Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] What I've learned from Cryptocat

Jacob Appelbaum jacob at
Mon Aug 6 18:08:10 PDT 2012

Ali-Reza Anghaie:
> On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum <jacob at> wrote:
>> The problem is that the little bit is effectively zero.
>> What's the difference between Facebook chat over SSL and Cryptocat over SSL?
>> Without a browser extension/plugin - there is little to no difference.
>> You have to trust the server and the server operator to not be a bad
>> actor in both cases.
> Except you're trying to solve a resource and environmental OPSEC
> problem while effectively reducing the available exfiltration surface
> (as it were) to a point where the adversary Nation-State (one use
> case) can shut it down even easier. And you're still not addressing
> the whole of the problem set an end-user in these hostile environments
> will face.


If your internet cafe has a key logging or a screen logging system,
they're equal. If they can break SSL, you lose on the network.

> I think a "step back" needs to be taken and look at the sum of
> problems the various tiers of activists encounter - and which ones we
> can truly solve remotely. Unfortunately almost none of them start w/
> technical solutions. -Ali

Sure, I generally agree about the need for perspective.

All the best,

More information about the liberationtech mailing list