And my reply: Dear Patrick, Your reply has lead me to be capable of better appreciating and evaluating your perspective. Thanks for clarifying your point of view. I encourage you to keep an eye on how Cryptocat evolves and hope you'll find our improvements worthwhile.
Regards, NK NK On Fri, Aug 10, 2012 at 1:08 PM, Katrin Verclas <kat...@mobileactive.org> wrote: > ---------- Forwarded message ---------- > From: "Patrick Ball" <pb...@benetech.org> > Date: Aug 10, 2012 3:47 PM > Subject: Re: [liberationtech] When It Comes to Human Rights, There Are No > Online Security Shortcuts | Threat Level | Wired.com > To: "Nadim Kobeissi" <na...@nadim.cc> > Cc: "Katrin Verclas" <kat...@mobileactive.org> > > [Katrin: again, your call whether to repost to the list] > > Nadim, > > Sorry about the photos. Given that there's a pretty prominent photo of you > at Wired, you must know that we do not control whether or which photos Wired > puts up. That's simply their style. > > I've spent a lot of my life building Martus, and that's the solution I think > best serves the community I work with. Other tools may contribute in the > future, and we're busy collaborating as much as we can to integrate our tool > with Tor, Guardian, and some non-security data collection stuff. In my > experience, the best chance of getting users to adopt crypto it to build it > into an application they already want to use. We're doing that with the > tools human rights activists use for data collection and analysis. > > I hope you continue with your research to build new tools. There are many > months (indeed, person-years) of testing between cool ideas and production > code that non-technical users can trust. I wish the discussion I'm watching > on libtech had a bit more consideration of making sure code is solid before > shipping it to the world. That's the point I pushed you about in my previous > message. > > My op-ed addresses existing tools offered as secure to our community. Singel > said these tools (in particular Hushmail) are good for human rights > activists. I think that's a terrible idea, and that's what I said. > > I appreciate your invitation to the technical conversation, but that's not > really what I do. It's not my job to fix Cryptocat. Nor do you need my > help! I think you're well on your way, and you have far abler assistance > than I could provide. > > It is part of my job to help the human rights community use good crypto > tools. I've built and supported Martus for 10 years, and we have a thriving > user community all over the world. In Martus, we didn't invent any piece of > the crypto. We used standard, well-tested algorithms (from BouncyCastle) and > standard protocols. We're not computer scientists or number theory guys. My > team are software engineers, and we know that we're not competent to invent > new crypto. Our job is to build a tool that meets a need we know about from > our users, and we're pretty happy with how it's going. > > Re experts: I'm contrasting myself with *journalists* -- and most sharply, > with Singel's remark about Hushmail which is what motivated my op-ed. By > expert, I would certainly include you, Jake, moxie, and the other serious > computer scientists on the libtech list. My apologies if this is unclear. > > Again, my best wishes in your R&D, and I look forward to your next ideas -- > PB. > > > On 10 Aug 2012, at 12:28, Nadim Kobeissi wrote: > >> Patrick, >> Thanks for your well-wishes, but I'm under the impression that >> actually participating in the conversation and technical debate would >> be far, far more productive than ample servings of high-level >> gratuitous formality. It's one thing to compliment Jake and I on the >> research we're doing and then writing an article that almost fully >> does not pay heed to it, and entirely another to actually delve into >> that discussion yourself instead of ignoring it in favor of a piece >> with a picture of yourself at its top and two paragraphs on how >> experts like you need to be consulted at its bottom. >> >> There's a certain amount of honest contribution that I'm expecting >> here, and your article, while better than most that have surrounded >> this topic, would have been better served actually contributing to the >> conversation that *is* fixing Cryptocat, instead of dismissing it >> entirely in favor of things less worthwhile. >> >> NK >> >> >> On Fri, Aug 10, 2012 at 12:21 PM, Patrick Ball <pb...