Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] What I've learned from Cryptocat

Moxie Marlinspike moxie at
Mon Aug 6 18:45:17 PDT 2012

On 08/06/2012 06:22 PM, Douglas Lucas wrote:
> Is not Riseup accessed over SSL webmail a comparable analogy to current
> Cryptocat? And yet activists without their own .mx trust Riseup, and no
> one says there's little to no difference between Facebook email and
> Riseup email.

I actually disagree with your premise.  I don't see Riseup as a
"security" project, but as a project that's value is in self-sufficiency
and self-control.

This might be an unpopular opinion, but if I were talking with an
activist, and they wanted to strictly prioritize the *security* of their
email without any other consideration, I would recommend GMail over
Riseup.  Again, no offense to the awesome people at Riseup, but I
believe that Google has probably done a better job in maintaining their
SSL infrastructure, server security, and authentication systems (2FA, etc).

I think this even applies to activists in the US.  I don't think it has
ever happened, but I don't expect the members of Riseup to go to jail
for me if they were ever presented with a warrant for my stored emails.
 Or, as with the box that was recently seized, the US government might
not even ask first.

- moxie


More information about the liberationtech mailing list