Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] My CPJ blog: Lessons from the Cryptocat debate

Nadim Kobeissi nadim at nadim.cc
Tue Sep 11 14:24:31 PDT 2012


I'm sorry, everyone. I'll try to not lose my temper; it's just that
after the n'th article misinterpreting Cryptocat it becomes hard not to.

I'd like to apologize for the heated conversation.

NK

On 9/11/2012 5:18 PM, Nadim Kobeissi wrote:
> Thanks, Brian. For my perspective, there's admittedly some frustration
> with my work being analyzed in the state it was in months ago,
> especially considering that the beta release for Cryptocat 2 is so
> close. This is not the first time my work has been covered in a
> non-satisfactory fashion and I wish people would contact me first/check
> out the Cryptocat blog/etc. to figure out some standing questions they
> may have.
> 
> I respect your perspective and completely agree with it. I should be
> less frustrated.
> 
> NK
> 
> On 9/11/2012 5:04 PM, Brian Conley wrote:
>> Nadim,
>>
>> I'm quite confused about your frustration and your ire.
>>
>> Excluding the fact that the title references Cryptocat, the main focus
>> of the blogpost is restated in the conclusion:
>>
>> "The lesson of Cryptocat is that more learning and collaboration are
>> needed. Donors, journalists, and technologists can work together more
>> closely to bridge the gap between invention and use."
>>
>> It's not about whether or not Cryptocat is a good or useful tool, Frank
>> is using Cryptocat as a device to initiate discussion about this: "These
>> days--20 years into what we now know as the Internet--usability testing
>> is key to every successful commercial online venture. Yet it is rarely
>> practiced in the Internet freedom community."
>>
>> Would you really disagree?
>>
>> Secondly, I guess its possible that I'm the only one ignorant of this,
>> but I can't recall *ever* hearing of @innonews and a quick reference
>> shows that they have 61 followers, one might consider them to be
>> leveraging "trolling" to generate traffic.
>>
>> Thirdly, people will stop taking you seriously if you can't take
>> yourself seriously enough to ignore criticism and learn only from
>> critiques. A critique is where someone looks at your work and offers
>> nuanced suggestions as to what you might do differently, critics
>> themselves are often simply self-aggrandizing. Most of what I have read
>> in the media criticizing Cryptocat has been just that, criticism and
>> self-aggrandizement.
>>
>> It was great to meet in person, and I look forward to seeing what you
>> come up with. I for one am quite excited and inspired by your efforts,
>> and look forward to what you come up with next.
>>
>> Brian
>>
>>
>> On Tue, Sep 11, 2012 at 12:53 PM, Nadim Kobeissi <nadim at nadim.cc
>> <mailto:nadim at nadim.cc>> wrote:
>>
>>     Thanks, Frank. I hope I'll never be in the position where I have to
>>     resort to your blog in order to make my case to a wider audience.
>>
>>     NK
>>
>>     On 9/11/2012 3:51 PM, frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net> wrote:
>>     > I do not pretend to know something about security technology.
>>     > I do know something about journalists and human rights defenders
>>     at risk.
>>     >
>>     > What is needed is a constructive dialogue between our two communities.
>>     > In that regard it is unfortunate that you have declined CPJ's offer to
>>     > write your own piece for CPJ in response to, or notwithstanding
>>     mine. It
>>     > would give you the opportunity to make your case to a much wider
>>     > audience. The issues are much bigger and more important than
>>     either of us.
>>     >
>>     > Frank Smyth
>>     > Executive Director
>>     > Global Journalist Security
>>     > frank at journalistsecurity.net <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     > Tel.  + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
>>     > Cell  + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
>>     > Twitter:  @JournoSecurity
>>     > Website: www.journalistsecurity.net
>>     <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
>>     > PGP Public Key
>>     <http://www.journalistsecurity.net/franks-pgp-public-key>
>>     >
>>     >
>>     > Please consider our Earth before printing this email.
