What Happened to the Crypto Dream?

[Chris Karlof]

For those of you not familiar with Arvind Narayanan, you should be. He's a young professor/crypto+privacy expert at Princeton, who among many other awesome things, blew people's minds by de-anonymizing the anonymized "Netflix prize data set".

Below is a link to Arvind's blog post on his two article series titled "What Happened to the Crypto Dream?" It's highly relevant to what we're doing here on Identity Team at Mozilla, and I promise you, they are short-ish, accessible reads. Arvind is fantastic writer.

http://33bits.org/2013/04/29/what-happened-to-the-crypto-dream-now-in-a-new-and-improved-paper-form/

There are too many searing hot, controversial quotes to include, but here's a nugget which I'm sure will make some heads explode:

"Many crypto protocols treat service providers as adversaries, a model that’s nonsensical in the modern computing
environment. Consumers don’t seek technological privacy protection against governments and service providers but against their peers, nosy neighbors, stalkers, employers, insurance companies, advertisers, and the like."

-chris

[Harry Halpin]

On 05/01/2013 08:18 PM, Chris Karlof wrote:
> For those of you not familiar with Arvind Narayanan, you should be. He's a young professor/crypto+privacy expert at Princeton, who among many other awesome things, blew people's minds by de-anonymizing the anonymized "Netflix prize data set".
>
> Below is a link to Arvind's blog post on his two article series titled "What Happened to the Crypto Dream?" It's highly relevant to what we're doing here on Identity Team at Mozilla, and I promise you, they are short-ish, accessible reads. Arvind is fantastic writer.
>
> http://33bits.org/2013/04/29/what-happened-to-the-crypto-dream-now-in-a-new-and-improved-paper-form/
>
> There are too many searing hot, controversial quotes to include, but here's a nugget which I'm sure will make some heads explode:
>

> "Many crypto protocols treat service providers as adversaries, a model that�s nonsensical in the modern computing
> environment. Consumers don�t seek technological privacy protection against governments and service providers but against their peers, nosy neighbors, stalkers, employers, insurance companies, advertisers, and the like."

That quote makes sense if you as a consumer are a young, privileged,
Stanford professor. I know some folks in Syria who would probably
disagree with that quote.

Of course, most folks in places even like Syria don't use decent
security because the software is unusable. Trying to fix that make sense.

>
> -chris
> _______________________________________________
> dev-identity mailing list
> dev-id...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity

[Chris Karlof]

On May 1, 2013, at 11:49 AM, Harry Halpin <hha...@w3.org> wrote:

>> "Many crypto protocols treat service providers as adversaries, a model that’s nonsensical in the modern computing
>> environment. Consumers don’t seek technological privacy protection against governments and service providers but against their peers, nosy neighbors, stalkers, employers, insurance companies, advertisers, and the like."

>
> That quote makes sense if you as a consumer are a young, privileged, Stanford professor. I know some folks in Syria who would probably disagree with that quote.
>
> Of course, most folks in places even like Syria don't use decent security because the software is unusable. Trying to fix that make sense.

Hi Harry,

I urge you to read the pair of articles. In hindsight, I probably did the article a disservice by grabbing a quote out of context.

*Most everyone* in the Western world is privileged compared to "most folks in Syria", and Arvind highlights this distinction in his first article. The point Arvind is trying to make here is that designing applications with crypto for insurgents in Syria is very different problem than designing for Western consumers [1]. If you build an application targeting US consumers that uses something akin to an oppressive government as the primary threat model, you are very much barking up the wrong tree.

-chris

[1] But unfortunately, designing applications for people in oppressive regimes doesn't skirt all the usability challenges with serious crypto applications just because the users' lives depend on the crypto functioning correctly.

[Harry Halpin]

On 05/02/2013 12:06 AM, Chris Karlof wrote:
> On May 1, 2013, at 11:49 AM, Harry Halpin <hha...@w3.org> wrote:
>

>>> "Many crypto protocols treat service providers as adversaries, a model that�s nonsensical in the modern computing
>>> environment. Consumers don�t seek technological privacy protection against governments and service providers but against their peers, nosy neighbors, stalkers, employers, insurance companies, advertisers, and the like."

>> That quote makes sense if you as a consumer are a young, privileged, Stanford professor. I know some folks in Syria who would probably disagree with that quote.
>>
>> Of course, most folks in places even like Syria don't use decent security because the software is unusable. Trying to fix that make sense.
> Hi Harry,
>
> I urge you to read the pair of articles. In hindsight, I probably did the article a disservice by grabbing a quote out of context.
>
> *Most everyone* in the Western world is privileged compared to "most folks in Syria", and Arvind highlights this distinction in his first article. The point Arvind is trying to make here is that designing applications with crypto for insurgents in Syria is very different problem than designing for Western consumers [1]. If you build an application targeting US consumers that uses something akin to an oppressive government as the primary threat model, you are very much barking up the wrong tree.

