Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
Let's first have context -- at this time I am a 30 year old journalist. But (to establish my geek bona fides) shortly after I could legally drive, but long before I could vote, I went through the process of becoming a registered Debian Linux developer. Then, as is the case now, to achieve that status, one needs to have their GnuPG key (back then PGP) signed by a fellow developer who has verified their identity. While I had undergone the process with my PGP key back when I was a high school student, by the time Debian made the switch to GPG (as I recall for ideological reasons surrounding PGP's license) I was at university with far less free time, and learning crypto software or getting your keys exchanged and signed wasn't easy. And so I never made the time to learn the new software until recent events led me to revisit my options. I haven't been a regular Linux user since 2001 (switched to Apple) but I've tried available tools for Linux and what's out there for Mac OS, even trying to compile some F/OSS solutions from scratch on Mac OS. And to be honest, despite all the innovations in user interface over the past 12 years, the situation doesn't look to have changed much since 2001. Now, I realize that for someone whose very life might depend on strong encryption that works, their incentive to learn even the most arcane and user-unfriendly software could be high enough to overcome any resistance due to either inertia, poor design, or any other conceivable reason why Joe Public wouldn't make everyday use of the stuff. These days I'm a journalist, and while my work has rarely taken me into places or subjects where encryption is needed, recent events have inspired me to venture back into the available tools to see if I could make using email with strong cryptography easy enough that I could suggest it to regular sources for everyday use. It still sucks. What exists is godawful at worse and cumbersome at best. For a cryptosystem to really, and I mean really become widespread enough to make an impact, it needs to be designed and implemented in such a way that a given user who wants to add that level of security to his** email need only install at the very least some manner of plugin to an existing client, or at most switch to an easy to use replacement which has that functionality built in seamlessly. Key exchange would have to be as easy as forming connections on a social network. Heck, a crypto-social network might be the best way to jump-start such a thing. But let's be honest here -- I think we all are aware on some level or another that even if one was able to develop and deploy the easiest software imaginable (say, Apple's iCrypt that they'd allowed to be vetted, even made key parts open source) and the most robust algorithms known to man, it's not enough that it be easy to use -- it has to become widely adopted, at least among enough of the population that assuming easy key exchange, it would become a non-event for someone to send or receive an encrypted message. It would have to definitely be widespread enough that, if we also assume pervasive surveillance -- at least on a passive filtering level of some kind -- that to see cyphertext being transmitted back and forth would be common enough that it wouldn't raise alarms or attract attention of any sort. Let's get real -- assuming surveillance is the new normal, isn't it more likely that cyphertext in the datastream is -- at least as of this day and time -- more likely to attract attention from authorities than say, quality steganography or something like a carefully designed and well executed book code? Maybe the idea of pervasive surveillance and any resulting discomfort will raise interest in easy encryption among the general public, but given the state of the current crypto toolbox, I doubt it. Andrew **for those who are PC-inclined, please note I use his alone not out of misogyny but for brevity and clarity. On Jun 11, 2013, at 9:56 PM, Kate Krauss ka...@critpath.org wrote: It's really easy to use these tools if you already know how to do it. Otherwise they are often complicated and unintuitive. For some of us, they represent an academic field or a fascinating hobby. For others, they are the keys to survival. Hubris--and not really caring whether they work or not for non-geeks--is an obstacle to security. Most activists and journalists don't care how interesting these tools are, as long as they can get them to work. If they were as simple and stupid as AOL circa 2000, that would be great. This is the beauty of cryptoparties--people can sit next to you and talk you through it. Thanks, Asher Wolf. That is often all it takes. Otherwise, tiny glitches or misunderstandings can put them out of reach. A security workshop my group organized a couple years ago included lots of geeks ANDS lots of on-the-ground activists (of many stripes, including
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