@benetech.org> wrote: >>> [Katrin: feel free to repost to the list if you want, the traffic is too >>> high so I don't want to join. I lurk occasionally.] >>> >>> >>> Nadim, >>> >>> Research is great, and I am personally delighted you're doing it. Great >>> things may come of it, and the notes in the later part of the thread to >>> which Katrin alludes are very interesting. As I noted in the op-ed, the >>> browser extension may mature into a really useful tool -- once it's been >>> tested and reviewed and tested some more. >>> >>> For the meantime: mark it alpha. In a giant, blinking font write: "not >>> for use by people who are really at risk." Writing "with some limitations" >>> is insufficient warning to non-technical users in a space where the risks >>> are this high. Leaving it up with the implication that it's tested software >>> that people at risk can depend on is irresponsible. >>> >>> It's really cool that you and Jake and others are thinking up neat ideas >>> at dinner. You're both very smart and creative guys, and that's a great >>> place to start. It's not something you should then make public for >>> vulnerable people to depend on. >>> >>> Schneier taught me years ago that security is really really hard. We >>> can't trust it until we've tested every which way anyone in good or bad >>> faith can think up. Even then, there might always be another crack, but our >>> confidence increases with each positive review and new attack our tool >>> withstands. Your browser extension may get there, but it's a ways off yet. I >>> hope you persist. Good luck. >>> >>> -- PB. >>> >>> >>> On 10 Aug 2012, at 12:07, Katrin Verclas wrote: >>> >>>> Patrick, care to comment? You might also want to review the conversation >>>> on the libtech list (all 62 messages) where a lot of issues related to >>>> Cyrptocat and security and activism has been discussed in great detail, and >>>> with a lot of thought and care. >>>> >>>> (And, for the record, I have no editorial judgement one way or another - >>>> really just shared a link here. I have appreciated, however, the really >>>> good conversation on this on libtech) >>>> >>>> Katrin >>>> >>>> On Aug 10, 2012, at 2:40 PM, Nadim Kobeissi wrote: >>>> >>>>> I'm sorry to have to say this, but this piece seems to expressly >>>>> ignore a lot of the research and discussion that's already happened >>>>> about Cryptocat and (I'm sorry) is very self-promotional of Ball and >>>>> Martus. The discussion around improving code delivery, which has been >>>>> going on for months, is completely ignored and instead there's a >>>>> picture of Patrick Ball in an article in which he asks Cryptocat to >>>>> 'consult experts.' If Mr. Ball had bothered weighing into any >>>>> conversation before writing this piece, or contacting me at all, I >>>>> would perceive the article as far more honest. >>>>> >>>>> NK >>>>> >>>>> >>>>> On Fri, Aug 10, 2012 at 6:15 AM, Katrin Verclas >>>>> <kat...@mobileactive.org> wrote: >>>>>> and Ball from Martus/Benetech weighs in... >>>>>> >>>>>> >>>>>> http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/ >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> liberationtech mailing list >>>>>> liberationtech@lists.stanford.edu >>>>>> >>>>>> Should you need to change your subscription options, please go to: >>>>>> >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>>> >>>>>> If you would like to receive a daily digest, click "yes" (once you >>>>>> click >>>>>> above) next to "would you like to receive list mail batched in a daily >>>>>> digest?" >>>>>> >>>>>> You will need the user name and password you receive from the list >>>>>> moderator >>>>>> in monthly reminders. You may ask for a reminder here: >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>>> >>>>>> Should you need immediate assistance, please contact the list >>>>>> moderator. >>>>>> >>>>>> Please don't forget to follow us on >>>>>> http://twitter.com/#!/Liberationtech >>>> >>>> >>>> Katrin Verclas >>>> MobileActive.org >>>> kat...@mobileactive.org >>>> >>>> skype/twitter: katrinskaya >>>> (347) 281-7191 >>>> >>>> Check out SaferMobile.org >>>> Using Mobile Technology More Securely. For Activists, Rights Defenders, >>>> and Journalists. >>>> https://safermobile.org >>>> >>>> MobileActive.org: A global network of people using mobile technology for >>>> social impact >>>> http://mobileactive.org >>>> >>>> >>>> >>> >> >> > > > _______________________________________________ > liberationtech mailing list > liberationtech@lists.stanford.edu > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > If you would like to receive a daily digest, click "yes" (once you click > above) next to "would you like to receive list mail batched in a daily > digest?" > > You will need the user name and password you receive from the list moderator > in monthly reminders. You may ask for a reminder here: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > Should you need immediate assistance, please contact the list moderator. > > Please don't forget to follow us on http://twitter.com/#!/Liberationtech _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech