[messaging] Value of deniability

Thu Dec 11 11:24:19 PST 2014

On Thu, Dec 11, 2014 at 7:51 PM, Eleanor Saitta <ella at dymaxion.org> wrote:
> Hash: SHA256
>
> This is a joke, right?  You don't actually believe that cryptographic
> hashes influence any of these social outcomes, do you?

The only response I can give to your aggressive tone is that you're
free to develop and promote your own tools which abandon every form of
security not yet proven in court to work effectively in the vast
majority of cases. Unfortunately for you I'll be telling people to
stay away from them.

Whatsapp just recently switched to TextSecure's OTR-derived Axolotl
encryption protocol. That's not without reason. The users don't even
know the difference. And yet the world is more secure. And none of
your criticism applies.

Widespread deniability is a form of herd immunity.

I don't care how rare you claim those specific attacks to be. If
they're even possible at all, the only thing necessary to turn them
into an epidemic is a change in incentives. Who here don't believe
that an attacker will use whatever tool they can get? So don't give
them anything for free! Every seemingly innocent limitation or
exception gets turned into an exploit sooner or later. Incentives
changes all the time.

It is the reason for why everybody who claims fingerprints are great
for security on something like Apple Pay, because "it is so complex".
No, *you just changed the incentives to the benefit of the thieves*,
now they just have to automate the process (take a picture of the
print, from there on it gets sent to a computer that creates a 3D
model of it for a stereolithography printer, now just get the phone
and swipe the copy - the profit margin per print will be massive after
a few days of buying stuff on other people's credit).

Leaving a big hole open because it seemingly isn't abused *right now*
will *cause* it to be abused!

In your "ideal" world, once people learn they can abuse the authencity
followed by the undeniability of the protocol and the secure key
management (once that has been achieved) it WILL be abused, and your
world is no longer ideal.

I don't know why you're so persistent about this. Why go on about
*this* specifically? There's other much more complex issues that's
more important to solve, why aren't you trying to work on things like
key management instead?

Consistency in key management across all of a user's devices is IMHO
currently the biggest problem. (My preference right now is a
continously synced encrypted database, with access managed by a
per-device dedicated security chip like a smartcard/user controlled
TPM, either internal or external, with a trusted user interface á la
the Qubes model of isolation. Will be discussing these things later in
another thread.)

You can dismiss attacks all you want, I prefer rigidity and minimizing
unexpected consequences. After all, who'll expect to be held to their
word from 20 years ago, which they probably won't be able to remember?
Do you really want all your accidental contradictions and slip-ups and
misspellings and mails sent accidentally to the wrong person to be
published together in all their (lack of) glory?