[email protected] writes:
> If anyone here has any thoughts about the tools recommended in this
> Forbes piece, please speak up. The piece gets specific with
> recommendations form Ashkan Soltani, a technologist who I do not think
> is on this list, about half way down. Again, any thoughts would be
> welcome. Thank you! Frank
>
> http://www.forbes.com/sites/kashmirhill/2012/12/07/dear-journalists-at-vice-and-elsewhere-here-are-some-simple-ways-not-to-get-your-source-arrested/
After the article came out, I mailed the author the following questions,
because it seems like Skype isn't appropriate for anyone worried about
surveillance by state actors or, after I found article [2], private
actors.
In a recent Forbes article, "Dear Journalists at Vice and Elsewhere,
Here Are Some Simple Ways Not To Get Your Source Arrested" [0], you
mentioned that Skype's security depends on your threat model. Under
what threat models is Skype an appropriate choice?
The best description I could find suggests that Skype manages
connection information and encryption keys, centrally [1].
Centrally managing both types of data makes they system particularly
vulnerable to MITM-based attacks (most worryingly: impersonation,
which allows eavesdropping). That hardly seems appropriate for
journalists, who need to keep their sources and conversations secret
even from state- or law-enforcement-based actors, on occasion.
Thanks for your time,
Nick
0:
http://www.forbes.com/sites/kashmirhill/2012/12/07/dear-journalists-at-vice-and-elsewhere-here-are-some-simple-ways-not-to-get-your-source-arrested/
1:
http://paranoia.dubfire.net/2012/07/the-known-unknows-of-skype-interception.html
2:
https://www.techdirt.com/articles/20121106/02133820945/skype-accused-handing-out-private-info-to-private-company.shtml
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
