Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CryptoParty Handbook

Jacob Appelbaum jacob at
Tue Oct 9 13:53:15 PDT 2012

> On 12-10-09 10:41 AM, Jacob Appelbaum wrote:
>> ttscanada:
>>> On 12-10-09 4:23 AM, Bernard Tyers - ei8fdb wrote:
>>>> Sending a PGP encrypted e-mail to you mom, should be as easy as
>>>> sending an un-encrypted e-mail to your mom. But the education of
>>>> why you should be sending an e-mail encrypted should also be given.
>>>> Granted, a valid threat-model should be explained, as a given.
>>> Thank you. I understand that this is a *crypto* party discussion -
>>> but I really hope the end result of this manual focuses on use cases
>>> and threat modeling as well as the technology.
>> I agree entirely. We need to look at the real uses. We should stop
>> degrading the hypothetical mom though, the question is about literacy
>> and to suggest that women are less literate is pretty offensive.
>> Obviously, it wasn't intended in that way but boy, I've certainly had
>> someone read me the riot act for saying that exact example.
> +1

I'm glad someone other than me appreciates the thought!

>>> Some ideas of security rely far more on technical contortions than
>>> real life assessment, the equivalent of entering a crowd wearing a
>>> flame retardant SWAT suit instead of just taking an alley. Secure
>>> anonymity is frequently the dead opposite of security based on trust
>>> networks such as pgp signed emails which depend on a real life
>>> identity being known and completely remove deniability or ease of
>>> frequently switching identities.
>> I think this is rather bogus. Anonymity, in terms of traffic analysis
>> resistance, as far as the local network is concerned is not in conflict
>> with identified services.
> Hmm. I was not clear. My point was that I would like to see the benefits
> of anonymity pointed out (as opposed to simply privacy) more often than
> it is. Of course traffic analysis is a major threat to anonymity, my
> concern is in encouraging people to think that they are somehow safe
> simply because the content of their emails is encrypted. We all know
> that people all over the world are suffering the consequences of simply
> pulling attention or association, no proof of content required. Trust
> networks are the antithesis of the type of anonymity required to combat
> pulling attention.

Well - traffic analysis happens at many levels and safety must be
evaluated from many perspectives. At the moment we have to take the hit
of email being bad for anonymous association because It Just Works. I
think jabber is a step in the right direction but just a bit.

*Exported* trust networks are seriously a threat - PGP has always had a
weird model. That said - it works well for Debian - where the only
security possible comes from a sort of buddy system and a long term
reputation that is only maintained with strong cryptographic pseudonyms.

>> I regularly sign or encrypt email with GPG that is sent with Thunderbird
>> (with TorBirdy) via Gmail over Tor. I do this because location anonymity
>> is important to me and without Tor's anonymity, gmail would know every
>> location and so too would my location be revealed by the headers in my
>> email. Additionally, I think this makes it harder to target a specific
>> MITM flaw in my email client - there were years where you could
>> downgrade the STARTTLS in some email clients. While a Tor exit node
>> might be able to do that if the flaw exists, the Tor exit node doesn't
>> know that I'm me automatically, so selective targeting becomes
>> significantly harder. Not impossible, of course.
>> Juts today - I was on a network that blocked chat services and what we
>> found was that most people didn't notice because their chat was running
>> over Tor with TLS, a few were going to Tor Hidden Services - only those
>> that felt they didn't "need anonymity" were impacted. Oh the irony of
>> thinking of the issue of anonymity as only personal privacy, rather than
>> the larger issue of traffic analysis, surveillance, filtering and
>> censorship.
> Yes, you are outlining two cases where you are communicating with people
> you know as a person known to them. I am suggesting we (as in large
> scale movements around the world) need to look more closely at data
> driven (as opposed to personality driven) models ... ie if/when Tribler
> gets onion routing working and an anonymous entity can drop data to a
> hashtag (instead of a person), this is to me a more secure communication
> model than one which relies on relationships between individuals, ie f2f
> or other. Then we have to deal with voice amplification and astroturfing
> issues, but it is the path I would rather proceed down than the trust
> networks being advocated by for instance, OWS which are fairly obviously
> problematic.

Well, sorta. I have quite a few jabber accounts and sometimes, one per
contact when I don't know them or when I do not want to be contacted at
all times. :)

With that said - I think GNUNet already does what you want re: hashtags
of data, doesn't it? I mean, you literally search for a SHA1
cryptographic hash - I guess GNUNet could call it a hashtag just for

> Of course this only applies to some specific instances such as large
> scale organizing; as I said, let's look at what is best in each case.
>>> Let's not lose track of the end goal, which is security not just
>>> security tools.
>> The end goal for me is about social justice and law alone has not and
>> will not produce social justice in isolation. We also need various
>> innovations working in concert with policies. We won't have security
>> without code to back it up - that is what we're seeing all over the
>> world with the massive expansion of surveillance and censorship. The
>> people, corporations, and governments running national firewalls were
>> supposedly doing it for benevolent reasons. As expected from historical
>> context, they're expanding their power and their impact, to benefit of
>> powerful stake holders, to keep their position and influence well
>> secured.
> Agreed, overcoming the guardian coupd'état is the real end goal.

That is absolutely epic.

All the best,

More information about the liberationtech mailing list