[messaging] Value of deniability

Eleanor Saitta ella at dymaxion.org
Fri Dec 12 07:19:44 PST 2014

Hash: SHA256

On 2014.12.11 14.24, Natanael wrote:
> The only response I can give to your aggressive tone is that
> you're free to develop and promote your own tools which abandon
> every form of security not yet proven in court to work effectively
> in the vast majority of cases. Unfortunately for you I'll be
> telling people to stay away from them.

No, you're not listening to what I'm saying.  I'm fine with continuing
to not sign things.  I'm not fine with introducing new primitives that
are only useful in small edge cases and lying to ourselves about their

> I don't care how rare you claim those specific attacks to be. If 
> they're even possible at all, the only thing necessary to turn
> them into an epidemic is a change in incentives. Who here don't
> believe that an attacker will use whatever tool they can get? So
> don't give them anything for free! Every seemingly innocent
> limitation or exception gets turned into an exploit sooner or
> later. Incentives changes all the time.

So, what you're saying here is "I don't care about security outcomes
at all, I care about pushing a specific set of properties that I deem
important because I know how to achieve them on users regardless of
what I think they need".

> I don't know why you're so persistent about this. Why go on about 
> *this* specifically?

Because it is indicative of the complete failure of this community to
design for user outcomes, and if that isn't going to change, there's
no point in even continuing to interact with y'all.

> You can dismiss attacks all you want, I prefer rigidity and
> minimizing unexpected consequences.

Yes, your preference for rigidity is very clear.  It's echoed by every
user who's given up on encrypted email in the past 23 years.


- -- 
Ideas are my favorite toys.


More information about the Messaging mailing list