Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] What I've learned from Cryptocat

Dan Auerbach dan at
Tue Aug 7 09:02:20 PDT 2012

Making an informed decision as a user or a developer when it comes to
real-world tradeoffs between usability and security of course hinges
upon your threat model. I think this is ultimately an empirical question
-- we should be aiming to create a taxonomy of various actual tools
packaged and sold by companies like FinFisher, beyond just the
brochures. For example, Morgan and Citizen Lab did an excellent analysis
recently of FinSpy (in case you missed it:
Expanding this research and getting an inside view into the industry
will help everyone make non-speculative decisions about threat models.
It's a difficult problem -- getting this inside view -- but it seems
worthwhile. Is anyone working towards compiling such a list?

And I'll just add that I agree with Moxie about recommending gchat over
cryptocat for users in jurisdictions where Google is unlikely to hand
over information to LE. However, even in this case it may not be so
black and white. The FinSpy software mentioned above, for example, may
intercept Google's chat traffic because it's a popular service, and may
ignore cryptocat because it is relatively unknown. This isn't an
argument that cryptocat v1 is a tenable long-term alternative, but just
shows that it's very difficult to be maximally protect every single user
when it comes to real-world recommendations.

Finally, I'll just support the idea that usability is critical and the
burden of making something usable should always be on the developer,
never on the intelligence or know-how of the user. Although I agree
cryptocat v1 has significantly more security issues than v2, I think the
sacrifice in usability moving to v2 is significant and I'd hypothesize
that installing an extension is much harder for people than visiting a
website. Though, again, it's an empirical question that can be answered
rigorously through user experience research.

On 08/07/2012 08:02 AM, Maxim Kammerer wrote:
> On Tue, Aug 7, 2012 at 4:21 AM, Moxie Marlinspike
> <moxie at> wrote:
>> However, my position is that Google Chat is currently more secure than
>> CryptoCat.  To be more specific, if I were recommending a chat tool for
>> activists to use, *particularly* outside of the United States, I would
>> absolutely recommend that they use Google Chat instead of CryptoCat.
>> Just as I would recommend that they use GMail instead HushMail.
>> The security of CryptoCat v1 is reducible to the security of SSL, as
>> well as to the security of the server infrastructure serving the page.
>> Any attacker who can intercept SSL traffic can intercept a CryptoCat
>> chat session, just as any attacker who can compromise the server (or the
>> server operator themselves) can intercept a CryptoCat chat session.
> Are you equating passive attacks with active attacks? If I understand
> how CryptoCat works correctly, it is resistant against passive
> interception attacks, whereas Google Chat stores cleartext on Google
> servers, which are easily accessible to law enforcement. Active
> attacks against SSL can be mitigated by pinning CryptoCat
> certificates, so you are left with what, compromise of server
> infrastructure? That requires LE jurisdiction where the servers are
> located, domain expertise, and dealing with the risk that the
> compromise is detected. All that vs. Google servers, which, if I
> remember right, provide a friendly interface to user accounts once
> served with a simple wiretapping order (and as has been already
> mentioned, Google is a multinational corporation, subject to a
> multitude of jurisdictions, and is known to bend over for whoever is
> in charge).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list