The Cryptocat-Snowden Approach to Security

If you were to tell me, “I’m gonna make an encrypted-chat plugin for Facebook chat,” I would probably get red in the face and yell at you that privacy and Facebook are like ice cream and the surface of Venus.

In other words, a) you’re nuts and b) you need to get the hell off Facebook.

Yet if we think of all the people out there who would look at you like you were from Mars if you told them this… well, getting them to encrypt ON Facialbook is at least a start. And that’s just the latest idea in CryptoCat’s decidedly outré approach to communications security.

Consider the following: Based on Laura Poitras’ statements, it’s clear that Edward Snowden doesn’t trust PGP where it really counts. If Snowden knows something… the implications for the traditional cypherpunk-elite approach are fairly dire. So much for complex tools that provide security if you thread the needle of using them right.

All the complication does, if Snowden’s fear is justified… is reduce the population of users to a small enough number that the NSA can monitor them all!

Enter CryptoCat, which for the last few years has been attracting outsize vitriol and hate from cyphergeeks everywhere. To be sure, for much of its history it was only marginally more secure than SnapChat or WhatsApp… yet, going by raw decibel levels, neither of those attracted anywhere near as much shouting.

CryptoCat was built more or less on the same philosophy as Snowden’s leaks: rather than making perfect security possible for a few, make good-enough security possible for everybody. This won’t stop a determined adversary going after a particular person, but it’s (hopefully) enough to stop mass surveillance and 3rd-world countries’ ham-fisted organs of casual repression.

To be sure, it has the crucial disadvantage that, when yours is the only easy-to-use crypto package out there, it also gets used in more critical cases — like when Glenn Greenwald wants to chat with the Grauniad but can’t get OTR to work. [1] (Which begs the question — was some man in the middle sabotaging OTR?)

Still, it also carries the advantage that nobody really expects it to be TOO secure. Which, if Snowden’s as-yet-unleaked knowledge about PGP and Schneier’s guess that there’s “something big” in the NSA’s cryptanalytic quiver are correct, could save a few lives. While still keeping most people safe from arbitrary intrusion.


%d bloggers like this: