Search Mailing List Archives
[liberationtech] What I've learned from Cryptocat
liberationtech at lewman.us
liberationtech at lewman.us
Wed Aug 8 06:37:08 PDT 2012
On Tue, Aug 07, 2012 at 05:18:02PM -0700, erik at sundelof.com wrote 4.7K bytes in 111 lines about:
:partial defenses using any technology tool. I may feel too strong about
:tools being discussed as THE solution or THE bulletproof vest so to speak.
I'm not picking on you Erik, but this comment finally struck me
about what's bothered me with this debate. There is no such thing as 'the
bulletproof vest'. I think this is what some have been trying to
say, too. Bulletproof vests, like safes, are misnamed for marketing
purposes. Bulletproof vests are rated for resistance against classes and
types of ammunition. Personally, I think computer security tools need
to be more easily identified and rated on a scale for their resistance
to specific threat models.
Way too many security people assume the perfect adversary, which even the
NSA, FSB, MSS, or other national intelligence agencies could never live
up to (but they will sure help you believe they are perfect). With a
perfect adversary, all is lost. On a theoretical level, a perfect
adversary is a fine goal to defeat. On a practical level, a perfect
adversary doesn't exist.
Bulletproof vests are rated based on type of ammunition, distance from
shooter, how many repeated strikes it will survive, and how much force is
transmitted to the wearer per strike. Any professional physical security
person will understand the trade-offs between desired resistance, vest
weight, and likely risks. The material choice matters as well, as kevlar
or armored plate perform differently. Generally, these professionals will
explain to you how the bulletproof vest protects you and when it doesn't.
People are horrible at assessing risk. Give someone a basic local-police
quality bulletproof vest with no explanation and they feel they are
invulnerable and adjust their risk-taking accordingly. If you explain
to them that the vest will last for one, maybe two, shots from a .45
and that FMJ rounds will go right through it, and that anything from a
1m range will likely knock you out from the concussive force of impact,
suddenly this person adjusts their expectations and behavior. The
bulletproof vest suddenly seems less bulletproof and the wearer
understands the risks.
In general, when working with someone (activists, law enforcement,
abuse victims, teenagers, etc) I try to understand their threat model,
explain what solutions work when, and why nothing is perfect. Ultimately,
the person is the one that needs to make the risk assessment and adjust
accordingly. My risk acceptance is different from theirs. I can't make
the decision for them.
There is no ultimate tool for security, just different tools for different
needs in your toolbox. Some tools are better than others along a scale. If
it is easier to understand threat models and resistance against them,
everyone would be better off.
More information about the liberationtech