Am going to branch out a little from the discourse between Jake and Eric and present this list a recurring dilemma in my experience as a digsec trainer and technology advisor - the question of 'good enough' security and what to recommend when others seek advice. Eric and I have had this discussion many times before, albeit never in a public forum :)
I've always been on the side of open rather than proprietary code, non-profit rather than corporate initiative, these choices a blend of technical and moral reasoning. However it is often difficult to convey my sentiment in a short time-frame to an activist who relies on technology but has a poor understanding of how it fits together. If you only get one chance to explain private VoIP communications, do you wring your hands and talk about vulnerabilities in Skype or teach them how to find a trustworthy SIP provider and configure an open source client with ZRTP? I've done both and felt guilty (for different reasons) no matter the choice. Regarding service providers, I have more implicit trust in a RiseUp VPN than a Steganos one - however the first choice may actually single out a group of activists using VPNs to protect their identity and movements from the local provider. The argument also holds for Tor, albeit the ratio for activist:unscrupulous user on that network may be a good enough excuse. Now back to circumvention and to J vs E. We don't need an arrest to label a service flawed-by-design. At the same time there will always be fewer initiatives we do trust and they will likely be a little more clunky (less sleek?) than their commercial equivalents. Do we just present the facts and let the audience make up their own minds or do we make a decision about their threat model for them and choose the path of least resistance? Dmitri Vitaliev On 12-10-30 02:05 AM, [email protected] wrote: > Message: 33 > Date: Mon, 29 Oct 2012 12:26:54 +0000 > From: Jacob Appelbaum <[email protected]> > To: [email protected] > Subject: Re: [liberationtech] OkayFreedom > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
