Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] What I've learned from Cryptocat

Jacob Appelbaum jacob at
Mon Aug 6 18:55:38 PDT 2012

Ali-Reza Anghaie:
> On Mon, Aug 6, 2012 at 9:08 PM, Jacob Appelbaum <jacob at> wrote:
>> Ali-Reza Anghaie:
>>> Except you're trying to solve a resource and environmental OPSEC
>>> problem while effectively reducing the available exfiltration surface
>>> (as it were) to a point where the adversary Nation-State (one use
>>> case) can shut it down even easier. And you're still not addressing
>>> the whole of the problem set an end-user in these hostile environments
>>> will face.
>> Huh?
>> If your internet cafe has a key logging or a screen logging system,
>> they're equal. If they can break SSL, you lose on the network.
> Let me try this again - sorry.
> If Cryptocat only works on fewer available systems because it's trying
> to build in more technical resiliency then it also becomes easier to
> shutdown in hostile environments (e.g. Iran). On top of that it also
> reduces the number of people capable of using it at all.

I think that's a false dichotomy. It still works - there is simply a
more secure alternative for users who can click a button. This also
allows for decentralized use where users don't have to trust the server
as much as they might trust Nadim's main server.

> I think I have to throw together a table w/ real-world use/region
> examples from say Iran to communicate it better. -Ali

Seems great.

All the best,

More information about the liberationtech mailing list