This all rings very true for me: I'm a legal academic, and barely a geek, and in reality I barely ever use crypto. I was at the Privacy Law Scholars Conference in Berkeley last week when the PRISM story broke, and we had a special session at the end of the conference to talk about what we knew - and someone asked about 'user-friendly crypto' and there was a kind of laugh/cheer around the room. Everyone knows we want it, no-one believes it's there. Paul On 12 Jun 2013, at 09:27, Andy Isaacson a...@hexapodia.org wrote: On Tue, Jun 11, 2013 at 07:11:49PM -0700, Gregory Maxwell wrote: On Tue, Jun 11, 2013 at 6:56 PM, Kate Krauss ka...@critpath.org wrote: It's really easy to use these tools if you already know how to do it. I've been using PGP since 1994, if not earlier. In more recent times 1998, here. it's become a regular part of my workflow in discussing security critical bugs. I am a programmer and a computing expert. I use gnupg daily. I do not consider the tools easy to use at all ... I routinely, and frequently, still get bitten by design bugs, implementation bugs, and UI bugs which continue to make the PGP ecosystem effectively unusable. I cannot recommend PGP for routine use to anyone outside of the security community, and I don't think I know anyone who has used it consistently for more than 2 years without encountering a serious data/comms loss due to PGP bugs or gotchas. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
On Wed, Jun 12, 2013 at 06:15:30AM -0400, Sheila Parks wrote: Why not use her instead of his? Using his in 2013 is, indeed, misogyny List moderator, please control this before it completely goes out of hand. People are trying to get work done here, and this is not helping. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
warning: plugging my wares [1] (again). On 12-06-13 10:05, Andrew Feinberg wrote: What exists is godawful at worse and cumbersome at best. For a cryptosystem to really, and I mean really become widespread enough to make an impact, it needs to be designed and implemented in such a way that a given user who wants to add that level of security to his** email need only install at the very least some manner of plugin to an existing client, or at most switch to an easy to use replacement which has that functionality built in seamlessly. Key exchange would have to be as easy as forming connections on a social network. Heck, a crypto-social network might be the best way to jump-start such a thing. plugI've come up with something that might fit your requirements. Technobabble: Users can create an cryptographic identity at the click of the mouse. With the verification methods I describe at the project site, it allows for man in the middle detection and prevention. His user agent takes care of all the crypto-details. User sees: he creates an account at a (web) site by requesting an account name to be his. No need for email addresses, or identity validation that CA's do. You can test it by downloading (or compiling) the user agent [2] and contact me at 'guidow@@dating.wtmnd.nl'. [3] /plug But let's be honest here -- I think we all are aware on some level or another that even if one was able to develop and deploy the easiest software imaginable (say, Apple's iCrypt that they'd allowed to be vetted, even made key parts open source) and the most robust algorithms known to man, it's not enough that it be easy to use -- it has to become widely adopted, at least among enough of the population that assuming easy key exchange, it would become a non-event for someone to send or receive an encrypted message. It would have to definitely be widespread enough that, if we also assume pervasive surveillance -- at least on a passive filtering level of some kind -- that to see cyphertext being transmitted back and forth would be common enough that it wouldn't raise alarms or attract attention of any sort. That's the problem, I'm facing, getting the initial seed planted. Let's get real -- assuming surveillance is the new normal, isn't it more likely that cyphertext in the datastream is -- at least as of this day and time -- more likely to attract attention from authorities than say, quality steganography or something like a carefully designed and well executed book code? Maybe the idea of pervasive surveillance and any resulting discomfort will raise interest in easy encryption among the general public, but given the state of the current crypto toolbox, I doubt it. I hope so too. The Tor datastream is easy to recognize amidst the sea of plain text connections. plugwith my plan, most connections are encrypted so those that need to rely on Tor have at least a better chance of hiding it. /plug Besides, with my protocol you really need Tor to protect your cryptographic identities against traffic analysis. Otherwise you're still fair game for the spooks. Guido. [1] my wares are found at http://eccentric-authentication.org/ [2] http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html [3] http://dating.wtmnd.nl:10443/aliens (from within the proxied browser session). -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
On 2013-06-12, at 6:20 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Jun 12, 2013 at 06:15:30AM -0400, Sheila Parks wrote: Why not use her instead of his? Using his in 2013 is, indeed, misogyny List moderator, please control this before it completely goes out of hand. +1 NK People are trying to get work done here, and this is not helping. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
