Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CryptoParty Handbook

Asher Wolf asherwolf at
Mon Oct 8 23:36:55 PDT 2012

On 9/10/12 9:46 AM, Jacob Appelbaum wrote:

> I'm sorry to say it but a lot of the users have been here for a while -
> most people that use crypto just don't know they're doing it.
> Ironically, if users don't get good advice, they'll just be in the same
> spot - thinking they're safe when they're not - all over again!

That's what we want to avoid.

> I think that the real changes belong in the platforms - anything that
> requires configuration is probably already doomed to fail and screw a
> user. 

That requires pushing developers to create user accessible, secure

>That's generally the approach that I've seen work - everything
> that requires 0) user education and 1) realistic honesty about threats
> or risks results in 2) denial or mistakes or a bork'ed tool shooting the
> user in the foot.

We don't know what we don't know. We're asking for help, and I at least,
appreciate your imput.

> Since clearly a few loud people were bent out of shape by my comments -
> they have no idea that I encouraged you or tried to help out; so let me
> set the record straight: go you!

Thanks, I appreciate the support. All of your contribution is appreciated.

> I think it is *great* to make the book and I think it is great to do it
> with a set of unifying principles - it will help to ensure that good
> stuff gets into the book and crappy stuff stays out of the book or is so
> noted as crappy or contentious. I think that means that peer review is
> essential before rushing to publish.

Agreed, and I did voice concerns at the short deadline for publishing.

> I really encourage you to put in a few chapters about the following:
>  social and technical compartmentalization
>  targeted exploitation realities (from Core Impact to Metasploit)
>  threat modeling
>  intention/goal based risk analysis
>  physical security risks
>  practical information on real surveillance/censorship systems
>  getting involved
>    going from a user (to a translator or...) to a developer
>  outlining the currently missing tools that we need to build

This list is appreciated. Thank you for the feedback.

More information about the liberationtech mailing list