Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] My CPJ blog: Lessons from the Cryptocat debate

Brian Conley brianc at smallworldnews.tv
Tue Sep 11 14:04:26 PDT 2012


Nadim,

I'm quite confused about your frustration and your ire.

Excluding the fact that the title references Cryptocat, the main focus of
the blogpost is restated in the conclusion:

"The lesson of Cryptocat is that more learning and collaboration are
needed. Donors, journalists, and technologists can work together more
closely to bridge the gap between invention and use."

It's not about whether or not Cryptocat is a good or useful tool, Frank is
using Cryptocat as a device to initiate discussion about this: "These
days--20 years into what we now know as the Internet--usability testing is
key to every successful commercial online venture. Yet it is rarely
practiced in the Internet freedom community."

Would you really disagree?

Secondly, I guess its possible that I'm the only one ignorant of this, but
I can't recall *ever* hearing of @innonews and a quick reference shows that
they have 61 followers, one might consider them to be leveraging "trolling"
to generate traffic.

Thirdly, people will stop taking you seriously if you can't take yourself
seriously enough to ignore criticism and learn only from critiques. A
critique is where someone looks at your work and offers nuanced suggestions
as to what you might do differently, critics themselves are often simply
self-aggrandizing. Most of what I have read in the media criticizing
Cryptocat has been just that, criticism and self-aggrandizement.

It was great to meet in person, and I look forward to seeing what you come
up with. I for one am quite excited and inspired by your efforts, and look
forward to what you come up with next.

