sarahjamielewis

sarahjamielewis, 3 days ago

Further...doesn't the servers ability to produce arbitrary valid ciphertexts (not really forgeries as it's an explicit requirement) allow a range of active attacks against recipients?

I'm not entirely sure of the consequences there, but it seems incompatible with the optimized decrypt-fetch message id (as it allows the server to test and trigger).

Removing the optimization effectively brings you back to download-all and trial decryption (with server forgeries there becoming effectively noise)

sarahjamielewis, 3 days ago

The motivation for private server state is "there isn't enough traffic going through the system to provide a reasonable anonymity set to any observer so we want to minimize observers"

Which is reasonable, but then the server is explicitly not "untrusted" - it can perform all the same statistical attacks...you effectively limit the adversary space to the server.

And if so (and you are unwilling to trust the server) then your risk model becomes that addressed by PIR or OMR.

sarahjamielewis, 3 days ago

But instead the protocol explicitly allows the server additional capabilities by granting it participation in generated receiver key material (and bloating the ideal communication cost)

Any optimization you make to reduce that cost grants the server additional information. Either making the server trusted in arbitrary ways or compromising one of the desired properties.

sarahjamielewis, 3 days ago

The protocol itself is interesting, involving the server in that way has that nice property of hiding valid ciphertexts from all other parties - I feel like I've seen a flow like it before, somewhere, but nothing immediate comes to mind.

I suspect you could probably hack in authentication into that flow somehow which could have useful applications.

But the protocol doesn't feel like it solves the problem? Or rather, the strengths of the protocol don't nicely map to desired properties.

sarahjamielewis, 16 days ago

If, through some twist of fate, the printing press had arrived after the internet we'd be reading op-eds about the dangers of "anonymous reading" and demands for "accountable bookselling"

sarahjamielewis, 19 days ago

I feel like the one major lesson I learned from the crypto-hype era is that most people don't care about technical arguments, at all.

There are projects tackling hard problems using sound methodologies, there are projects talking about hard problems and selling a story (either intentionally, or because they don't know any better).

There is a difference between those two kinds of projects and I wish more people cared about that.

sarahjamielewis, 19 days ago

I don't want to "name and 'shame' such projects because it doesn't work, they thrive on the attention and few listen to the actual arguments anyway.

The system I see people promoting is "not-even wrong", it cannot do what it claims to do because that is not how the universe works. The key claims rest on axioms that are not practically possible.

I too could claim miraculous system properties if I could assume everyone magically and securely exchanged key material before using my system.

sarahjamielewis, 19 days ago

Usually I wouldn't say anything, there are so many bad privacy projects out there, I get asked about them all the time and are just a fact of life in this space.

But there is a blog post going around, advertising this project and it's gained enough traction within a community a deeply care about that I need to at least say something.

Please do some due diligence before promoting unsound privacy tools. People rely on these tools. People trust their lives to these tools.

sarahjamielewis, 19 days ago

And as experts and participants in this space you have a responsibility to give a damn about that.

sarahjamielewis, 19 days ago

A few people have asked for specific details, and I'm not going to call out a specific project; However, someone asked about general red flags and I will list a few here:

Beware of "metadata resistant" privacy apps that:

• Advertise Real time Audio / Video.
• Have Offline messaging on mobile / without self hosting some kind of server
• Have "No Identities"
• Rolled their own onion-routing
• Rolled their own mixnet
• Implement offline storage with 3rd party servers that is somehow efficient.

sarahjamielewis, 22 days ago

I have frequent conversations that fit under this topic; typically either attempting to clarify user expectation or debating implementation in light of that expectation.

My general speculation is that our current nomenclature is insufficient and too rooted in, and shaped by, existing, centralized systems.

sarahjamielewis, 25 days ago

And that approach also means that communication will likely always have strong limitations like both parties being online at the same time, dealing with the latency of onion services, and the need to run background services - the latter being a particular challenge on mobile devices.

sarahjamielewis, 25 days ago

And while I understand all of this, I am also disheartened.

I've poured my soul in Cwtch these last few years because I fundamentally believe that that is how an application should be - locked down by default, open to extension, free and open source, based on sound cryptography, no centralized servers or magic peers or any other surveillance chokepoint.

And it's hard to see Cwtch failing in comparisons because those things are not features, they are limitations.

sarahjamielewis, 25 days ago

I also tend to bite my tongue these days because the space is filled with messengers who make similar promises regarding metadata resistance while also offering real-time video chat and transparent offline messaging - feats which, if true, I would hail as academic breakthroughs.

sarahjamielewis, 25 days ago

Clearly I need to do a better job at distinguishing what makes @cwtch good - and I wish we had the budget to really try and solve some more of the harder problems in the space.

Cwtch needs more champions, and more volunteers. People who can tackle those problems, and to bug me to focus on fixing specific issues.

The code is here: https://git.openprivacy.ca/cwtch.im/cwtch-ui

The user/security/dev handbooks are here https://docs.cwtch.im/

sarahjamielewis, 25 days ago

If you would like to get involved, then please reach out to me (details in profile or on my website) I will happily help find you some way to contribute (see also https://docs.cwtch.im/docs/category/contribute).

I really, deeply believe that the world needs metadata resistant applications - not just chat, but everything. The push for end-to-end encryption was a great start, but we need stronger security models for all kinds of communication.

Help us build that in the open.

sarahjamielewis, 25 days ago

Lastly, I saw a few comments today in the vein of "not much progress has been made recently" and I would like to refute that.

While @openprivacy had to make some significantly cut backs in recent years due to a decline in funding, everyone on the Cwtch team has contributed so much over the last few years.

We have put out a new version on average every 6-8 weeks, consistently for the last 2.5 years while making major improvements to all aspects of Cwtch (see the devlog https://docs.cwtch.im/blog)