
Moxie Marlinspike Makes Encryption for Everyone - pje
http://www.popsci.com/moxie-marlinspike-makes-encryption-for-everyone
======
blablablaat
Not for people who don't want Google on their device.

He only wants distribution via Google, and even went as far to demand that
free/libre Play-alternative F-droid removed their build of TextSecure.

See: [https://fdroid.eutopia.cz/](https://fdroid.eutopia.cz/)

~~~
dbalan
Here is moxie's reply in that matter
[https://news.ycombinator.com/item?id=10665520](https://news.ycombinator.com/item?id=10665520)

~~~
superkuh
He's doing great and useful work, there's no doubt. But requiring a phone
number for an internet instant messenger is still a deal breaker even with
Chromium as an alternative.

~~~
Freak_NL
_The_ most useful piece of metadata available to anyone harvesting user
profiles for surveillance or profit. Governments must love phone numbers.
Getting an anonymous phone number for each separate service you register with
is practically infeasible.

I worry about how influential people like Moxie Marlinspike are seemingly
turning the modern 'mobile-first' development paradigm into a 'mobile-only'
mindset. I don't believe in secure and private computing when you are making
it very hard for people to use your tools on (or via) anything but the two
dominant mobile operating systems.

~~~
acqq
Here I copy the "dead" message from "uola":

"Yes, phone numbers are public enough that they are shared everywhere, but
unique enough to lead to a single person not to speak of that persons
movements. And "just use twilio" isn't a motivation for using phone numbers in
the first place.

If he had said "the benefits of finding friends are greater than the privacy
implications" or something like that there would at least been a case for a
discussion, but now he's seemingly saying "oh, if you really care about
privacy you could/should use a fake phone number"."

\---

Personally, I don't know how "a fake phone number" setup can be implemented,
especially in the countries where each phone number is assigned to one ID at
the time of purchase, so to me "use a fake phone number" sounds like "let them
eat cake."

~~~
haffenloher
> If he had said "the benefits of finding friends are greater than the privacy
> implications" or something like that there would at least been a case for a
> discussion

This has already been discussed at length many times. Perhaps uola hasn't seen
this blog post yet:

[https://whispersystems.org/blog/contact-
discovery/](https://whispersystems.org/blog/contact-discovery/)

~~~
acqq
That post still goes from the starting point of "social graph" and "5000 users
in the contact list." It's completely the opposite of what's the most
reasonable need: say if I want to communicate using the encryption only with
my girlfriend, I don't want any of other contacts be ever seen by any server,
and I can agree with her how we'll identify each other, but we surely don't
need real phone numbers transferred to any servers, and we don't even have to
use always the same real numbers.

------
indlebe
Moxie's been a huge inspiration for me in tech, i first discovered him through
his blog post Career Advice: [https://moxie.org/blog/career-
advice/](https://moxie.org/blog/career-advice/)

~~~
nurmara
I've read this blog post multiple times over the past few months and I wish I
knew about it before I went to college. His career advice has so much clarity
that I can't find elsewhere (so far).

Thanks for sharing the link. I'm about to do a career switch and reading this
again is certainly reassuring. He is right. We are what we do for a living.

I find his work very inspirational and I hope I'll be able to personally thank
him one day for all the work he has done.