>>     >
>>     > Confidentiality Notice: This email and any files transmitted with
>>     it are
>>     > confidential. If you have received this email in error, please notify
>>     > the sender and delete this message and any copies. If you are not the
>>     > intended recipient, you are notified that disclosing, copying,
>>     > distributing or taking any action in reliance on the contents of this
>>     > information is strictly prohibited.
>>     >
>>     >
>>     >
>>     >     -------- Original Message --------
>>     >     Subject: Re: [liberationtech] My CPJ blog: Lessons from the
>>     Cryptocat
>>     >     debate
>>     >     From: Nadim Kobeissi <nadim at nadim.cc <mailto:nadim at nadim.cc
>>     <mailto:nadim at nadim.cc>>>
>>     >     Date: Tue, September 11, 2012 3:39 pm
>>     >     To: liberationtech <liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>>>
>>     >
>>     >
>>     >     I don't have time for a wall of text. Long story short: if
>>     @ionnonews
>>     >     "misinterpreted" your article, it's because your article is
>>     horribly
>>     >     open to misinterpretation. I interpreted your article
>>     similarly to them
>>     >     and am sure most people did.
>>     >
>>     >     I'm so sick of having to deal with horrible coverage of my
>>     work. First
>>     >     Wired, then Wired (again,) then this. Really, the most
>>     sensible person
>>     >     has been Chris Soghoian, even though he's been harsh. At least
>>     he checks
>>     >     his facts, is constructive and isn't just a pretentious nobody
>>     >     pretending to know something about security.
>>     >
>>     >     NK
>>     >
>>     >     On 9/11/2012 3:07 PM, frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>> wrote:
>>     >     > Nadim,
>>     >     >
>>     >     > I read about the browser plug-in being added nearly two
>>     months, as you
>>     >     > state, in Forbes on July 30.
>>     >     >
>>     http://www.forbes.com/sites/jonmatonis/2012/07/30/cryptocat-increases-security-in-move-away-from-javascript-encryption/
>>     >
>>     >     > Yet it was a month and six weeks later, respectively, when
>>     Chris and
>>     >     > Patrick each wrote their critiques in response to the first
>>     Wired
>>     >     > piece. I also read your exchange with Patrick some weeks
>>     ago, and I have
>>     >     > spoken to Patrick, albeit before he wrote his piece in Wired.
>>     >     >
>>     >     > What I have not read here or elsewhere is anything
>>     indicating that there
>>     >     > is now a consensus that Crypocat has been fixed. (And that
>>     is essential
>>     >     > for me and CPJ, as I explain below.) Instead I reflected
>>     what I think is
>>     >     > accurate; that you are others are still working to make sure
>>     it is
>>     >     > secure. I think most readers would conclude that I have
>>     faith that it is
>>     >     > being secured. And this is quite different from what @innonews
>>     >     > erroneously tweeted that I and CPJ said that Cryptocat is
>>     unsafe.
>>     >     >
>>     >     > If anything, Nadim, I was responding to Patrick for ending
>>     his article
>>     >     > and seemingly the conversation by saying that PGP and
>>     Pidgin/OTR are
>>     >     > harder to user but they are really secure. My point (Patrick
>>     and I have
>>     >     > been having this discussion for over a decade) is that these
>>     tools'
>>     >     > relative lack of usability still keeps them out of the reach
>>     of people
>>     >     > who really do need to use them. And my point in the piece is
>>     that
>>     >     > everyone who cares about human rights should care more about
>>     usability.
>>     >     >
>>     >     > I also gave you credit here, and I think, in the piece, for
>>     finally
>>     >     > making a tool that really achieves usability.
>>     >     >
>>     >     > Please know, too, none of this is abstract for me. In May,
>>     as I told you
>>     >     > a few weeks later at Google, I trained a group of investigative
>>     >     > journalists in El Salvador and from Peru in May in how to
>>     use Cryptocat,
>>     >     > as I was convinced it was safe. (Also telling them no one
>>     tool is ever
>>     >     > completely safe.) After Chris' piece, I found myself
>>     unexpectedly
>>     >     > telling the same journalists that Cryptocat had
>>     vulnerabilities that I,
>>     >     > for one, as a non-technologist, was not aware of before. I
>>     sent them
>>     >     > Chris' piece, and told them that, if they wish to continue using
>>     >     > Cryptocat, they should do so with caution.
