Hi Libtech, Jillian C. York wrote:
> Security experts have obvious reasons for being conservative, and I > get that. Nevertheless, there are a lot of users who would benefit > from *a little bit* of added security. The question, then, as I see > it, is: > > *How do we provide that little bit while still making users aware of > risks?* Jacob Appelbaum replied: > The problem is that the little bit is effectively zero. > > What's the difference between Facebook chat over SSL and Cryptocat > over SSL? > > Without a browser extension/plugin - there is little to no difference. > > You have to trust the server and the server operator to not be a bad > actor in both cases. As an example problem, Facebook chat over SSL is automatically mined by Facebook for "suspicious" activity to report, as we know. Known bad actor, known bad server. Current Cryptocat is neither, though it could become so in case of server or operator compromise. So Cryptocat currently is a "little bit" better than "known bad actor, known bad server"; we are discussing whether that "little bit" make a significant difference. Is not Riseup accessed over SSL webmail a comparable analogy to current Cryptocat? And yet activists without their own .mx trust Riseup, and no one says there's little to no difference between Facebook email and Riseup email. It certainly could be the case that I am missing something! :-Douglas _______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
