Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] What I've learned from Cryptocat

Jacob Appelbaum jacob at appelbaum.net
Mon Aug 6 18:08:10 PDT 2012


Ali-Reza Anghaie:
> On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> The problem is that the little bit is effectively zero.
>>
>> What's the difference between Facebook chat over SSL and Cryptocat over SSL?
>>
>> Without a browser extension/plugin - there is little to no difference.
>>
>> You have to trust the server and the server operator to not be a bad
>> actor in both cases.
> 
> Except you're trying to solve a resource and environmental OPSEC
> problem while effectively reducing the available exfiltration surface
> (as it were) to a point where the adversary Nation-State (one use
> case) can shut it down even easier. And you're still not addressing
> the whole of the problem set an end-user in these hostile environments
> will face.

Huh?

If your internet cafe has a key logging or a screen logging system,
they're equal. If they can break SSL, you lose on the network.

> 
> I think a "step back" needs to be taken and look at the sum of
> problems the various tiers of activists encounter - and which ones we
> can truly solve remotely. Unfortunately almost none of them start w/
> technical solutions. -Ali
> 

Sure, I generally agree about the need for perspective.

All the best,
Jake



More information about the liberationtech mailing list