>>     >     >
>>     >     > For me, and for CPJ, the decision to recommend a tool is a
>>     weighty one.
>>     >     > It would be irresponsible to recommend a tool to journalists
>>     unless
>>     >     > there is a clear consensus within this community that the
>>     tool is safe.
>>     >     > I thought there was a consensus before. I then learned that
>>     there was
>>     >     > not one. And then I wrote what I think is accurate; there is
>>     now a
>>     >     > consensus that whatever vulnerabilities Cryptocat did have
>>     before are
>>     >     > now in the process of being fixed.
>>     >     >
>>     >     > To be clear where we disagree. I did not say that CPJ is now
>>     verifying
>>     >     > Cryptocat is fixed and safe to use. As a non-technologist
>>     that would
>>     >     > never be role.
>>     >     >
>>     >     > I realize that you see the piece as an attack on Crypocat.
>>     It was not
>>     >     > meant to be and I do not think most readers, who are not
>>     technologists,
>>     >     > of CPJ's blog will see it that way, either. It was meant as
>>     a call for
>>     >     > more usability, using Cryptocat, in fact, as a model.
>>     >     >
>>     >     > Frank
>>     >     >
>>     >     > Frank Smyth
>>     >     > Executive Director
>>     >     > Global Journalist Security
>>     >     > frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     > Tel.  + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
>>     >     > Cell  + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
>>     >     > Twitter:  @JournoSecurity
>>     >     > Website: www.journalistsecurity.net
>>     <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
>>     >     <http://www.journalistsecurity.net>
>>     >     > PGP Public Key
>>     <http://www.journalistsecurity.net/franks-pgp-public-key>
>>     >     >
>>     >     >
>>     >     > Please consider our Earth before printing this email.
>>     >     >
>>     >     > Confidentiality Notice: This email and any files transmitted
>>     with it are
>>     >     > confidential. If you have received this email in error,
>>     please notify
>>     >     > the sender and delete this message and any copies. If you
>>     are not the
>>     >     > intended recipient, you are notified that disclosing, copying,
>>     >     > distributing or taking any action in reliance on the
>>     contents of this
>>     >     > information is strictly prohibited.
>>     >     >
>>     >     >
>>     >     >
>>     >     >     -------- Original Message --------
>>     >     >     Subject: Re: [liberationtech] My CPJ blog: Lessons from
>>     the Cryptocat
>>     >     >     debate
>>     >     >     From: Nadim Kobeissi <nadim at nadim.cc
>>     <http://nadim@nadim.cc> ><mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>
>>     >     <http://nadim@nadim.cc>>>
>>     >     >     Date: Tue, September 11, 2012 1:34 pm
>>     >     >     To: liberationtech <liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>>
>>     >     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <http://mailto:liberationtech@lists.stanford.edu>>>
>>     >     >
>>     >     >
>>     >     >     Frank,
>>     >     >     Please, tell me more about how your allusion at the end
>>     of your post
>>     >     >     absolves you of the culpability of fact-checking!
>>     >     >
>>     >     >     Furthermore, I have confirmed with Chris concerning the
>>     browser plugin
>>     >     >     issue when I met him last week in D.C., while Patrick
>>     Ball and I had an
>>     >     >     exchange that was posted on libtech weeks ago under the
>>     >     >     migraine-inducing "What I learned from Cryptocat" thread.
>>     >     >
>>     >     >     Did you even ask Chris or Patrick about the browser
>>     plugin platform?
>>     >     >     I'll eat a shoe if you did. I've been working for weeks
>>     on this and it's
>>     >     >     people like you who just make me feel like all my effort
>>     is completely
>>     >     >     worthless.
>>     >     >
>>     >     >     NK
>>     >     >
>>     >     >     On 9/11/2012 1:24 PM, frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>> wrote:
>>     >     >     > Nadim,
>>     >     >     >
>>     >     >     > Toward the end of the piece, I said: some critics are
>>     now working with
>>     >     >     > Kobeissi to help clean up and secureCryptocat.
>>     >     >     >
>>     >     >     > What you are saying is that Cryptocat is now a
>>     browser-plugin only
>>     >     >     > application, and that therefore, if I understand your
>>     point, the
>>     >     >     > vulnerabilities alluded to by Chris and now Patrick
>>     are now all fixed.
>>     >     >     >
>>     >     >     > Are they? If they are, I have not yet read
>>     confirmation that they are
>>     >     >     > from others in this community. I'd welcome any input here.
>>     >     >     >
>>     >     >     > And, Nadim, I have and continue to support you for
>>     finally building a
>>     >     >     > truly user-friendly tool. We need tools that are both
>>     secure and
>>     >     >     > easier-to-use, and that was the point of the piece.
>>     >     >     >
>>     >     >     > Frank
>>     >     >     >
>>     >     >     >
>>     >     >     >
>>     >     >     > Frank Smyth
>>     >     >     > Executive Director
>>     >     >     > Global Journalist Security
>>     >     >     > frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>>
>>     >     >     > Tel.  + 1 202 244 0717 <tel:%2B%201%20202%20244%200717>
>>     >     >     > Cell  + 1 202 352 1736 <tel:%2B%201%20202%20352%201736>
>>     >     >     > Twitter:  @JournoSecurity
>>     >     >     > Website: www.journalistsecurity.net
>>     <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
>>     >     <http://www.journalistsecurity.net>
>>     >     >     <http://www.journalistsecurity.net>
>>     >     >     > PGP Public Key
>>     <http://www.journalistsecurity.net/franks-pgp-public-key>
>>     >     >     >
>>     >     >     >
>>     >     >     > Please consider our Earth before printing this email.
>>     >     >     >
>>     >     >     > Confidentiality Notice: This email and any files
>>     transmitted with it are
>>     >     >     > confidential. If you have received this email in
>>     error, please notify
>>     >     >     > the sender and delete this message and any copies. If
>>     you are not the
>>     >     >     > intended recipient, you are notified that disclosing,
>>     copying,
>>     >     >     > distributing or taking any action in reliance on the
>>     contents of this
>>     >     >     > information is strictly prohibited.
>>     >     >     >
>>     >     >     >
>>     >     >     >
>>     >     >     >     -------- Original Message --------
>>     >     >     >     Subject: Re: [liberationtech] My CPJ blog: Lessons
>>     from the Cryptocat
>>     >     >     >     debate
>>     >     >     >     From: Nadim Kobeissi <nadim at nadim.cc
>>     <http://nadim@nadim.cc> ><http://nadim@nadim.cc
>>     >     <http://nadim@nadim.cc>> ><mailto:nadim at nadim.cc
>>     <mailto:nadim at nadim.cc> <http://nadim@nadim.cc>
>>     >     >     <http://nadim@nadim.cc <http://nadim@nadim.cc>>>>
>>     >     >     >     Date: Tue, September 11, 2012 1:14 pm
>>     >     >     >     To: liberationtech
>>     <liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>>
>>     >     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <http://mailto:liberationtech@lists.stanford.edu>>
>>     >     >     >     <mailto:liberationtech at lists.stanford.edu
>>     <mailto:liberationtech at lists.stanford.edu>
>>     >     <http://mailto:liberationtech@lists.stanford.edu>
>>     >     >     <http://mailto:liberationtech@lists.stanford.edu
>>     >     <http://mailto:liberationtech@lists.stanford.edu>>>>
>>     >     >     >
>>     >     >     >
>>     >     >     >     I can't even-
>>     >     >     >
>>     >     >     >     Frank sent me this article about 15 minutes ago
>>     and I answered with the
>>     >     >     >     notion that Cryptocat has been a browser-plugin
>>     only app for more than a
>>     >     >     >     month, and that his article is just incredibly
>>     ignorant and frustrating
>>     >     >     >     as a result of it ignoring that.
>>     >     >     >
>>     >     >     >     Relevant links:
>>     >     >     >    
>>     https://blog.crypto.cat/2012/08/moving-to-a-browser-app-model/
>>     >     >     >    
>>     https://blog.crypto.cat/2012/09/cryptocat-2-demo-video-posted/
>>     >     >     >
>>     >     >     >     Excuse me while I now go waterboard myself,
>>     >     >     >     NK
>>     >     >     >
>>     >     >     >     On 9/11/2012 1:07 PM, frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>> wrote:
>>     >     >     >     > Hi everybody,
>>     >     >     >     >
>>     >     >     >     > Below is my CPJ blog on the Cryptocat debate. It
>>     makes some of the same
>>     >     >     >     > points that I already made here a few weeks ago.
>>     And please know that my
>>     >     >     >     > intent is to help work toward a solution in
>>     terms of bridging invention
>>     >     >     >     > and usability. I know there are different views,
>>     and I have already
>>     >     >     >     > heard some. Please feel free to respond. (If you
>>     wish you may wish to
>>     >     >     >     > copy me at frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>>
>>     >     >     >     > <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>>> to avoid me
>>     missing
>>     >     >     >     your note
>>     >     >     >     > among others.)
>>     >     >     >     >
>>     >     >     >     > Thank you! Best, Frank
>>     >     >     >     >
>>     >     >     >     >
>>     http://www.cpj.org/security/2012/09/in-cryptocat-lessons-for-technologists-and-journal.php
>>     >     >     >
>>     >     >     >     >
>>     >     >     >     >
>>     >     >     >     >   *In Cryptocat, lessons for technologists and
>>     journalists*
>>     >     >     >     >
>>     >     >     >     > By Frank Smyth/Senior Adviser for Journalist
>>     Security
>>     >     >     >     > <http://www.cpj.org/blog/author/frank-smyth>
>>     >     >     >     > /Alhamdulillah! /Finally, a technologist
>>     designed a security tool that
>>     >     >     >     > everyone could use. A Lebanese-born,
>>     Montreal-based computer scientist,
>>     >     >     >     > college student, and activist named Nadim
>>     Kobeissi had developed a
>>     >     >     >     > cryptography tool, Cryptocat
>>     <https://crypto.cat/>, for the Internet
>>     >     >     >     > that seemed as easy to use as Facebook Chat but
>>     was presumably far more
>>     >     >     >     > secure.
>>     >     >     >     > Encrypted communications are hardly a new idea.
>>     Technologists wary of
>>     >     >     >     > government surveillance have been designing free
>>     encryption software
>>     >     >     >     > since the early 1990s
>>     <http://www.pgpi.org/doc/overview/>. Of course, no
>>     >     >     >     > tool is completely safe, and much depends on the
>>     capabilities of the
>>     >     >     >     > eavesdropper. But for decades digital safety
>>     tools have been so hard to
>>     >     >     >     > use that few human rights defenders and even
>>     fewer journalists (my best
>>     >     >     >     > guess is one in a 100) employ them.
>>     >     >     >     > Activist technologists often complain that
>>     journalists and human rights
>>     >     >     >     > defenders are either too lazy or foolish to not
>>     consistently use digital
>>     >     >     >     > safety tools when they are operating in hostile
>>     environments.
>>     >     >     >     > Journalists and many human rights activists, for
>>     their part, complain
>>     >     >     >     > that digital safety tools are too difficult or
>>     time-consuming to
>>     >     >     >     > operate, and, even if one tried to learn them,
>>     they often don't work as
>>     >     >     >     > expected.
>>     >     >     >     > Cryptocat promised
>>     >     >     >     >
>>     <http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all>
>>     >     >     >     > to finally bridge these two distinct cultures.
>>     Kobeissi was profiled
>>     >     >     >     >
>>     <http://www.nytimes.com/2012/04/18/nyregion/nadim-kobeissi-creator-of-a-secure-chat-program-has-freedom-in-mind.html>
>>     >     >     >     > in /The New York Times/; /Forbes/
>>     >     >     >     >
>>     <http://www.forbes.com/sites/jonmatonis/2012/07/19/5-essential-privacy-tools-for-the-next-crypto-war/>
>>     >     >     >     > and especially /Wired/
>>     >     >     >     >
>>     <http://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/all>
>>     >     >     >     > each praised the tool. But Cryptocat's sheen
>>     faded fast. Within three
>>     >     >     >     > months of winning a prize associated with /The
>>     Wall Street Journal/
>>     >     >     >     > <http://datatransparency.wsj.com/>, Cryptocat
>>     ended up like a cat caught
>>     >     >     >     > in storm--wet, dirty, and a little worse for
>>     wear. Analyst Christopher
>>     >     >     >     > Soghoian--who wrote a /Times/ op-ed last fall
>>     >     >     >     >
>>     <http://www.nytimes.com/2011/10/27/opinion/without-computer-security-sources-secrets-arent-safe-with-journalists.html>
>>     >     >     >     > saying that journalists must learn digital
>>     safety skills to protect
>>     >     >     >     > sources--blogged that Cryptocat had far too many
>>     structural flaws
>>     >     >     >     >
>>     <http://paranoia.dubfire.net/2012/07/tech-journalists-stop-hyping-unproven.html?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=AroundWeb>
>>     >     >     >     > for safe use in a repressive environment.
>>     >     >     >     > An expert writing in /Wired/ agreed. Responding
>>     to another /Wired/ piece
>>     >     >     >     > just weeks before, Patrick Ball said the prior
>>     author's admiration of
>>     >     >     >     > Cryptocat was "inaccurate, misleading
>>     andpotentially dangerous
>>     >     >     >     >
>>     <http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/2/>."
>>     >     >     >     > Ball is one of the Silicon Valley-based
>>     nonprofit Benetech
>>     >     >     >     > <http://www.benetech.org/> developers ofMartus
>>     >     >     >     >
>>     <http://www.benetech.org/human_rights/martus.shtml>, an encrypted
>>     >     >     >     > database used by groups to secure information
>>     like witness testimony of
>>     >     >     >     > human rights abuses.
>>     >     >     >     > But unlike Martus, which uses its own software,
>>     Cryptocat is a
>>     >     >     >     > "host-based security" application that relies on
>>     servers to log in to
>>     >     >     >     > its software. And this kind of application makes
>>     Cryptocat potentially
>>     >     >     >     > vulnerable
>>     >     >     >     >
>>     <http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/>
>>     >     >     >     > to manipulation through theft of login
>>     information--as everyone,
>>     >     >     >     > including Kobeissi, now seems to agree.
>>     >     >     >     > So we are back to where we started, to a degree.
>>     Other, older digital
>>     >     >     >     > safety tools are "a little harder to use, but
>>     their security is real,"
>>     >     >     >     > Ball added in /Wired/. Yet, in the real world,
>>     fromMexico
>>     >     >     >     >
>>     <http://www.cpj.org/blog/2011/09/mexican-murder-may-mark-grim-watershed-for-social.php>
>>     >     >     >     > to Ethiopia
>>     >     >     >     >
>>     <http://www.cpj.org/2012/07/ethiopia-sentences-eskinder-six-others-on-terror-c.php>,
>>     >     >     >     > from Syria
>>     >     >     >     >
>>     <http://www.cpj.org/security/2012/05/dont-get-your-sources-in-syria-killed.php>
>>     >     >     >     > to Bahrain
>>     >     >     >     >
>>     <http://www.cpj.org/2012/09/bahrain-should-scrap-life-sentence-of-blogger-alsi.php>,
>>     >     >     >     > how many human rights activists, journalists,
>>     and others actually use
>>     >     >     >     > them? "The tools are just too hard to learn.
>>     They take too long to
>>     >     >     >     > learn. And no one's going to learn them," a
>>     journalist for a major U.S.
>>     >     >     >     > news organization recently told me.
>>     >     >     >     > Who will help bridge the gap?
>>     Information-freedom technologists clearly
>>     >     >     >     > don't build free, open-source tools to get rich.
>>     They're motivated by
>>     >     >     >     > the recognition one gets from building an
>>     exciting, important new tool.
>>     >     >     >     > (Kind of like journalists breaking a story.)
>>     Training people in the use
>>     >     >     >     > of security tools or making those tools easier
>>     to use doesn't bring the
>>     >     >     >     > same sort of credit.
>>     >     >     >     > Or financial support. Donors--in good part, U.S.
>>     government agencies
>>     >     >     >     >
>>     <http://www.fas.org/sgp/crs/row/R41120.pdf>--tend to back the
>>     >     >     >     > development of new tools rather than ongoing
>>     usability training and
>>     >     >     >     > development. But in doing so, technologists and
>>     donors are avoiding a
>>     >     >     >     > crucial question: Why aren't more people using
>>     security tools? These
>>     >     >     >     > days--20 years into what we now know as the
>>     Internet--usability testing
>>     >     >     >     > is key to every successful commercial online
>>     venture. Yet it is rarely
>>     >     >     >     > practiced in the Internet freedom community.
>>     >     >     >     > That may be changing. The anti-censorship
>>     circumvention tool Tor has
>>     >     >     >     > grown progressively easier to use, and donors
>>     and technologists are now
>>     >     >     >     > working to make it easier and faster still.
>>     Other tools, like Pretty
>>     >     >     >     > Good Privacy <http://www.pgpi.org/> or its
>>     slightly improved German
>>     >     >     >     > alternative <http://www.gnupg.org/>, still seem
>>     needlessly difficult to
>>     >     >     >     > operate. Partly because the emphasis is on open
>>     technology built by
>>     >     >     >     > volunteers, users are rarely if ever redirected
>>     how to get back on track
>>     >     >     >     > if they make a mistake or reach a dead end. This
>>     would be nearly
>>     >     >     >     > inconceivable today with any commercial
>>     application designed to help
>>     >     >     >     > users purchase a service or product.
>>     >     >     >     > Which brings us back to Cryptocat, the
>>     ever-so-easy tool that was not as
>>     >     >     >     > secure as it was once thought to be. For a time,
>>     the online debate among
>>     >     >     >     > technologists degenerated into thekind of vitriol
>>     >     >     >     >
>>     <http://www.wired.com/threatlevel/2012/08/security-researchers/all/> one
>>     >     >     >     > might expect to hear among, say, U.S.
>>     presidential campaigns. But wounds
>>     >     >     >     > have since healed and some critics are now
>>     working with Kobeissi to help
>>     >     >     >     > clean up and secure Cryptocat.
>>     >     >     >     > Life and death, prison and torture remain real
>>     outcomes
>>     >     >     >     >
>>     <http://www.cpj.org/reports/2011/12/journalist-imprisonments-jump-worldwide-and-iran-i.php>
>>     >     >     >     > for many users, and, as Ball noted in/Wired/,
>>     there are no security
>>     >     >     >     > shortcuts in hostile environments. But if tools
>>     remain too difficult for
>>     >     >     >     > people to use in real-life circumstances in
>>     which they are under duress,
>>     >     >     >     > then that is a security problem in itself.
>>     >     >     >     > The lesson of Cryptocat is that more learning
>>     and collaboration are
>>     >     >     >     > needed. Donors, journalists, and technologists
>>     can work together more
>>     >     >     >     > closely to bridge the gap between invention and use.
>>     >     >     >     > Frank Smyth is CPJ's senior adviser for
>>     journalist security. He has
>>     >     >     >     > reported on armed conflicts, organized crime,
>>     and human rights from
>>     >     >     >     > nations including El Salvador, Guatemala,
>>     Colombia, Cuba, Rwanda,
>>     >     >     >     > Uganda, Eritrea, Ethiopia, Sudan, Jordan, and
>>     Iraq. Follow him on
>>     >     >     >     > Twitter @JournoSecurity
>>     <https://twitter.com/#!/JournoSecurity>.
