| > ...brought me a red herring that wouldn't have helped Greenwald then or laypeople now. Funny. I addressed this in my previous comment, but I guess you glossed over it: > 1) It seems reasonable to expect that most journalists possess either an iOS or Android smartphone. Your snark doesn't enhance the credibility of your objections. > The requirement was that the NSA not be able to understand the content of those messages for a period of time that covers their activity. Two things: 1) That's not what you said, though. You said "the NSA didn't get shit", when in fact, they did. In my reply to you, I even addressed the fact that it's possible they got the plaintext of the conversation long after the meeting. [0] Again, your snark doesn't do you credit. 2) Another goal of the NSA is storage of encrypted data for later decryption just in case a decryption method is found and the data is useful. The NSA does far more than just deal with information that has a very brief shelf life. > Mediocre solutions stop people all the time despite pro's or talented people being able to defeat them. Does a messaging system that XORs the message and addressing information with a hard-coded value meet your definition of "secure messenger" if its target audience is the everyday US citizen who communicates only to people within the US? Why or why not? [0] But, in reality, we can't know that NSA wasn't aware of this vulnerability in CryptoCat at the time of the meeting. It's entirely possible that they had access to the plaintext of the conversation shortly after it happened. |
No, I'm calling you on it. You're countering my claim that mediocre privacy is better than choosing no privacy if one is consciously aware that this is the choice. Your first counter...
"If your "secure communications" software doesn't stop a sophisticated passive adversary, it doesn't stop anyone, "
...was so ridiculous that you lost credibility instantly. I gave you the benefit of the doubt on the rest. The next part was a recommendation that basically confirmed my original claim that mediocre solutions were all that's you could think of barring a future release of Signal. Once again, there was no effective counter to people using Cryptocat or other mediocre solutions when they had nothing else available that was usable. And, again, knowing it wasn't guaranteed to stop hackers: just delay them or stop lay attackers.
"ou said "the NSA didn't get shit", when in fact, they did."
OK. I see you were just griping with a technicality in a secondary claim. I stand corrected: NSA did get shit way after they needed it. Remember that Snowden knew they would get found out. The after effect wasn't important. Just the delay. My argument still stands even with that point corrected given each party's goals.
"Does a messaging system that XORs the message and addressing information with a hard-coded value meet your definition of "secure messenger" if its target audience is the everyday US citizen who communicates only to people within the US? Why or why not?"
Yes if the threat model is jocks snooping on her phone and the code is custom. No most of the time because that's weaker than weak. A regular encryption algorithm people wouldn't know about with a solution that's not popular? Will stop most snoops unless they straight hack it. A modification of an existing one that preserves its security properties but obfuscates the change? Slows even nation state attackers.
Like I claimed: the threat model and security goals determine what level of security is appropriate. Wise engineers tell people to default on something really good. The userbase our post is discussing is incapable of or unwilling to put up with what's good by our standards. For them, it's no protection, methods that sell them out, or methods that offer some protection while not selling them out. The third option sounds better than the other two. This is where solutions like Cryptocat (not XOR lol) come in. They're easy, sometimes fun, enough for adoption to raise the baseline a bit. Or they remain niche which is even better in this threat model.
So, I drop the bar a bit to provide them some protection rather than none. Recommendations depend on the person and situation. Some w/ no malicious provider is still better than none + malicious host. The crux of my arguments.
"But, in reality, we can't know that NSA wasn't aware of this vulnerability in CryptoCat at the time of the meeting."
Even more support. If they weren't, the niche and barely functional thing did its job of showing them scrambled traffic they didn't auto-break and analyze. If they were, it bought the users time. Benefit either way over open communications despite this being outside my recommended use case. Some better than none.