Brian


On Tue, Sep 11, 2012 at 12:53 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Thanks, Frank. I hope I'll never be in the position where I have to
> resort to your blog in order to make my case to a wider audience.
>
> NK
>
> On 9/11/2012 3:51 PM, frank at journalistsecurity.net wrote:
> > I do not pretend to know something about security technology.
> > I do know something about journalists and human rights defenders at risk.
> >
> > What is needed is a constructive dialogue between our two communities.
> > In that regard it is unfortunate that you have declined CPJ's offer to
> > write your own piece for CPJ in response to, or notwithstanding mine. It
> > would give you the opportunity to make your case to a much wider
> > audience. The issues are much bigger and more important than either of
> us.
> >
> > Frank Smyth
> > Executive Director
> > Global Journalist Security
> > frank at journalistsecurity.net <mailto:frank at journalistsecurity.net>
> > Tel.  + 1 202 244 0717
> > Cell  + 1 202 352 1736
> > Twitter:  @JournoSecurity
> > Website: www.journalistsecurity.net <http://www.journalistsecurity.net>
> > PGP Public Key <http://www.journalistsecurity.net/franks-pgp-public-key>
> >
> >
> > Please consider our Earth before printing this email.
> >
> > Confidentiality Notice: This email and any files transmitted with it are
> > confidential. If you have received this email in error, please notify
> > the sender and delete this message and any copies. If you are not the
> > intended recipient, you are notified that disclosing, copying,
> > distributing or taking any action in reliance on the contents of this
> > information is strictly prohibited.
> >
> >
> >
> >     -------- Original Message --------
> >     Subject: Re: [liberationtech] My CPJ blog: Lessons from the Cryptocat
> >     debate
> >     From: Nadim Kobeissi <nadim at nadim.cc <mailto:nadim at nadim.cc>>
> >     Date: Tue, September 11, 2012 3:39 pm
> >     To: liberationtech <liberationtech at lists.stanford.edu
> >     <mailto:liberationtech at lists.stanford.edu>>
> >
> >
> >     I don't have time for a wall of text. Long story short: if @ionnonews
> >     "misinterpreted" your article, it's because your article is horribly
> >     open to misinterpretation. I interpreted your article similarly to
> them
> >     and am sure most people did.
> >
> >     I'm so sick of having to deal with horrible coverage of my work.
> First
> >     Wired, then Wired (again,) then this. Really, the most sensible
> person
> >     has been Chris Soghoian, even though he's been harsh. At least he
> checks
> >     his facts, is constructive and isn't just a pretentious nobody
> >     pretending to know something about security.
> >
> >     NK
> >
> >     On 9/11/2012 3:07 PM, frank at journalistsecurity.net
> >     <mailto:frank at journalistsecurity.net> wrote:
> >     > Nadim,
> >     >
> >     > I read about the browser plug-in being added nearly two months, as
> you
> >     > state, in Forbes on July 30.
> >     >
> http://www.forbes.com/sites/jonmatonis/2012/07/30/cryptocat-increases-security-in-move-away-from-javascript-encryption/
> >
> >     > Yet it was a month and six weeks later, respectively, when Chris
> and
> >     > Patrick each wrote their critiques in response to the first Wired
> >     > piece. I also read your exchange with Patrick some weeks ago, and
> I have
> >     > spoken to Patrick, albeit before he wrote his piece in Wired.
> >     >
> >     > What I have not read here or elsewhere is anything indicating that
> there
> >     > is now a consensus that Crypocat has been fixed. (And that is
> essential
> >     > for me and CPJ, as I explain below.) Instead I reflected what I
> think is
> >     > accurate; that you are others are still working to make sure it is
> >     > secure. I think most readers would conclude that I have faith that
> it is
> >     > being secured. And this is quite different from what @innonews
> >     > erroneously tweeted that I and CPJ said that Cryptocat is unsafe.
> >     >
> >     > If anything, Nadim, I was responding to Patrick for ending his
> article
> >     > and seemingly the conversation by saying that PGP and Pidgin/OTR
> are
> >     > harder to user but they are really secure. My point (Patrick and I
> have
> >     > been having this discussion for over a decade) is that these tools'
> >     > relative lack of usability still keeps them out of the reach of
> people
> >     > who really do need to use them. And my point in the piece is that
> >     > everyone who cares about human rights should care more about
> usability.
> >     >
> >     > I also gave you credit here, and I think, in the piece, for finally
> >     > making a tool that really achieves usability.
