[messaging] Value of deniability

Eleanor Saitta ella at dymaxion.org
Fri Dec 12 07:00:53 PST 2014

Hash: SHA256

On 2014.12.12 05.23, Trevor Perrin wrote:
> On Wed, Dec 10, 2014 at 6:56 PM, Eleanor Saitta <ella at dymaxion.org>
> wrote:
>> Actively signing a message and failing to support deniability are
>> not the same, as I have explained elsewhere.
> """ Un-signed and deniable are distinct properties.  I'm definitely
> not arguing against unsigned transcripts; making an active effort
> to make repudiation difficult is a very different question than
> designing for the field utility of deniability. """ 
> https://moderncrypto.org/mail-archive/messaging/2014/001191.html
> I think some people (like myself) do think of deniability as
> mostly about not signing messages.  Or more strongly: not producing
> any signed evidence of conversations by default.

There's nothing wrong with this understanding of deniability, although
I would argue that it does not rise to the level of significance that
naming it implies.  Most of what I see folks arguing for here is also
something stronger.

The larger issue not even necessarily the cryptographic primitives
chosen, it's the understanding of user actions that justifies those
choices.  When a community refuses to interact with the reality of
user needs, the community demonstrates it is more interested in
solving the problems it thinks users should have than the problems
users do have.  It argues that users should adapt their behavior,
ignoring any reasons that users may have for their existing behavior
as not even worth considering.  This would be frustrating if it was
not the exact same failure mode that has dogged the cypherpunk
community for over two decades.

Guys, we had a big conversation about usability, right?  And y'all
have (mostly) been "oh, hey, yeah, I guess that Johnny Can't Encrypt
paper is kind of embarrassing, maybe we should do something about
that".  Did you guys honestly think this was just about hiring a
couple of artists to make your interfaces prettier?

Usability is about putting user goals first, period.  If your users do
not need a thing to accomplish their goals, you do not force it on
them.  Now, your users don't always know what they need, I hear you
exclaiming.  That's true.  However, if you want to suggest this, it
can't be your ego saying "me big cryptographer, me tell users what
really matter", which is frankly most of what I've heard here.  You
need evidence.  You need field experience.  You need testing.  And
then you need to explain what you've done to your users so they can
take it into account.

This isn't (just) about deniability.  This is about the entire process
of security design and the failure of this community to engage in it,
as indicated by the continued treatment of deniability as a
first-class property and the arguments presented for it.


- -- 
Ideas are my favorite toys.


More information about the Messaging mailing list