Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Re: When It Comes to Human Rights, There Are No Online Security Shortcuts | Threat Level | Wired.com

Nadim Kobeissi nadim at nadim.cc
Fri Aug 10 17:56:30 PDT 2012


And my reply:
Dear Patrick,
Your reply has lead me to be capable of better appreciating and
evaluating your perspective. Thanks for clarifying your point of view.
I encourage you to keep an eye on how Cryptocat evolves and hope
you'll find our improvements worthwhile.

Regards,
NK

NK


On Fri, Aug 10, 2012 at 1:08 PM, Katrin Verclas <katrin at mobileactive.org> wrote:
> ---------- Forwarded message ----------
> From: "Patrick Ball" <pball at benetech.org>
> Date: Aug 10, 2012 3:47 PM
> Subject: Re: [liberationtech] When It Comes to Human Rights, There Are No
> Online Security Shortcuts | Threat Level | Wired.com
> To: "Nadim Kobeissi" <nadim at nadim.cc>
> Cc: "Katrin Verclas" <katrin at mobileactive.org>
>
> [Katrin: again, your call whether to repost to the list]
>
> Nadim,
>
> Sorry about the photos. Given that there's a pretty prominent photo of you
> at Wired, you must know that we do not control whether or which photos Wired
> puts up. That's simply their style.
>
> I've spent a lot of my life building Martus, and that's the solution I think
> best serves the community I work with. Other tools may contribute in the
> future, and we're busy collaborating as much as we can to integrate our tool
> with Tor, Guardian, and some non-security data collection stuff. In my
> experience, the best chance of getting users to adopt crypto it to build it
> into an application they already want to use. We're doing that with the
> tools human rights activists use for data collection and analysis.
>
> I hope you continue with your research to build new tools. There are many
> months (indeed, person-years) of testing between cool ideas and production
> code that non-technical users can trust. I wish the discussion I'm watching
> on libtech had a bit more consideration of making sure code is solid before
> shipping it to the world. That's the point I pushed you about in my previous
> message.
>
> My op-ed addresses existing tools offered as secure to our community. Singel
> said these tools (in particular Hushmail) are good for human rights
> activists. I think that's a terrible idea, and that's what I said.
>
> I appreciate your invitation to the technical conversation, but that's not
> really what I do. It's not my job to fix Cryptocat.  Nor do you need my
> help! I think you're well on your way, and you have far abler assistance
> than I could provide.
>
> It is part of my job to help the human rights community use good crypto
> tools. I've built and supported Martus for 10 years, and we have a thriving
> user community all over the world. In Martus, we didn't invent any piece of
> the crypto. We used standard, well-tested algorithms (from BouncyCastle) and
> standard protocols. We're not computer scientists or number theory guys. My
> team are software engineers, and we know that we're not competent to invent
> new crypto. Our job is to build a tool that meets a need we know about from
> our users, and we're pretty happy with how it's going.
>
> Re experts: I'm contrasting myself with *journalists* -- and most sharply,
> with Singel's remark about Hushmail which is what motivated my op-ed. By
> expert, I would certainly include you, Jake, moxie, and the other serious
> computer scientists on the libtech list. My apologies if this is unclear.
>
> Again, my best wishes in your R&D, and I look forward to your next ideas --
> PB.
>
>
> On 10 Aug 2012, at 12:28, Nadim Kobeissi wrote:
>
>> Patrick,
>> Thanks for your well-wishes, but I'm under the impression that
>> actually participating in the conversation and technical debate would
>> be far, far more productive than ample servings of high-level
>> gratuitous formality. It's one thing to compliment Jake and I on the
>> research we're doing and then writing an article that almost fully
>> does not pay heed to it, and entirely another to actually delve into
>> that discussion yourself instead of ignoring it in favor of a piece
>> with a picture of yourself at its top and two paragraphs on how
>> experts like you need to be consulted at its bottom.
>>
>> There's a certain amount of honest contribution that I'm expecting
>> here, and your article, while better than most that have surrounded
>> this topic, would have been better served actually contributing to the
>> conversation that *is* fixing Cryptocat, instead of dismissing it
>> entirely in favor of things less worthwhile.
>>
>> NK
>>
>>