~~~
domusliber
If you don't mind me asking, what career are you switching from and to? I'm
about to graduate but I'm not looking forward to any of my default career
options. I'd be curious to hear about your experience and plans.

~~~
nurmara
I'm about to graduate from medical school in a few months. Once I get my
medical degree, I'm going for an undergraduate degree in Computer Science.
I've always wanted to do computer science since high school but I equally
wanted to become a doctor. At one point I decided being a doctor was more
important. I valued autonomy highly and I figured nothing is better than the
freedom to operate my own small private practice in the future. I didn't want
to end up being employed as a programmer and I expected that being a
freelancer is no where near as stable in terms of job prospects as being a
doctor, especially on the long run. Add to that the fact that I was fascinated
by how the human body works for the same reasons I was fascinated with
computers. I think any hacker-minded person would. I wanted to know the ins
and outs of the human body. I wanted to know how it breaks, and how to fix it.
Also, to be honest, I was very tempted with the extra income that comes with
medical practice, but autonomy was ultimately the primary motive.

6 Years later, here I am, graduating with a decent GPA but having 0% interest
in pursuing clinical practice, although i have performed very well clinically
and in terms of my medical knowledge. I simply realized that the practice of
medicine (specifically diagnostics and treatment decisions) is nothing but a
classification problem. We are literally trained to memorize 'algorithms'
(flow charts) for diagnosing and managing hundreds of different illnesses.
That's about it really. It boils down to asking a standard set of questions
(the patient's history), examining the patient, and trying to guess the
diagnosis. Often, lab tests are needed (you order them based on the flow chart
you memorized for the presenting symptoms). Once they're available, the
diagnosis is usually clear, or further testing and imaging is required, and
the cycle continues. Even for the complicated medical issues, this whole
process can be represented by a simple flowchart that easily fits on an A4
sheet). The majority of modern day work done by doctors can (and will) be
automated in the near future. The biggest hurdle was never the technology;
it's the laws and regulations. I've seen papers published in the 80s where AI
bested human doctors in diagnosing many diseases, and recently I've seen more
impressive results in radiology and pathology diagnostics, where the diagnosis
purely depends on vision, which is a very complicated problem when you try to
solve it with computers. The results are very promising and some papers have
shown results where human pathologists and radiologists were outperformed by
computer vision.

Humans are obviously still needed to deal with patients. It takes some
clinical skill to know how to extract information from patients, how to
examine them, and how to look for clues, but that does not strictly require a
doctor to be done properly. In fact, most of our medical training, even in
residency, is concerned with learning more and more 'algorithms', guidelines,
and staying up to date with the latest medical evidence.

Computers won't replace doctors in surgical specialties, but they certainly
will replace primary care physicians, as well as doctors in other fields like
internal medicine (including its subspecialties like cardiology, Pulmonology,
etc), emergency medicine, oncology, and others. These fields purely depend on
memorizing and recalling flow charts of diagnosis and management. Humans are
fallible when it comes to memory and recall, computers are much much less
fallible in these cases, and virtually infallible in some cases (100%
diagnostic sensitivity and specificity was reported in some studies, which is
impossible to achieve by humans)

By the time I realized what I mentioned above, I was already close to
finishing med school. I decided to graduate first then see what I wanted to do
next. I no longer saw any inherent joy or value in being a doctor. There is no
room for trying to be creative, smart, or efficient. You just have to follow
the official guidelines and policies, and hope you don't get sued when you,
inevitably, make a mistake. I see no meaning in a career like that.

I love coding and I love learning CS in my free time so my decision for what
to do next was easy. There are some interesting studies utilizing AI for
diagnosing cancer metastasis on CT scans using computer vision, and that's an
example of a topic I might be interested in. I don't necessarily want to do
medically related research all the time though. All I want to do is to be a
software engineer working on very interesting projects. Even the most mundane
coding projects are easily 10x more mentally stimulating than clinical work in
my opinion.

In retrospect, I have no regrets. I know a lot about how my body works and I
leanred a lot from dealing with hundreds of patients over the years. I also
learned a lot about who I am and what I really want, and to me, this knowledge
is invaluable. I also realized how much I appreciated computer science.

I guess that's enough rambling. Apologies for the late and long reply. I hope
you found it useful, and I wish you the best of luck in your future career ;)

~~~
pfg
This was very interesting and insightful to read, thanks!

~~~
nurmara
You're welcome :)

------
aavotins
With people like Moxie the future doesn't look that bleak anymore. The guy is
really dedicated to what he is doing and, quite honestly, it is pleasing to
see someone in the tech community who is not egocentric around creating his
online persona. I'm not trying to insult anyone, just expressing gratitude
that there's people who care about code, not striving to become rock stars.

------
circuit_breaker
Watch his documentary "Hold Fast" to get a glimpse of just how unique and
interesting a character he is. Anarchists yachting? Yes, more, please

~~~
j_s
[https://vimeo.com/15351476](https://vimeo.com/15351476)

------
abalone
I've respected Moxie Marlinspike ever since he made sslstrip, a simple
illustration of the fundamental insecurity of browser-based HTTPS.

However I do question his premise that criminals already have the wherewithal
to opt in to "clunky" strong encryption before engaging in criminal activity.

In fact there are many scenarios where criminals simply go with the default
security configuration in consumer devices, either because they (a) did not
plan the crime in advance or (b) aren't as smart about opsec as you might
expect.