On 12 June 2013 11:15, Sheila Parks sheilaruthpa...@comcast.net wrote: Why not use her instead of his? What, in the phrase Glenn Greenwald had to substantially delay his communications ? Surprised you got so many bites. It's not even very high quality trolling :) -- Love regards etc David Miller http://www.deadpansincerity.com 07854 880 883 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/11/2013 09:56 PM, Kate Krauss wrote: This is the beauty of cryptoparties--people can sit next to you and talk you through it. Thanks, Asher Wolf. That is often all it takes. I think it's time for another wave of cryptoparties. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ What does it do? How well does it do it? --Sean Kennedy -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlG4lsYACgkQO9j/K4B7F8HsEACg23MSzO17Soz8PPotj5C5fHaW 8pAAn1IS/P6c/mrAWZ31zFCDi4hpZPbO =jJt1 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.12 11.54, micah wrote: I'm constantly hearing from people who complain about the UI in things like gnupg. I feel your pain, I do not want to argue that you are wrong. However, I do want to argue that complaining doesn't help to solve the problem. I've asked every single person who has complained about this problem to me recently, have you filed a bug about your issues? and everyone's response is: no. I've done this, and guess what? It works! I filed bugs and had discussions on the gnupg mailing list that have made your experience with that tool a little bit better. There are many ways that I think it can be improved still, don't get me wrong, but the gnupg developers are reasonable people who want to make the software better, and probably have been hearing these complaints for years and years and would welcome a way to make people stop complaining. It seems there are a lot of people out there who have a clear idea of what is good and what is bad UI and are pretty vocal about when something is bad. How about turning that into clear bugs that describe better workflow and UI? You dont have to be a crypto nerd, or a C programmer to make this stuff better and easier to use. Is there any point in filing a bug that says Please have a professional designer re-work all use flows in this system from scratch? (No.) Is there any point in filing a bug that says Please remove features X, Y, Z, Q, R, N, and M because they're too confusing for novice users? (No, especially when X is the entire web of trust.) Filing bugs isn't enough -- it's an entire design effort. Individuals may see a thing and think hey, this could be changed, but what's needed is a top-to-bottom redesign, and that does not translate into a simple set of clear bugs. I don't believe that the GPG designers have the resources available to do this design effort as it stands, and it's not just them, it's the entire ecosystem that needs to be involved and work together. We'd love to see this fixed. If it was this easy, it would have been done years ago. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlG4nLkACgkQQwkE2RkM0wpFNAD9Ez3mXSJRDrU5ViXz7+k1xbdd iObK9CUbmIpPTmL+BoUA/315DpJFjW4FbO5L2yyTAix7X2QuV7UTzYaX4/XwZHF6 =nDoe -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
From: micah mi...@riseup.net To: Andy Isaacson a...@hexapodia.org; liberationtech liberationtech@lists.stanford.edu Sent: Wednesday, June 12, 2013 11:54 AM Subject: Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain Andy Isaacson a...@hexapodia.org writes: I use gnupg daily. So do I, and you might too, and do not realize it! If you use Debian, a Debian derivative (like Ubuntu), you use this stuff all the time, and don't even have to think about it. I do not consider the tools easy to use at all ... When you talk about how hard this stuff is, and how unusable it is, don't forget that there are cases where it is so easy and usable that you are not even aware of it. Don't forget, however, that both users and devs of Debian can essentially ignore the finer details of GPG because of the way the Debian community itself operates. Because freely available, freely auditable software is the product around which the community is based, and because the Debian community itself is made up of an unusually (uniquely?) high proportion of software mavens, GPG web of trust can be leveraged to lower the cost of maintaining a decentralized repository for the code/binaries. If shenanigans happen, the result (if any) will be evident in changed code/binary, which has a history and can be changed back; moreover, since the entire community is highly educated, even the laziest dev will quickly get up to speed if his/her key turns out to be comprimised. If we're going to refer to Debian in this context, it should be as shining example of what can be achieved when there's a critical mass of community members who know what their strengths are and use them to make a system better than it was when they found it, and give those improvements freely to everyone. If you remove free software as the core goal and replace it with Bitcoin OTC, community credits or even free software equivalent of Facebook's Like button, then you must reassess every single benefit that web of trust has in Debian. (E.g., there's no risk of credit default swaps with free software.) -Jonathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
+1 Micah +1 Jillian Anne and Paul. On Jun 12, 2013 7:24 PM, micah mi...@riseup.net wrote: Eleanor Saitta e...@dymaxion.org writes: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.12 11.54, micah wrote: I'm constantly hearing from people who complain about the UI in things like gnupg. I feel your pain, I do not want to argue that you are wrong. However, I do want to argue that complaining doesn't help to solve the problem. I've asked every single person who has complained about this problem to me recently, have you filed a bug about your issues? and everyone's response is: no. I've done this, and guess what? It works! I filed bugs and had discussions on the gnupg mailing list that have made your experience with that tool a little bit better. There are many ways that I think it can be improved still, don't get me wrong, but the gnupg developers are reasonable people who want to make the software better, and probably have been hearing these complaints for years and years and would welcome a way to make people stop