[Autocrypt] Obstacles to the Adoption of Secure Communication Tools
Harry Halpin
harry.halpin at inria.fr
Sat May 27 08:19:38 EDT 2017
Attached is a link to the NEXTLEAP study on high-risk users. We're still extending it, including a focus on high-risk users in the Middle East, but it does show some interesting behavior:
https://www.internetsociety.org/sites/default/files/eurousec2017_16_Ermoshina_paper.pdf
I agree with Kali's assessment. The main point we showed was that high risk users have a well-defined threat model, do care about anonymity, and will notice key material changes - but again, they often misinterpret what is going on in the software.
Some interesting excerpts:
Developers tended to distinguish between low-risk users
who are “privacy-aware” and high-risk users such as human
rights activists in war-zones, and further distinguish these
two groups explicitly from the “high-knowledge” expert (but
usually “low risk”) users, e.g. researchers and tech-savvy users
who install the software to test out their capabilities. The
division between high-risk and low-risk users held up in the in-
terviews. High-risk users, unlike low-risk users, focus on active
attacks and have a well-defined threat model. However, low-
risk users had an implicit threat-model with a focus on passive
threat models, such as server seizure. High-risk users worried
about active attacks ranging from device compromise to active
man-in-the-middle attacks but were not certain to what extent
they were protected by secure messaging applications.
Due to these difference in threat models, high-risk users
often try to verify keys (after they receive a notification that
the key has been changed in Signal, WhatsApp, Wire or
other applications) while low-risk users with a “passive” threat
model did not. High-risk users tend to check the authenticity
of a person if the key material changes, but may check for
authenticity informally using context rather than using only
cryptographic verification: “I verify keys in PGP, but...I verify
the person by other means... we speak about same things. In
Jabber also I often just do it manually, without shared secret.
But I always check if I receive something warnings about the
persons device” (K., trainer). High-risk users are afraid that
the devices of their friends have been physically accessed,
stolen or otherwise taken away by powerful adversaries willing
to use physical force and subterfuge to access contacts lists.
Some high-risk users tend to confound device seizure with
keys being changed, and do not realize that if a device was
seized an adversary could continue communicating using the
seized key material. Some do realize this possibility but then
try to ascertain the identity of their contacts using out-of-
band channels: “If I get a message from Signal for example,
saying that my contacts device has changed or his fingerprints
changed ... I normally try to get in touch with the person ... I
need to hear the voice” (Ukraine, trainer).
...
High-risk users in Ukraine emphasized their usage of
Cryptocat group chats during Maidan revolution, thanks to
the relative anonymity (understood by them as absence of
any connection to a telephone number) that would not reveal the
metadata of high-risk users in a group chat. As security trainers
point out, Telegram group chats are also popular among high-
risk users despite the fact that encryption for group chat offered
in Telegram is very basic, defaulting to simple TLS rather than
the more advanced M-PROTO protocol for group chat. We’ve
observed several groups of activists and researchers working
in Russia and Ukraine in a high-risk context (namely covering
the events in the east of Ukraine) that trusted Telegram group
chats over their secret group communications
yours,
harry
----- Mail original -----
> De: "Kali Kaneko" <kaliyuga at riseup.net>
> À: "Vincent Breitmoser" <look at my.amazin.horse>
> Cc: "autocrypt" <autocrypt at lists.mayfirst.org>, "Autocrypt"
> <autocrypt-bounces+kaliyuga=riseup.net at lists.mayfirst.org>
> Envoyé: Vendredi 26 Mai 2017 23:57:48
> Objet: Re: [Autocrypt] Obstacles to the Adoption of Secure Communication Tools
>
> On 2017-05-27 12:48, Vincent Breitmoser wrote:
>
> > Participants were 18 to 70 years, almost all of them had higher
> > education (BSc/MSc), three were retired. It's far from perfect, but "a
> > bunch of kids" seems like an inaccurate description :)
>
> sure I exceeded myself in my dissapointment. the higher education bias
> is still there :)
>
> I don't usually bet, but in this case I'm willing to bet a beer with you
> on the median of the participants being below 30. Ping me if you find
> the tables!
>
> --
> We reject: kings, presidents and voting.
> We believe in: rough consensus and running code.
> _______________________________________________
> Autocrypt mailing list
>
> Post: Autocrypt at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/autocrypt
>
> To Unsubscribe
> Send email to: Autocrypt-unsubscribe at lists.mayfirst.org
> Or visit:
> https://lists.mayfirst.org/mailman/options/autocrypt/harry.halpin%40inria.fr
>
> You are subscribed as: harry.halpin at inria.fr
>
More information about the Autocrypt
mailing list