>>     >     >     >     >
>>     >     >     >     >
>>     >     >     >     >         *Tags:*
>>     >     >     >     >
>>     >     >     >     >   * Cryptocat <http://www.cpj.org/tags/cryptocat>,
>>     >     >     >     >   * Hacked <http://www.cpj.org/tags/hacked>,
>>     >     >     >     >   * Internet <http://www.cpj.org/tags/internet>,
>>     >     >     >     >   * Martus <http://www.cpj.org/tags/martus>,
>>     >     >     >     >   * Nadim Kobeissi
>>     <http://www.cpj.org/tags/nadim-kobeissi>,
>>     >     >     >     >   * Patrick Ball
>>     <http://www.cpj.org/tags/patrick-ball>,
>>     >     >     >     >   * Pretty Good Privacy
>>     <http://www.cpj.org/tags/pretty-good-privacy>,
>>     >     >     >     >   * Tor <http://www.cpj.org/tags/tor>
>>     >     >     >     >
>>     >     >     >     > September 11, 2012 12:12 PM ET
>>     >     >     >     >
>>     >     >     >     > Frank Smyth
>>     >     >     >     > Executive Director
>>     >     >     >     > Global Journalist Security
>>     >     >     >     > frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>>
>>     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>>
>>     >     >     >     <mailto:frank at journalistsecurity.net
>>     <mailto:frank at journalistsecurity.net>
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>
>>     >     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>
>>     >     >     <http://mailto:frank@journalistsecurity.net
>>     >     <http://mailto:frank@journalistsecurity.net>>>>
>>     >     >     >     > Tel.  + 1 202 244 0717
>>     <tel:%2B%201%20202%20244%200717>
>>     >     >     >     > Cell  + 1 202 352 1736
>>     <tel:%2B%201%20202%20352%201736>
>>     >     >     >     > Twitter:  @JournoSecurity
>>     >     >     >     > Website: www.journalistsecurity.net
>>     <http://www.journalistsecurity.net> <http://www.journalistsecurity.net>
>>     >     <http://www.journalistsecurity.net>
>>     >     >     <http://www.journalistsecurity.net>
>>     >     >     >     <http://www.journalistsecurity.net>
>>     >     >     >     > PGP Public Key
>>     <http://www.journalistsecurity.net/franks-pgp-public-key>
>>     >     >     >     >
>>     >     >     >     >
>>     >     >     >     > Please consider our Earth before printing this
>>     email.
>>     >     >     >     >
>>     >     >     >     > Confidentiality Notice: This email and any files
>>     transmitted with it are
>>     >     >     >     > confidential. If you have received this email in
>>     error, please notify
>>     >     >     >     > the sender and delete this message and any
>>     copies. If you are not the
>>     >     >     >     > intended recipient, you are notified that
>>     disclosing, copying,
>>     >     >     >     > distributing or taking any action in reliance on
>>     the contents of this
>>     >     >     >     > information is strictly prohibited.
>>     >     >     >     >
>>     >     >     >     >
>>     >     >     >     >
>>     >     >     >     > --
>>     >     >     >     > Unsubscribe, change to digest, or change
>>     password at:
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >     >     >     >
>>     >     >     >     --
>>     >     >     >     Unsubscribe, change to digest, or change password at:
>>     >     >     >    
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >     >     >
>>     >     >     >
>>     >     >     >
>>     >     >     > --
>>     >     >     > Unsubscribe, change to digest, or change password at:
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >     >     >
>>     >     >     --
>>     >     >     Unsubscribe, change to digest, or change password at:
>>     >     >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >     >
>>     >     >
>>     >     >
>>     >     > --
>>     >     > Unsubscribe, change to digest, or change password at:
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >     >
>>     >     --
>>     >     Unsubscribe, change to digest, or change password at:
>>     >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >
>>     >
>>     >
>>     > --
>>     > Unsubscribe, change to digest, or change password at:
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>     >
>>     --
>>     Unsubscribe, change to digest, or change password at:
>>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>>
>>
>> -- 
>>
>>  
>>
>> Brian Conley
>>
>> Director, Small World News
>>
>> http://smallworldnews.tv <http://smallworldnews.tv/>
>>
>> m: 646.285.2046
>>
>> Skype: brianjoelconley
>>
>> public
>> key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCEEF938A1DBDD587 <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0>
>>
>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>



More information about the liberationtech mailing list