> >     >
> >     > Please know, too, none of this is abstract for me. In May, as I
> told you
> >     > a few weeks later at Google, I trained a group of investigative
> >     > journalists in El Salvador and from Peru in May in how to use
> Cryptocat,
> >     > as I was convinced it was safe. (Also telling them no one tool is
> ever
> >     > completely safe.) After Chris' piece, I found myself unexpectedly
> >     > telling the same journalists that Cryptocat had vulnerabilities
> that I,
> >     > for one, as a non-technologist, was not aware of before. I sent
> them
> >     > Chris' piece, and told them that, if they wish to continue using
> >     > Cryptocat, they should do so with caution.
> >     >
> >     > For me, and for CPJ, the decision to recommend a tool is a weighty
> one.
> >     > It would be irresponsible to recommend a tool to journalists unless
> >     > there is a clear consensus within this community that the tool is
> safe.
> >     > I thought there was a consensus before. I then learned that there
> was
> >     > not one. And then I wrote what I think is accurate; there is now a
> >     > consensus that whatever vulnerabilities Cryptocat did have before
> are
> >     > now in the process of being fixed.
> >     >
> >     > To be clear where we disagree. I did not say that CPJ is now
> verifying
> >     > Cryptocat is fixed and safe to use. As a non-technologist that
> would
> >     > never be role.
> >     >
> >     > I realize that you see the piece as an attack on Crypocat. It was
> not
> >     > meant to be and I do not think most readers, who are not
> technologists,
> >     > of CPJ's blog will see it that way, either. It was meant as a call
> for
> >     > more usability, using Cryptocat, in fact, as a model.
> >     >
> >     > Frank
> >     >
> >     > Frank Smyth
> >     > Executive Director
> >     > Global Journalist Security
> >     > frank at journalistsecurity.net <mailto:frank at journalistsecurity.net>
> >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     > Tel.  + 1 202 244 0717
> >     > Cell  + 1 202 352 1736
> >     > Twitter:  @JournoSecurity
> >     > Website: www.journalistsecurity.net <
> http://www.journalistsecurity.net>
> >     <http://www.journalistsecurity.net>
> >     > PGP Public Key <
> http://www.journalistsecurity.net/franks-pgp-public-key>
> >     >
> >     >
> >     > Please consider our Earth before printing this email.
> >     >
> >     > Confidentiality Notice: This email and any files transmitted with
> it are
> >     > confidential. If you have received this email in error, please
> notify
> >     > the sender and delete this message and any copies. If you are not
> the
> >     > intended recipient, you are notified that disclosing, copying,
> >     > distributing or taking any action in reliance on the contents of
> this
> >     > information is strictly prohibited.
> >     >
> >     >
> >     >
> >     >     -------- Original Message --------
> >     >     Subject: Re: [liberationtech] My CPJ blog: Lessons from the
> Cryptocat
> >     >     debate
> >     >     From: Nadim Kobeissi <nadim at nadim.cc <http://nadim@nadim.cc>
> ><mailto:nadim at nadim.cc
> >     <http://nadim@nadim.cc>>>
> >     >     Date: Tue, September 11, 2012 1:34 pm
> >     >     To: liberationtech <liberationtech at lists.stanford.edu
> >     <mailto:liberationtech at lists.stanford.edu>
> >     >     <mailto:liberationtech at lists.stanford.edu
> >     <http://mailto:liberationtech@lists.stanford.edu>>>
> >     >
> >     >
> >     >     Frank,
> >     >     Please, tell me more about how your allusion at the end of
> your post
> >     >     absolves you of the culpability of fact-checking!
> >     >
> >     >     Furthermore, I have confirmed with Chris concerning the
> browser plugin
> >     >     issue when I met him last week in D.C., while Patrick Ball and
> I had an
> >     >     exchange that was posted on libtech weeks ago under the
> >     >     migraine-inducing "What I learned from Cryptocat" thread.
> >     >
> >     >     Did you even ask Chris or Patrick about the browser plugin
> platform?
> >     >     I'll eat a shoe if you did. I've been working for weeks on
> this and it's
> >     >     people like you who just make me feel like all my effort is
> completely
> >     >     worthless.
> >     >
> >     >     NK
> >     >
> >     >     On 9/11/2012 1:24 PM, frank at journalistsecurity.net <mailto:
> frank at journalistsecurity.net>
> >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>> wrote:
> >     >     > Nadim,
> >     >     >
> >     >     > Toward the end of the piece, I said: some critics are now
> working with
> >     >     > Kobeissi to help clean up and secureCryptocat.