There are many good arguments to make strong encryption the default for
consumer devices, but here I feel he was attempting to take an easy way out by
pretending it's orthogonal to investigating crimes. In fact it is a tradeoff,
granting us security from cybercriminals and bad state actors (if there's even
a difference), while making it harder for law enforcement in some scenarios.

~~~
EdHominem
Right, not _all_ criminals can choose secure defaults. But those who can't are
unlikely to be all that secure in other ways either meaning that it won't
change the threat landscape much.

Besides, it wouldn't kill our LEOs to work for their supper. This reliance on
dragnet tactics means that'll soon be all they're able to do.

------
xg15
To be honest, I don't understand what substantial benefit end-to-end
encryption actually brings in an environment of (almost-)mandatory updates.

\- If someone from Facebook/Telegram/Signal/etc wants to know what you're
writing, they can just instruct their app (via update) to send them your key.
For closed-source services, you'd theoretically have to decompile and audit
each update to make sure they are not doing that.

\- If they want to know what you have written in the past, they can instruct
the app to send them the conversation log.

\- If Google (or Apple or Microsoft, respectively) want to know what you're
writing, they can instruct the OS to send them the data. (Google's "Android
Backup Service" for example also backs up "third party settings and data" [1].
I don't know about the details of the backup service, but this shows to me
it's quite possible that your key or conversation logs might even land
accidentally on some providers' servers without them having any bad intent.)

\- If (three letter agency of your choice) wants to get the data, they can
just force any of the above companies via NSLs to get it for them.

\- If any of the US strategic partners want to get the data, they can likely
make a deal with an intelligence agency.

\- Lastly, if the messenger company wants to mine or sell user data, they
still have a lot of stuff that cannot be encrypted for operational reasons
(such as your contact list and the phone numbers of all your contacts).

That leaves to me the only group for which "overlay encryption" brings an
actual benefit political activists in a country not at all affiliated with the
US - or highly knowledgeable individuals who carefully control which updates
they get. Both groups are important to consider but likely had ways to protect
their communication before.

To actually protect communication not just from "the government" but also from
the private industry, we would at least need some independent party to vet app
updates.

[1]
[https://support.google.com/nexus/answer/2819582?hl=en](https://support.google.com/nexus/answer/2819582?hl=en)

~~~
rashkov
I think the assumption is that any sufficiently motivated attacker will find a
way to compromise their target. What e2e encryption accomplishes is the end of
dragnet surveillance of entire societies, something that Snowden has exposed
in great detail already.

~~~
xg15
But my point is that the way end-to-end encryption is implemented currently
doesn't even accomplish that: Either you trust your messenger provider not to
be complicit in any surveillance or data mining activities, then plain TLS
(with key-pinning) is enough to save you from being snooped - or you don't
trust them, then you're not actually protected as they could push an update at
any time to sidestep the encryption.

There are certain cases were current end-to-end encryption brings more
security - e.g. if a provider's data center is compromised but the provider
itself isn't. But those seem like edge cases to me that don't justify the
attention the feature is currently getting.

~~~
pfg
It's not perfect, but E2E crypto does make it significantly harder to get to
the plaintext. A backdoor will always leave some kind of paper trail (if you
know what to look for), whereas intercepting the plaintext on the server
cannot be detected by users at all. Legally speaking, compelling a company to
intercept messages that they have access to sounds different than compelling
them to develop and sign a backdoored version of their product - that's
essentially the Apple vs. FBI case.

I think this is a case of perfect being the enemy of good. If a state actor
wants access to your messages, you're probably screwed anyway, unless your
OpSec is top-notch. E2E crypto means that they'll have to _really want_ your
messages, at which point they're probably better off just stealing your phone
or using a $5 wrench.

------
ashitlerferad
Moxie makes encryption for the majority of people, not for everyone.

------
vechernyaya
Oh the irony of an article about encryption on a site sans encryption.

~~~
ScottBurson
Huh? I'm connecting over HTTPS right now. Have you tried it?

~~~
BGZq7
When I try, I get a certificate that expired 5 months ago.

www.popsci.com uses an invalid security certificate. The certificate expired
on 12/10/2015 05:59 PM. The current time is 05/11/2016 01:39 AM. Error code:
SEC_ERROR_EXPIRED_CERTIFICATE

------
dimino
> that has garnered praise by everyone from Snowden to filmmaker Laura Poitras

The idiom "everyone from X to Y" is supposed to demonstrate breadth of
support, where X and Y are very different sources, but Snowden and Poitras are
most certainly _extremely_ similar sources.

------
brianzelip
Three cheers for Moxie!

------
detaro
slightly OT: has anybody made a bot or alternative client for Signal (even
basic functionality)? I'd love to see a code example and was surprised that I
couldn't find anything.

------
ex3ndr
Not for everyone, their crypto is GPL only and GPL can't be deployed
everywhere.

~~~
wtbob
> Not for everyone, their crypto is GPL only and GPL can't be deployed
> everywhere.

GPL code can be used anywhere; GPL code cannot be made proprietary.

~~~
sandebert
Well, no. You could have a situation where there's a policy in place
forbidding installing GPL-licensed products. (I don't have any info about it,
but I wouldn't be surprised if that was the case at Microsoft a while ago.)

EDIT: I'm getting downvotes and don't understand why. I'm seriously
interested, can someone explain the reason?

~~~
avmich
> You could have a situation where there's a policy in place forbidding
> installing GPL-licensed products.

You might have situation with policies forbidding anything. Like, MS Windows.
Or Macs. Or smartphones. Rarely, yes, but I'm surprised GPL looks that unique
regarding this matter.

~~~
AstralStorm
Weird that someone would prohibit installing GPL licenced software. It is a
very different case than using GPL licenced code in development. Sounds like a
dumb lawyer trying to hard cover his rear against reverse engineering
accusations. Which you cannot do in this way anyway.

