Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tptacek 21 hours ago

No. Unless your messenger is at pains to make sure people don't use it in life-or-death situations (for instance: because they're being targeted by ICE, or the law enforcement and security apparatus of their country), the exact opposite thing is true.

These kinds of message board discussions invariably pose a dilemma: "send messages in plaintext using normal email, or use whatever secure messaging tool is available regardless of its strength". That's false. People always have a third option: not sending the message electronically. Most of us here have messages they wouldn't send even with their most trusted messaging tools; people who are at serious risk from message interception have much more dangerous messages than that.

Recommending that at-risk people use weak secure messaging as a "better than nothing" step towards real secure messaging isn't just bad advice. It's malpractice.

klabb3 5 hours ago | parent [-]

This conversation is important, and weighing these aspects against each other is critical in order to form better opinions. We clearly both agree there are subtle and counter-intuitive effects at play. I don't think there's anything wrong with debating them, and I'm happy to be convinced otherwise.

> Unless your messenger is at pains to make sure people don't use it in life-or-death situations [...] the exact opposite thing is true

Right, this is the false-sense-of-security effect. It exists and it's real. But there are more aspects that weigh in.

> People always have a third option: not sending the message electronically.

I challenge this assumption. In reality the effect is not about what they can do if they listen to the advice of Bruce Schneier, but what they will do. Navel-gazing on security and throwing your hands up if people don't act "the way they should" is what's really irresponsible, imo. I.e. if your contacts are not physically close, they won't (or even can't) schedule a flight to send a message. They'll generally use what's socially convenient, even if they're discussing something like abortion in an oppressive state. If you're lucky non-techies will say "Hey, maybe we should try that app Signal, I heard it's more secure". That's as good of a win as it gets.

The counter-example would be going around saying Signal is worthless because they collect phone numbers, they don't enforce public key validation, and they don't use onion routing to protect your social graph. I don't think we disagree about how ridiculous that would be, even if we disagree on which aspects are most important.

Basically, if set the weight of all security properties to ∞, you will get something that's so wildly inconvenient that nobody would use it. Even PGP that's relatively easy to use was at its peak about as popular as starting a yak farm.

tptacek an hour ago | parent [-]

Advising people to use messaging systems that you know to be faulty because they optimize in some other non-personal-safety area like "federation" or "open standards" or "compatibility with email" means that you are putting your own aesthetic preferences above other people's safety. It's simply malpractice.