> >     >     >
> >     >     > What you are saying is that Cryptocat is now a
> browser-plugin only
> >     >     > application, and that therefore, if I understand your point,
> the
> >     >     > vulnerabilities alluded to by Chris and now Patrick are now
> all fixed.
> >     >     >
> >     >     > Are they? If they are, I have not yet read confirmation that
> they are
> >     >     > from others in this community. I'd welcome any input here.
> >     >     >
> >     >     > And, Nadim, I have and continue to support you for finally
> building a
> >     >     > truly user-friendly tool. We need tools that are both secure
> and
> >     >     > easier-to-use, and that was the point of the piece.
> >     >     >
> >     >     > Frank
> >     >     >
> >     >     >
> >     >     >
> >     >     > Frank Smyth
> >     >     > Executive Director
> >     >     > Global Journalist Security
> >     >     > frank at journalistsecurity.net <mailto:
> frank at journalistsecurity.net>
> >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>>
> >     >     > Tel.  + 1 202 244 0717
> >     >     > Cell  + 1 202 352 1736
> >     >     > Twitter:  @JournoSecurity
> >     >     > Website: www.journalistsecurity.net <
> http://www.journalistsecurity.net>
> >     <http://www.journalistsecurity.net>
> >     >     <http://www.journalistsecurity.net>
> >     >     > PGP Public Key <
> http://www.journalistsecurity.net/franks-pgp-public-key>
> >     >     >
> >     >     >
> >     >     > Please consider our Earth before printing this email.
> >     >     >
> >     >     > Confidentiality Notice: This email and any files transmitted
> with it are
> >     >     > confidential. If you have received this email in error,
> please notify
> >     >     > the sender and delete this message and any copies. If you
> are not the
> >     >     > intended recipient, you are notified that disclosing,
> copying,
> >     >     > distributing or taking any action in reliance on the
> contents of this
> >     >     > information is strictly prohibited.
> >     >     >
> >     >     >
> >     >     >
> >     >     >     -------- Original Message --------
> >     >     >     Subject: Re: [liberationtech] My CPJ blog: Lessons from
> the Cryptocat
> >     >     >     debate
> >     >     >     From: Nadim Kobeissi <nadim at nadim.cc<http://nadim@nadim.cc>
> ><http://nadim@nadim.cc
> >     <http://nadim@nadim.cc>> ><mailto:nadim at nadim.cc<http://nadim@nadim.cc
> >
> >     >     <http://nadim@nadim.cc <http://nadim@nadim.cc>>>>
> >     >     >     Date: Tue, September 11, 2012 1:14 pm
> >     >     >     To: liberationtech <liberationtech at lists.stanford.edu
> >     <mailto:liberationtech at lists.stanford.edu>
> >     >     <mailto:liberationtech at lists.stanford.edu
> >     <http://mailto:liberationtech@lists.stanford.edu>>
> >     >     >     <mailto:liberationtech at lists.stanford.edu
> >     <http://mailto:liberationtech@lists.stanford.edu>
> >     >     <http://mailto:liberationtech@lists.stanford.edu
> >     <http://mailto:liberationtech@lists.stanford.edu>>>>
> >     >     >
> >     >     >
> >     >     >     I can't even-
> >     >     >
> >     >     >     Frank sent me this article about 15 minutes ago and I
> answered with the
> >     >     >     notion that Cryptocat has been a browser-plugin only app
> for more than a
> >     >     >     month, and that his article is just incredibly ignorant
> and frustrating
> >     >     >     as a result of it ignoring that.
> >     >     >
> >     >     >     Relevant links:
> >     >     >
> https://blog.crypto.cat/2012/08/moving-to-a-browser-app-model/
> >     >     >
> https://blog.crypto.cat/2012/09/cryptocat-2-demo-video-posted/
> >     >     >
> >     >     >     Excuse me while I now go waterboard myself,
> >     >     >     NK
> >     >     >
> >     >     >     On 9/11/2012 1:07 PM, frank at journalistsecurity.net<mailto:
> frank at journalistsecurity.net>
> >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>> wrote:
> >     >     >     > Hi everybody,
> >     >     >     >
> >     >     >     > Below is my CPJ blog on the Cryptocat debate. It makes
> some of the same
> >     >     >     > points that I already made here a few weeks ago. And
> please know that my
> >     >     >     > intent is to help work toward a solution in terms of
> bridging invention
> >     >     >     > and usability. I know there are different views, and I
> have already
> >     >     >     > heard some. Please feel free to respond. (If you wish
> you may wish to
> >     >     >     > copy me at frank at journalistsecurity.net <mailto:
> frank at journalistsecurity.net>
> >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>>
