On Mon, Nov 17, 2014, at 09:40 AM, carlo von lynX wrote: > How can it be ethically acceptable to call any tool > "secure" that does not protect the metadata?
While I understand where you are coming from, and acknowledge the limitations in protocols like XMPP. I am also very excited about the extremely important work on next-generation systems and protocols like Pond, Secushare, and the like. I was very happy to see TheGrugq's port of Pond to Android, and with the years work on systems like Briar coming to fruition, I do think we are about to take a big step forward on protecting mobile metadata. The EFF was focused on helping mass market users they can reach with taking the first step up from insecure SMS and messaging that offers basically no defense at all from a variety of bad actors. They need to offer apps available today that a had a history of being maintained and updated (Moxie, Nadim and I have been at this awhile now), and could offer good user experiences to even novice users. I also know this is only the first step in a process for EFF, and that I hope they will be open to feedback such as you have provided. > Correct me if I am wrong, but I seriously do not see > any of the metadata-protecting messaging systems in that > list. I would like to point out some particular features of ChatSecure that do combat and minimize metadata-based surveillance. I think Cryptocat, by its transient nature, also has some of these characteristics. You might dismiss them as band-aids, but we see them as practical defense-based on what is available today. 1) One-tap use of Tor, which both means the ability to circumvent network surveillance by our WISP/Telco, and the ability to connect to Tor Hidden Service hosted XMPP servers. This is why EFF mentioned "ChatSecure + Orbot" 2) Support for multiple accounts and in-app creation of accounts on any server you choose, over Tor if you choose, and offer a built-in list of geographically diverse, vetted XMPP hosts. Maintaining multiple identities is meant to be easy to. This also means anyone can run a server based on open-source/free software, and using our Lil' Debi (our Debian-on-Android system), a more experienced user can run an XMPP server on a phone or tablet inside a Hidden Service. 3) Support for a secret identity/burner account that generates a randomly named account on a Tor HS based server (Calyx) that only supports OTR-encrypted messaging and does not log. This can be used for communicating with only one contact, ideally using the same app and method to connect, such that the buddy list only shows one contact. 4) Full encryption of all account data, messages, contacts and shared media data on the device and no integration with built-in contact lists on the phone, to stop any leak of data from the ChatSecure environment into your phones unencrypted/insecure storage. When thinking about mobile, you must also consider metadata physical extraction, as well as inherent insecure of the OS services themselves. 5) No requirement for using your actual phone number or device identifiers, and no integration/dependency upon Google Cloud Services (push, etc). > I know very well that they are all experimental, > but it is irresponsible not to openly say: Sorry people, What do you mean by experimental? > there IS no well established and stable messaging system > that will actually protect you as it should. All we can > offer are tools that will protect what you talk about, > not you as a person. Yes, I agree that is generally true, but I do hope that you appreciate the work we've done in minimizing metadata leakage. > Whereas tools designed to protect not only the words, but > also the person, aren't even known to the EFF it seems: None of these wonderful tools are available today for mainstream users on their mobile phones in any stable, audited or tested state. The EFF's survey was about mobile messaging, not desktop. +n -- Nathan of Guardian [email protected] _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
