What’s wrong with Prism-break


I like the idea of providing a list of tools for “breaking the Prism” – in fact, I started such a list with Daniel van der Velden from Metahaven yesterday, but the EFF beat us to it – they’re wonderful that way. Except I don’t agree on every point…

See, while I agree that people should generally use free software, and should be using PGP (in the OpenPGP standard sense – not the PGP commercial software sense, an important distinction pointed out by @rikwes66) and OTR, and what not, I think their list of things is slightly lacking.

First off, is a great e-mail service except in that their entire user base consists of people who are trying to be dissidents. This is like painting a fairly massive bullseye on the service, and one can be fairly confident that this is one of the things that is actively monitored.

Pidgin is a wonderful piece of software, but it is known to have a lot of security vulnerabilities. These are actively being patched, but I’d not recommend it for anything high security for now.

Bitmessage is an interesting concept, but to confuse it with e-mail is a very bad idea. It cannot communicate with the rest of the users of e-mail, and therefore it is not in any meaningful sense a replacement for any e-mail client.

This is where we get into some questions of licencing. I mentioned to @infil00p earlier that the licensing issue was important because, frankly, “mostly free” or “not entirely free” essentially translates to “eventually this thing will fuck you”. He disagreed, pointing at Tor, which is marked as “mostly free”. Tor is distributed under a BSD license, which is very much free software under any reasonable definition – up to and including the Free Software Foundation’s – although it is not Copyleft. I would contend that Tor is entirely free for all intents and purposes.

The issue is, less about licensing, really, and more about who has ultimate control over the infrastructure. If you can set up your own infrastructure, there is no problem.

I’m going to have to go into a much more detailed set of arguments about why I’m not entirely content with Mailvelope and WebPGP, but for now I’d say use them and enjoy them. Made simple, the problem I have with WebPG is that it’s not very user friendly, and the problem I have with Mailvelope is that it uses OpenPGP.js – a great idea, but made less secure by the fact that we can’t really trust the JavaScript engine, the browser local storage, or the DOM separation between websites and plugins to be sufficient at this point: it’s painfully complicated to audit a browser. My suggestion is roughly, forgo the Javascript-side crypto and outsource it through a thin and well audited NPAPI layer over to the PGPME library, which then speaks with the keys stored locally. If the NPAPI layer is done correctly, the vast majority of the threats have been eliminated.

I refer to my last post for why Etherpad and Ethercalc are insufficient.

As for Android and iOS, just treat them as untrustworthy. It’s way simpler.

This stuff is complicated, I’m afraid.