As someone who has argued with Arvind in public on this issue, I don't
think he's right. He *is* right that users go for cloud options, and I
think there's *plenty* of good security and usability arguments about
why a scheme like PiCL makes much more sense than imagining security by
proximity - that something on a device is somehow magically more secure
than it is on a cloud. However, I think that users in Syria are not that
different than users in USA. They all demand high usability first and
foremost - that's why folks used Skype so much rather than say, Mumble.
On the same hand, trusting Skype backfired on Syrian users - as much as
it has on activists in the USA. For example, the Mubarak internet
shutdown of Twitter was mirrored early on by the T-mobile black-out of
the pre-Twitter txtMob system at the Republican National Convention
protests in *2004* In the end, people need reasonable security models
even in "developed" countries.

While perfection is the enemy of the good, any scheme that assumes a
single point of failure trust anchor in a major corporation or a
government (or browserid.org) is probably a bad idea. If you disagree, I
have a Clipper Chip I'd be happy to sell you :) I hope Personae aims
for both usability and reasonable security properties re encryption - I
have trust in all of you there!

>
> -chris
>
> [1] But unfortunately, designing applications for people in oppressive regimes doesn't skirt all the usability challenges with serious crypto applications just because the users' lives depend on the crypto functioning correctly.
>
>
>
>

[Austin King]

OT, but for those who missed it; Aravind spoke at Mozilla on "
Centralized Collection and Control of Personal Data"
https://air.mozilla.org/centralized-personal-data/

[Chris Karlof]

On May 1, 2013, at 4:22 PM, Harry Halpin <hha...@w3.org> wrote:

> However, I think that users in Syria are not that different than users in USA. They all demand high usability first and foremost - that's why folks used Skype so much rather than say, Mumble. On the same hand, trusting Skype backfired on Syrian users - as much as it has on activists in the USA. For example, the Mubarak internet shutdown of Twitter was mirrored early on by the T-mobile black-out of the pre-Twitter txtMob system at the Republican National Convention protests in *2004* In the end, people need reasonable security models even in "developed" countries.

Usability is paramount, and I agree that activists everywhere can benefit from technologies with strong threat models. Since we unfortunately haven't solved the usability-security tradeoff problem for many applications, Syrian activists face a more serious decision to use a more-usable-but-less-secure application than Western activists. The personal consequences of it failing in Syria are often more severe (e.g., death/torture). This is Western privilege.


-chris

[Chris Karlof]

On May 1, 2013, at 4:22 PM, Harry Halpin wrote:

> While perfection is the enemy of the good, any scheme that assumes a single point of failure trust anchor in a major corporation or a government (or browserid.org) is probably a bad idea. If you disagree, I have a Clipper Chip I'd be happy to sell you :) I hope Personae aims for both usability and reasonable security properties re encryption - I have trust in all of you there!

The Clipper Chip had no clear, if any, value proposition for the end user, unlike the Apple and Google feudal fiefdoms, which offer tempting value propositions. This makes them harder to peg as clearcut "bad ideas", particularly from the viewpoint of consumers.

And yes, Mozilla Identity team is working hard to build alternatives (Persona, PICL) that offer greater control and fewer privacy concessions!

-chris

[Melvin Carvalho]

On 1 May 2013 20:18, Chris Karlof <cka...@mozilla.com> wrote:

> For those of you not familiar with Arvind Narayanan, you should be. He's a
> young professor/crypto+privacy expert at Princeton, who among many other
> awesome things, blew people's minds by de-anonymizing the anonymized
> "Netflix prize data set".
>
> Below is a link to Arvind's blog post on his two article series titled
> "What Happened to the Crypto Dream?" It's highly relevant to what we're
> doing here on Identity Team at Mozilla, and I promise you, they are
> short-ish, accessible reads. Arvind is fantastic writer.
>
>
> http://33bits.org/2013/04/29/what-happened-to-the-crypto-dream-now-in-a-new-and-improved-paper-form/
>

Thanks for sharing, I enjoyed reading that.

Not sure I agree with everything he wrote, for example, I think he under
estimates bitcoin as a technology.

However, he raises a good point about the "trusted third party" model being
aligned to the incentives of large dominant players on the web.

Key management is hard, and there is an argument to say that this should
happen in the cloud by your trusted provider. This provides better
usability and arguably better security. But at the expense of privacy.

My feeling is that we've good too far down the trusted third party route,
to the extent that it's limiting the consumers ability to choose. Studies
have shown that a significant percentage of users greatly value privacy,
but find that there are relatively few options.

More can be done to address this need, and thankfully people like David
Dahl (Mozilla) and Harry Halpin are working to bring this to the browser.
Hopefully next year we'll see standardization in this space leading to a
whole new wave of innovation :)

>
> There are too many searing hot, controversial quotes to include, but
> here's a nugget which I'm sure will make some heads explode:
>

> "Many crypto protocols treat service providers as adversaries, a model

> that’s nonsensical in the modern computing
> environment. Consumers don’t seek technological privacy protection against

> governments and service providers but against their peers, nosy neighbors,
> stalkers, employers, insurance companies, advertisers, and the like."
>

> -chris

[Leen Besselink]

(as he mentioned in the start of the video)

He was also one of the people working on:

https://air.mozilla.org/tracking-not-required/

[paleri...@gmail.com]

Nothing like crypto talk in the all trusted Google, just saying you can call me OPJ/RED now