>> On Fri, Aug 10, 2012 at 12:21 PM, Patrick Ball <pball at benetech.org> wrote:
>>> [Katrin: feel free to repost to the list if you want, the traffic is too
>>> high so I don't want to join. I lurk occasionally.]
>>>
>>>
>>> Nadim,
>>>
>>> Research is great, and I am personally delighted you're doing it. Great
>>> things may come of it, and the notes in the later part of the thread to
>>> which Katrin alludes are very interesting. As I noted in the op-ed, the
>>> browser extension may mature into a really useful tool -- once it's been
>>> tested and reviewed and tested some more.
>>>
>>> For the meantime: mark it alpha. In a giant, blinking font write: "not
>>> for use by people who are really at risk." Writing "with some limitations"
>>> is insufficient warning to non-technical users in a space where the risks
>>> are this high. Leaving it up with the implication that it's tested software
>>> that people at risk can depend on is irresponsible.
>>>
>>> It's really cool that you and Jake and others are thinking up neat ideas
>>> at dinner. You're both very smart and creative guys, and that's a great
>>> place to start. It's not something you should then make public for
>>> vulnerable people to depend on.
>>>
>>> Schneier taught me years ago that security is really really hard. We
>>> can't trust it until we've tested every which way anyone in good or bad
>>> faith can think up. Even then, there might always be another crack, but our
>>> confidence increases with each positive review and new attack our tool
>>> withstands. Your browser extension may get there, but it's a ways off yet. I
>>> hope you persist. Good luck.
>>>
>>> -- PB.
>>>
>>>
>>> On 10 Aug 2012, at 12:07, Katrin Verclas wrote:
>>>
>>>> Patrick, care to comment? You might also want to review the conversation
>>>> on the libtech list (all 62 messages) where a lot of issues related to
>>>> Cyrptocat and security and activism has been discussed in great detail, and
>>>> with a lot of thought and care.
>>>>
>>>> (And, for the record, I have no editorial judgement one way or another -
>>>> really just shared a link here.  I have appreciated, however, the really
>>>> good conversation on this on libtech)
>>>>
>>>> Katrin
>>>>
>>>> On Aug 10, 2012, at 2:40 PM, Nadim Kobeissi wrote:
>>>>
>>>>> I'm sorry to have to say this, but this piece seems to expressly
>>>>> ignore a lot of the research and discussion that's already happened
>>>>> about Cryptocat and (I'm sorry) is very self-promotional of Ball and
>>>>> Martus. The discussion around improving code delivery, which has been
>>>>> going on for months, is completely ignored and instead there's a
>>>>> picture of Patrick Ball in an article in which he asks Cryptocat to
>>>>> 'consult experts.' If Mr. Ball had bothered weighing into any
>>>>> conversation before writing this piece, or contacting me at all, I
>>>>> would perceive the article as far more honest.
>>>>>
>>>>> NK
>>>>>
>>>>>
>>>>> On Fri, Aug 10, 2012 at 6:15 AM, Katrin Verclas
>>>>> <katrin at mobileactive.org> wrote:
>>>>>> and Ball from Martus/Benetech weighs in...
>>>>>>
>>>>>>
>>>>>> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> liberationtech mailing list
>>>>>> liberationtech at lists.stanford.edu
>>>>>>
>>>>>> Should you need to change your subscription options, please go to:
>>>>>>
>>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>>>
>>>>>> If you would like to receive a daily digest, click "yes" (once you
>>>>>> click
>>>>>> above) next to "would you like to receive list mail batched in a daily
>>>>>> digest?"
>>>>>>
>>>>>> You will need the user name and password you receive from the list
>>>>>> moderator
>>>>>> in monthly reminders. You may ask for a reminder here:
>>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>>>
>>>>>> Should you need immediate assistance, please contact the list
>>>>>> moderator.
>>>>>>
>>>>>> Please don't forget to follow us on
>>>>>> http://twitter.com/#!/Liberationtech
>>>>
>>>>
>>>> Katrin Verclas
>>>> MobileActive.org
>>>> katrin at mobileactive.org
>>>>
>>>> skype/twitter: katrinskaya
>>>> (347) 281-7191
>>>>
>>>> Check out SaferMobile.org
>>>> Using Mobile Technology More Securely. For Activists, Rights Defenders,
>>>> and Journalists.
>>>> https://safermobile.org
>>>>
>>>> MobileActive.org: A global network of people using mobile technology for
>>>> social impact
>>>> http://mobileactive.org
>>>>
>>>>
>>>>
>>>
>>
>>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list moderator
> in monthly reminders. You may ask for a reminder here:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech



More information about the liberationtech mailing list