complaining. It seems there are a lot of people out there who have a clear idea of what is good and what is bad UI and are pretty vocal about when something is bad. How about turning that into clear bugs that describe better workflow and UI? You dont have to be a crypto nerd, or a C programmer to make this stuff better and easier to use. Is there any point in filing a bug that says Please have a professional designer re-work all use flows in this system from scratch? (No.) I agree, there is not much point in that. Is there any point in filing a bug that says Please remove features X, Y, Z, Q, R, N, and M because they're too confusing for novice users? (No, especially when X is the entire web of trust.) I somewhat disagree with you on this point. There is a point to filing a bug that says, Please remove the choice of RSA/DSA/Elgamal from the gpg --gen-key process and just automatically use the default unless the user has passed --advanced. It is confusing for a user who is just learning to use the tool to have to make this choice. Filing bugs isn't enough -- it's an entire design effort. I do not think that it is one or the other. Don't throw out the bugs or usability enhancements because you think that the whole thing needs to be redesigned. Individuals may see a thing and think hey, this could be changed, but what's needed is a top-to-bottom redesign, and that does not translate into a simple set of clear bugs. I don't believe that the GPG designers have the resources available to do this design effort as it stands, and it's not just them, it's the entire ecosystem that needs to be involved and work together. I disagree. I've been working with people who have been doing this sort of iterative changes with the software for years and things have gotten better. It is actually not that hard to make significant usability changes without needing to make top-to-bottom changes. For example, here is a bug I filed which coalesces my experiences doing gnupg trainings with different activists and the stumbling blocks that we ran into: https://bugs.g10code.com/gnupg/issue1506?@ok_message=msg%204634%20created%0Aissue%201506%20created@template=item We'd love to see this fixed. If it was this easy, it would have been done years ago. You would be surprised the changes that you can get if you ask for them and describe clearly why they are needed. It helps a lot if you can also clearly describe a better alternative. If you know how to code and have time, then providing a patch will go even further. Although patches are always welcome, they are not required. For a really long time, smart cryptographers have been writing this software, their heads are focused on doing the correct technical thing and that doesn't always translate into an easy experience. They have been doing this so long that they cannot see how this could be any different. It is up to us who aren't so deeply stewed in hashing algorithms and trust metrics, we who work with people who provide us the feedback who can synthesize it and bring that back to those people in who know the code so that they can make it more usable. If we do not do that, it will not happen, ever. No matter how much we complain in places where they will never hear us. My experience has been that software gets better when I point out the problems to the appropriate place that the developers have asked for those things to be put. Sometimes that takes several years, sometimes I get lucky and the change happens in a weekend. It very rarely gets better on its own. You may think that the whole crypto world needs to be thrown out and we need to start again, and you see that as an intractably impossible problem. I see things differently because I've seen annoying things iteratively become usable over time, and I've seen usable
[liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
This story really solidifies why I believe that we need to make privacy technologies accessible to journalists, instead of simply focusing on the other way around. Glenn Greenwald had to substantially delay his communications with Edward Snowden due to how inaccessible a lot of privacy and encryption software is to use. Our main and primary goal at Cryptocat has been to focus on making encrypted communications accessible, easier to use and fun and attractive. We've always believed that accessibility is a security feature, and this idea is at the core of our project. http://arstechnica.com/security/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/ NK -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
On Tue, Jun 11, 2013 at 6:56 PM, Kate Krauss ka...@critpath.org wrote: It's really easy to use these tools if you already know how to do it. I've been using PGP since 1994, if not earlier. In more recent times it's become a regular part of my workflow in discussing security critical bugs. I am a programmer and a computing expert. I do not consider the tools easy to use at all but I understand their importance and use them with other people who understand their importance, _in spite_ of the fact that they are burdensome. I am large unable to get people who do not understand their importance to use them. Or even if I get them to use them once, because the tools require an effort to use on an ongoing basis they do not use them reliably. The only shining ray of success I've experienced in this space is OTR, and but my personal experience is that even that is failing as more people move away from using pidgin and adium to chat systems which OTR does not as easily integrate with. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech