Since Randolph has chosen to forward my reply to his request to this entire mailing list, here is the full text of my reply. Please note that a thorough security audit is necessary, but not sufficient for EFF to recommend a security or privacy tool and I express some doubts about whether or not his tool would actually be useful to Syrians at this time:
Randolph, Thank you for writing to EFF. I'm glad that there are people who are working on secure communications tools--in fact, I am at a security tool hackathon in New York right now. However, EFF cannot recommend any tool that has not had a thorough security audit and we do not have the resources to perform such an audit ourselves. If you are working on an open source security communications tool that you would like EFF to recommend, I suggest that you subject it to an extensive audit by security professionals. Perhaps some of the people on the Liberation Tech mailing list might be interested. Furthermore, lack of encrypted communications over Facebook is not really the problem that Syrians are facing right now. Facebook has an option that allows you to use HTTPS by default. You can also enable HTTPS by default by using HTTPS Everywhere on your browser. HTTPS usage on Facebook in Syria is reportedly very high, an observation which is supported by the fact that the Syrian government attempted to man-in-the-middle Facebook's SSL cert in Syria last year. If the Syrian government had been able to see most Facebook traffic over the network in plaintext, no MITM would have been necessary. Malware is being sent via Facebook chat and in comments in popular Facebook groups, but that is not a problem that an encrypted or decentralized version of Facebook would solve. These Facebook accounts are usually compromised using malware that installs a remote access tool which takes screenshots and logs keystrokes. ************************************************ Eva Galperin International Freedom of Expression Coordinator Electronic Frontier Foundation [email protected] (415) 436-9333 ex. 111 ************************************************ -- ************************************************ Eva Galperin International Freedom of Expression Coordinator Electronic Frontier Foundation [email protected] (415) 436-9333 ex. 111 ************************************************ _______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
