

Open your source, do not register your users (either they give you real PID
which you can be forced to give up, or it's encouraging them to break TOS
on probably a US email provider - which in any US service makes any
activist a felon under the US law Aaron Swartz was accused under - this is
my current area of research).

Yrs,
----

Shava Nerad
shava23 at gmail.com
On Mar 5, 2013 1:48 PM, <liberationtech at lewman.us> wrote:

> On Tue, 5 Mar 2013 10:16:12 -0800
> Yosem Companys <companys at stanford.edu> wrote:
>
> > The cautionary tale that many reference is the case of Hushmail, an
> > encrypted mail service that used to claim that "not even a Hushmail
> > employee with access to our servers can read your encrypted email,
> > since each message is uniquely encoded before it leaves your computer"
> > b words that echo Wickr's own proclamations. Sell tells Mashable that
> > Wickr's "architecture eliminates backdoors; if someone was to come to
> > us with a subpoena, we have nothing to give them."
>
> They can, and will, be asked for "envelope data". Since wickr requires
> you create an account, they know who is communicating with whom, when,
> how often, and how much data. They may even know the file names
> transferred, even if they don't know the contents. They get to learn
> your email address and your IP addresses. This alone lets them build a
> nice social network map of you.
>
> As it's running on a mobile phone, wickr can learn GPS location, cell
> tower, altitude and lots of other data provided by the phone itself
> (name, contacts, etc) if they want to do so.
>
> And as a final thought, they will get preservation requests for
> messages from law enforcement. Since you're storing content on their
> servers, even if you think you control how long, they can copy off the
> messages (also for backups) for law enforcement.
>
> --
> Andrew
> http://tpo.is/contact
> pgp 0x6B4D6475
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE