Search Mailing List Archives
[liberationtech] What I've learned from Cryptocat
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Aug 13 09:38:25 PDT 2012
On 8/7/12 3:30 PM, Tom Ritter wrote:
> Yes, yes, yes. There is a *tremendous* amount of implicit and
> unmentioned TRUST in the person operating the service or relying on
> the software. That's why anyone would use RedPhone, TextSecure or
> WhisperCore back when it was closed source. Because people *trusted*
I was writing a response when i read you email explaining the same
concept about the TRUST.
I 100% subscribe your point, and would like to add something about
"average users and trusts".
The average user (a very stupid, dumb user but with very strong
political commitment in freedom fighting) will always trust the website
We CANNOT FIX that problem in any technical/cryptographic way.
That kind of user will do whatever the "server operator"/"website" will
tell/ask him to do.
If the "server operator" will tell that kind of user :
"Hey, install this plug-in, because it's much more
then the users will click to install the plug-in.
Now the user fully delegate his trust to the operator that delivered him
a backdoored plugin.
So it's a chicken-egg problem, you cannot just fix from technical point
We can only have good practice, making whatever is possible, communicate
the risks in a clear way, teach people to be more aware and pay
attention to various risks.
But imho we cannot technically fix that problem.
For that reason there is a ticket about creating "Portable CryptoCat
Servers", that can be easily installed on Desktop computers, so that
"group of people with relative trust among them" will be able to use
their own servers on Tor Hidden Services (or via Tor2web)
With many CryptoCat servers working within an XMPP Federated approach,
with Riseup having it's own CryptoCat installation, but also a a small
activist group with their own CryptoCat installation, all of them
standalone or federated.
I like to see CryptoCat security in that context of
setup/operations/distribution, with *partially delegated* trust to the
server operator (that it's better than *fully delegated trust* to server
More information about the liberationtech