Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Wickr: Can the Snapchat for Grown-Ups Save You From Spies?

Shava Nerad shava23 at gmail.com
Tue Mar 5 12:48:42 PST 2013


What Andrew said.  And anyone who glibly says that people's lives can rely
on the privacy of their software like that is lying, naive, and/or stupid,
to be blunt.

We had releases in the wild of Tor we knew people were using (and may still
be) that are out of date and we know are security compromised - and we have
no way to reach every one of those people ever (nor would she even with
registered users necessarily) to make them update, and it makes me weep.

So every release you sweat because, if there's a security compromise, an
exploit found, a bug somewhere (and hey even my archgeeks are only human ;)
-- I mean, Roger Dingledine, Nick Mathewson and Andrew are angels.

How many release engineers have to worry if they miss something, people
could get hauled away from their families, tortured, and/or killed?  It may
not be the commonest case of some person using it for pedestrian daily
privacy, but it is our critical case that we must model and plan for - and
understand and empathize with -  and it's thousands of activists,
journalists, and so on.

No glib "yes" answers please.  If you aren't losing sleep you don't get
it.  Write social apps for suburbia, where you can lie or be naive or be
stupid and it won't stand out.  In the "Zynga" community of practice that
seems to be normative at least - not that it's good for society either,
but perhaps it's habit forming, sheep and shepherd.

Don't do "social app" marketing to activists.  Do risk assessment and
education.

Open your source, do not register your users (either they give you real PID
which you can be forced to give up, or it's encouraging them to break TOS
on probably a US email provider - which in any US service makes any
activist a felon under the US law Aaron Swartz was accused under - this is
my current area of research).

Yrs,
----

Shava Nerad
shava23 at gmail.com
On Mar 5, 2013 1:48 PM, <liberationtech at lewman.us> wrote:

> On Tue, 5 Mar 2013 10:16:12 -0800
> Yosem Companys <companys at stanford.edu> wrote:
>
> > The cautionary tale that many reference is the case of Hushmail, an
> > encrypted mail service that used to claim that "not even a Hushmail
> > employee with access to our servers can read your encrypted email,
> > since each message is uniquely encoded before it leaves your computer"
> > — words that echo Wickr's own proclamations. Sell tells Mashable that
> > Wickr's "architecture eliminates backdoors; if someone was to come to
> > us with a subpoena, we have nothing to give them."
>
> They can, and will, be asked for "envelope data". Since wickr requires
> you create an account, they know who is communicating with whom, when,
> how often, and how much data. They may even know the file names
> transferred, even if they don't know the contents. They get to learn
> your email address and your IP addresses. This alone lets them build a
> nice social network map of you.
>
> As it's running on a mobile phone, wickr can learn GPS location, cell
> tower, altitude and lots of other data provided by the phone itself
> (name, contacts, etc) if they want to do so.
>
> And as a final thought, they will get preservation requests for
> messages from law enforcement. Since you're storing content on their
> servers, even if you think you control how long, they can copy off the
> messages (also for backups) for law enforcement.
>
> --
> Andrew
> http://tpo.is/contact
> pgp 0x6B4D6475
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130305/2365c76a/attachment.html>


More information about the liberationtech mailing list