> >     >     >     > <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>>> to avoid me missing
> >     >     >     your note
> >     >     >     > among others.)
> >     >     >     >
> >     >     >     > Thank you! Best, Frank
> >     >     >     >
> >     >     >     >
> http://www.cpj.org/security/2012/09/in-cryptocat-lessons-for-technologists-and-journal.php
> >     >     >
> >     >     >     >
> >     >     >     >
> >     >     >     >   *In Cryptocat, lessons for technologists and
> journalists*
> >     >     >     >
> >     >     >     > By Frank Smyth/Senior Adviser for Journalist Security
> >     >     >     > <http://www.cpj.org/blog/author/frank-smyth>
> >     >     >     > /Alhamdulillah! /Finally, a technologist designed a
> security tool that
> >     >     >     > everyone could use. A Lebanese-born, Montreal-based
> computer scientist,
> >     >     >     > college student, and activist named Nadim Kobeissi had
> developed a
> >     >     >     > cryptography tool, Cryptocat <https://crypto.cat/>,
> for the Internet
> >     >     >     > that seemed as easy to use as Facebook Chat but was
> presumably far more
> >     >     >     > secure.
> >     >     >     > Encrypted communications are hardly a new idea.
> Technologists wary of
> >     >     >     > government surveillance have been designing free
> encryption software
> >     >     >     > since the early 1990s <
> http://www.pgpi.org/doc/overview/>. Of course, no
> >     >     >     > tool is completely safe, and much depends on the
> capabilities of the
> >     >     >     > eavesdropper. But for decades digital safety tools
> have been so hard to
> >     >     >     > use that few human rights defenders and even fewer
> journalists (my best
> >     >     >     > guess is one in a 100) employ them.
> >     >     >     > Activist technologists often complain that journalists
> and human rights
> >     >     >     > defenders are either too lazy or foolish to not
> consistently use digital
> >     >     >     > safety tools when they are operating in hostile
> environments.
> >     >     >     > Journalists and many human rights activists, for their
> part, complain
> >     >     >     > that digital safety tools are too difficult or
> time-consuming to
> >     >     >     > operate, and, even if one tried to learn them, they
> often don't work as
> >     >     >     > expected.
> >     >     >     > Cryptocat promised
> >     >     >     > <
> http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all
> >
> >     >     >     > to finally bridge these two distinct cultures.
> Kobeissi was profiled
> >     >     >     > <
> http://www.nytimes.com/2012/04/18/nyregion/nadim-kobeissi-creator-of-a-secure-chat-program-has-freedom-in-mind.html
> >
> >     >     >     > in /The New York Times/; /Forbes/
> >     >     >     > <
> http://www.forbes.com/sites/jonmatonis/2012/07/19/5-essential-privacy-tools-for-the-next-crypto-war/
> >
> >     >     >     > and especially /Wired/
> >     >     >     > <
> http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all
> >
> >     >     >     > each praised the tool. But Cryptocat's sheen faded
> fast. Within three
> >     >     >     > months of winning a prize associated with /The Wall
> Street Journal/
> >     >     >     > <http://datatransparency.wsj.com/>, Cryptocat ended
> up like a cat caught
> >     >     >     > in storm--wet, dirty, and a little worse for wear.
> Analyst Christopher
> >     >     >     > Soghoian--who wrote a /Times/ op-ed last fall
> >     >     >     > <
> http://www.nytimes.com/2011/10/27/opinion/without-computer-security-sources-secrets-arent-safe-with-journalists.html
> >
> >     >     >     > saying that journalists must learn digital safety
> skills to protect
> >     >     >     > sources--blogged that Cryptocat had far too many
> structural flaws
> >     >     >     > <
> http://paranoia.dubfire.net/2012/07/tech-journalists-stop-hyping-unproven.html?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=AroundWeb
> >
> >     >     >     > for safe use in a repressive environment.
> >     >     >     > An expert writing in /Wired/ agreed. Responding to
> another /Wired/ piece
> >     >     >     > just weeks before, Patrick Ball said the prior
> author's admiration of
> >     >     >     > Cryptocat was "inaccurate, misleading andpotentially
> dangerous
> >     >     >     > <
> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/2/>."
> >     >     >     > Ball is one of the Silicon Valley-based nonprofit
> Benetech
> >     >     >     > <http://www.benetech.org/> developers ofMartus
> >     >     >     > <http://www.benetech.org/human_rights/martus.shtml>,
> an encrypted
> >     >     >     > database used by groups to secure information like
