Tuesday, April 25, 2017

A Plea for Responsible and Contextualized Reporting on User Security

Zeynep Tufekci In Response to Guardian’s Irresponsible Reporting on WhatsApp: A Plea for Responsible and Contextualized Reporting on User Security. She basically rips them a new one. It's a nice article, with the details of the issue which act as a great example of the difficulties of making something secure against a variety of adversaries vs making it usable by a wide range of users.

Signal is well-designed. Many in the security community use and consistently recommend it. However, the very thing that makes Signal a recommendation for people at high risk—that it drops messages at any sign of hiccup—prevents a large number of ordinary people from adopting it. Our community has used Signal for a long time, and have been trying to convert people to it, but its inevitable delivery failures (some by design, to keep users safer, and some due to bandwidth or other issues) mean that we often cannot convince people to use it despite spending a lot of effort trying to convince them—even people who have a lot at stake. The reason people, including journalists and activists, use WhatsApp over Signal isn’t because people are flaky, but because in the real world, reliability, usability and a large user base are key to security.

WhatsApp effectively protects people against mass surveillance. Individually targeted attacks by powerful adversaries willing to put effort into compromising a single person are a different kind of threat. If that is the threat model in mind, then merely recommending Signal is irresponsible. Your reckless, uncontextualized piece posits a mythical Snowden-type character, with a powerful, massively resourced adversary, for whom WhatsApp would not be a good choice. From that it concludes that WhatsApp is unsafe for a billion people for whom it is, at the moment, among the best options for secure communication.

To further complicate things, switching to Signal may not be advisable in some settings, because it marks you as an activist. There are many threat models under which WhatsApp is the safest option, and there are reports of people around the world being jailed merely for having installed an encryption app. It’s fine to recommend Signal and to broaden its user base. It’s not fine to fearmonger and scare people away from WhatsApp (which runs the same protocol as Signal) because of a minor and defensible difference in the kind of warnings it gives and the blocking behavior of a few undelivered messages when someone changes phones or SIM cards.

No comments: