Search Mailing List Archives
[liberationtech] What I've learned from Cryptocat
dal at riseup.net
Tue Aug 7 08:53:31 PDT 2012
Moxie Marlinspike <moxie at thoughtcrime.org> wrote:
>> However, my position is that Google Chat is currently more secure
>> than CryptoCat. To be more specific, if I were recommending a chat
>> tool for activists to use, *particularly* outside of the United
>> States, I would absolutely recommend that they use Google Chat
>> instead of CryptoCat. Just as I would recommend that they use GMail
>> instead HushMail.
>> The security of CryptoCat v1 is reducible to the security of SSL, as
>> well as to the security of the server infrastructure serving the
>> page. Any attacker who can intercept SSL traffic can intercept a
>> CryptoCat chat session, just as any attacker who can compromise the
>> server (or the server operator themselves) can intercept a CryptoCat
>> chat session.
Maxim Kammerer replied:
> Are you equating passive attacks with active attacks? If I understand
> how CryptoCat works correctly, it is resistant against passive
> interception attacks, whereas Google Chat stores cleartext on Google
> servers, which are easily accessible to law enforcement. Active
> attacks against SSL can be mitigated by pinning CryptoCat
> certificates, so you are left with what, compromise of server
> infrastructure? That requires LE jurisdiction where the servers are
> located, domain expertise, and dealing with the risk that the
> compromise is detected. All that vs. Google servers, which, if I
> remember right, provide a friendly interface to user accounts once
> served with a simple wiretapping order (and as has been already
> mentioned, Google is a multinational corporation, subject to a
> multitude of jurisdictions, and is known to bend over for whoever is
> in charge).
Maxim's comments match my thoughts with regards to both current
Cryptocat over SSL and my analogy to Riseup webmail over SSL.
If Riseup does what they say they do, emails sitting on their servers
are not mined for advertising or LE (unlike Facebook chat, or as Maxim
suggests, gmail); their servers do not log IPs; IPs are not embedded in
emails; and outgoing emails to other secure email providers are
Furthermore, it appears Riseup plans encryption for stored emails on
their servers in the future. Such a scheme would make the emails
difficult for LE, or more broadly, attackers, to get, even with a
warrant -- not only would they have to obtain forced decryption power,
which I don't think they have as of yet in the US, but also Riseup might
not be able to provide the relevant keys in any case. (That the NSA has
copies is a vulnerability, but perhaps not a relevant one, as to my
knowledge LE can't introduce NSA copies as evidence.)
Similarly with current Cryptocat over SSL: if the server and server
operator do what they say they do, there aren't data-mining operations
going on for the benefit of LE or advertisers.
Both Riseup and current Cryptocat over SSL rely on good SSL connections
and also trust that the server and server operator aren't compromised
(including incorrect implementations). Those 3 dependencies are far from
ideal, but at least the risk calculations are ones some activists
without access to OTR or PGP or their own .mx can make. Better than
known bad actors, known bad servers.
Maybe my technical understanding is lacking something here, but I
believe the above to be correct.
More information about the liberationtech