> witness testimony of
> >     >     >     > human rights abuses.
> >     >     >     > But unlike Martus, which uses its own software,
> Cryptocat is a
> >     >     >     > "host-based security" application that relies on
> servers to log in to
> >     >     >     > its software. And this kind of application makes
> Cryptocat potentially
> >     >     >     > vulnerable
> >     >     >     > <
> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/>
> >     >     >     > to manipulation through theft of login information--as
> everyone,
> >     >     >     > including Kobeissi, now seems to agree.
> >     >     >     > So we are back to where we started, to a degree.
> Other, older digital
> >     >     >     > safety tools are "a little harder to use, but their
> security is real,"
> >     >     >     > Ball added in /Wired/. Yet, in the real world,
> fromMexico
> >     >     >     > <
> http://www.cpj.org/blog/2011/09/mexican-murder-may-mark-grim-watershed-for-social.php
> >
> >     >     >     > to Ethiopia
> >     >     >     > <
> http://www.cpj.org/2012/07/ethiopia-sentences-eskinder-six-others-on-terror-c.php
> >,
> >     >     >     > from Syria
> >     >     >     > <
> http://www.cpj.org/security/2012/05/dont-get-your-sources-in-syria-killed.php
> >
> >     >     >     > to Bahrain
> >     >     >     > <
> http://www.cpj.org/2012/09/bahrain-should-scrap-life-sentence-of-blogger-alsi.php
> >,
> >     >     >     > how many human rights activists, journalists, and
> others actually use
> >     >     >     > them? "The tools are just too hard to learn. They take
> too long to
> >     >     >     > learn. And no one's going to learn them," a journalist
> for a major U.S.
> >     >     >     > news organization recently told me.
> >     >     >     > Who will help bridge the gap? Information-freedom
> technologists clearly
> >     >     >     > don't build free, open-source tools to get rich.
> They're motivated by
> >     >     >     > the recognition one gets from building an exciting,
> important new tool.
> >     >     >     > (Kind of like journalists breaking a story.) Training
> people in the use
> >     >     >     > of security tools or making those tools easier to use
> doesn't bring the
> >     >     >     > same sort of credit.
> >     >     >     > Or financial support. Donors--in good part, U.S.
> government agencies
> >     >     >     > <http://www.fas.org/sgp/crs/row/R41120.pdf>--tend to
> back the
> >     >     >     > development of new tools rather than ongoing usability
> training and
> >     >     >     > development. But in doing so, technologists and donors
> are avoiding a
> >     >     >     > crucial question: Why aren't more people using
> security tools? These
> >     >     >     > days--20 years into what we now know as the
> Internet--usability testing
> >     >     >     > is key to every successful commercial online venture.
> Yet it is rarely
> >     >     >     > practiced in the Internet freedom community.
> >     >     >     > That may be changing. The anti-censorship
> circumvention tool Tor has
> >     >     >     > grown progressively easier to use, and donors and
> technologists are now
> >     >     >     > working to make it easier and faster still. Other
> tools, like Pretty
> >     >     >     > Good Privacy <http://www.pgpi.org/> or its slightly
> improved German
> >     >     >     > alternative <http://www.gnupg.org/>, still seem
> needlessly difficult to
> >     >     >     > operate. Partly because the emphasis is on open
> technology built by
> >     >     >     > volunteers, users are rarely if ever redirected how to
> get back on track
> >     >     >     > if they make a mistake or reach a dead end. This would
> be nearly
> >     >     >     > inconceivable today with any commercial application
> designed to help
> >     >     >     > users purchase a service or product.
> >     >     >     > Which brings us back to Cryptocat, the ever-so-easy
> tool that was not as
> >     >     >     > secure as it was once thought to be. For a time, the
> online debate among
> >     >     >     > technologists degenerated into thekind of vitriol
> >     >     >     > <
> http://www.wired.com/threatlevel/2012/08/security-researchers/all/> one
> >     >     >     > might expect to hear among, say, U.S. presidential
> campaigns. But wounds
> >     >     >     > have since healed and some critics are now working
> with Kobeissi to help
> >     >     >     > clean up and secure Cryptocat.
> >     >     >     > Life and death, prison and torture remain real outcomes
> >     >     >     > <
> http://www.cpj.org/reports/2011/12/journalist-imprisonments-jump-worldwide-and-iran-i.php
> >
> >     >     >     > for many users, and, as Ball noted in/Wired/, there
> are no security
> >     >     >     > shortcuts in hostile environments. But if tools remain
> too difficult for
> >     >     >     > people to use in real-life circumstances in which they
> are under duress,
> >     >     >     > then that is a security problem in itself.
> >     >     >     > The lesson of Cryptocat is that more learning and
> collaboration are
> >     >     >     > needed. Donors, journalists, and technologists can
> work together more
> >     >     >     > closely to bridge the gap between invention and use.
> >     >     >     > Frank Smyth is CPJ's senior adviser for journalist
> security. He has
> >     >     >     > reported on armed conflicts, organized crime, and
> human rights from
> >     >     >     > nations including El Salvador, Guatemala, Colombia,
> Cuba, Rwanda,
> >     >     >     > Uganda, Eritrea, Ethiopia, Sudan, Jordan, and Iraq.
> Follow him on
> >     >     >     > Twitter @JournoSecurity <
> https://twitter.com/#!/JournoSecurity>.
> >     >     >     >
> >     >     >     >
> >     >     >     >         *Tags:*
> >     >     >     >
> >     >     >     >   * Cryptocat <http://www.cpj.org/tags/cryptocat>,
> >     >     >     >   * Hacked <http://www.cpj.org/tags/hacked>,
> >     >     >     >   * Internet <http://www.cpj.org/tags/internet>,
> >     >     >     >   * Martus <http://www.cpj.org/tags/martus>,
> >     >     >     >   * Nadim Kobeissi <
> http://www.cpj.org/tags/nadim-kobeissi>,
> >     >     >     >   * Patrick Ball <http://www.cpj.org/tags/patrick-ball
> >,
> >     >     >     >   * Pretty Good Privacy <
> http://www.cpj.org/tags/pretty-good-privacy>,
> >     >     >     >   * Tor <http://www.cpj.org/tags/tor>
> >     >     >     >
> >     >     >     > September 11, 2012 12:12 PM ET
> >     >     >     >
> >     >     >     > Frank Smyth
> >     >     >     > Executive Director
> >     >     >     > Global Journalist Security
> >     >     >     > frank at journalistsecurity.net <mailto:
> frank at journalistsecurity.net>
> >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>>
> >     >     >     <mailto:frank at journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>
> >     >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>
> >     >     <http://mailto:frank@journalistsecurity.net
> >     <http://mailto:frank@journalistsecurity.net>>>>
> >     >     >     > Tel.  + 1 202 244 0717
> >     >     >     > Cell  + 1 202 352 1736
> >     >     >     > Twitter:  @JournoSecurity
> >     >     >     > Website: www.journalistsecurity.net <
> http://www.journalistsecurity.net>
> >     <http://www.journalistsecurity.net>
> >     >     <http://www.journalistsecurity.net>
> >     >     >     <http://www.journalistsecurity.net>
> >     >     >     > PGP Public Key <
> http://www.journalistsecurity.net/franks-pgp-public-key>
> >     >     >     >
> >     >     >     >
> >     >     >     > Please consider our Earth before printing this email.
> >     >     >     >
> >     >     >     > Confidentiality Notice: This email and any files
> transmitted with it are
> >     >     >     > confidential. If you have received this email in
> error, please notify
> >     >     >     > the sender and delete this message and any copies. If
> you are not the
> >     >     >     > intended recipient, you are notified that disclosing,
> copying,
> >     >     >     > distributing or taking any action in reliance on the
> contents of this
> >     >     >     > information is strictly prohibited.
> >     >     >     >
> >     >     >     >
> >     >     >     >
> >     >     >     > --
> >     >     >     > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >     >     >     >
> >     >     >     --
> >     >     >     Unsubscribe, change to digest, or change password at:
> >     >     >
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >     >     >
> >     >     >
> >     >     >
> >     >     > --
> >     >     > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >     >     >
> >     >     --
> >     >     Unsubscribe, change to digest, or change password at:
> >     >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >     >
> >     >
> >     >
> >     > --
> >     > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >     >
> >     --
> >     Unsubscribe, change to digest, or change password at:
> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 



Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley

public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCEEF938A1DBDD587<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120911/55560baf/attachment.html>


More information about the liberationtech mailing list