[Autocrypt] Obstacles to the Adoption of Secure Communication Tools

Harry Halpin harry.halpin at inria.fr
Sat May 27 08:19:38 EDT 2017 

Attached is a link to the NEXTLEAP study on high-risk users. We're still extending it, including a focus on high-risk users in the Middle East, but it does show some interesting behavior:

https://www.internetsociety.org/sites/default/files/eurousec2017_16_Ermoshina_paper.pdf

I agree with Kali's assessment. The main point we showed was that high risk users have a well-defined threat model, do care about anonymity, and will notice key material changes - but again, they often misinterpret what is going on in the software.

Some interesting excerpts:

Developers  tended  to  distinguish  between  low-risk  users
who  are  “privacy-aware”  and  high-risk  users  such  as  human
rights  activists  in  war-zones,  and  further  distinguish  these
two  groups  explicitly  from  the  “high-knowledge”  expert  (but
usually “low risk”) users, e.g. researchers and tech-savvy users
who  install  the  software  to  test  out  their  capabilities.  The
division between high-risk and low-risk users held up in the in-
terviews. High-risk users, unlike low-risk users, focus on active
attacks  and  have  a  well-defined  threat  model.  However,  low-
risk users had an implicit threat-model with a focus on passive
threat models, such as server seizure. High-risk users worried
about active attacks ranging from device compromise to active
man-in-the-middle attacks but were not certain to what extent
they were protected by secure messaging applications.
Due  to  these  difference  in  threat  models,  high-risk  users
often  try  to  verify  keys  (after  they  receive  a  notification  that
the  key  has  been  changed  in  Signal,  WhatsApp,  Wire  or
other applications) while low-risk users with a “passive” threat
model did not. High-risk users tend to check the authenticity
of  a  person  if  the  key  material  changes,  but  may  check  for
authenticity  informally  using  context  rather  than  using  only
cryptographic verification: “I verify keys in PGP, but...I verify
the  person  by  other  means...  we  speak  about  same  things.  In
Jabber also I often just do it manually, without shared secret.
But I always check if I receive something warnings about the
persons  device”  (K.,  trainer).  High-risk  users  are  afraid  that
the  devices  of  their  friends  have  been  physically  accessed,
stolen or otherwise taken away by powerful adversaries willing
to  use  physical  force  and  subterfuge  to  access  contacts  lists.
Some  high-risk  users  tend  to  confound  device  seizure  with
keys  being  changed,  and  do  not  realize  that  if  a  device  was
seized  an  adversary  could  continue  communicating  using  the
seized key material. Some do realize this possibility but then
try  to  ascertain  the  identity  of  their  contacts  using  out-of-
band  channels:  “If  I  get  a  message  from  Signal  for  example,
saying that my contacts device has changed or his fingerprints
changed ... I normally try to get in touch with the person ... I
need to hear the voice” (Ukraine, trainer).


...

High-risk  users  in  Ukraine  emphasized  their  usage  of
Cryptocat  group  chats  during  Maidan  revolution,  thanks  to
the  relative  anonymity  (understood  by  them  as  absence  of
any connection to a telephone number) that would not reveal the
metadata of high-risk users in a group chat. As security trainers
point out, Telegram group chats are also popular among high-
risk users despite the fact that encryption for group chat offered
in Telegram is very basic, defaulting to simple TLS rather than
the more advanced M-PROTO protocol for group chat. We’ve
observed  several  groups  of  activists  and  researchers  working
in Russia and Ukraine in a high-risk context (namely covering
the events in the east of Ukraine) that trusted Telegram group
chats over their secret group communications

  yours,
          harry


----- Mail original -----
> De: "Kali Kaneko" <kaliyuga at riseup.net>
> À: "Vincent Breitmoser" <look at my.amazin.horse>
> Cc: "autocrypt" <autocrypt at lists.mayfirst.org>, "Autocrypt"
> <autocrypt-bounces+kaliyuga=riseup.net at lists.mayfirst.org>
> Envoyé: Vendredi 26 Mai 2017 23:57:48
> Objet: Re: [Autocrypt] Obstacles to the Adoption of Secure Communication Tools
> 
> On 2017-05-27 12:48, Vincent Breitmoser wrote:
> 
> > Participants were 18 to 70 years, almost all of them had higher
> > education (BSc/MSc), three were retired. It's far from perfect, but "a
> > bunch of kids" seems like an inaccurate description :)
> 
> sure I exceeded myself in my dissapointment. the higher education bias
> is still there :)
> 
> I don't usually bet, but in this case I'm willing to bet a beer with you
> on the median of the participants being below 30. Ping me if you find
> the tables!
> 
> --
> We reject: kings, presidents and voting.
> We believe in: rough consensus and running code.
> _______________________________________________
> Autocrypt mailing list
> 
> Post: Autocrypt at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/autocrypt
> 
> To Unsubscribe
>         Send email to:  Autocrypt-unsubscribe at lists.mayfirst.org
>         Or visit:
>         https://lists.mayfirst.org/mailman/options/autocrypt/harry.halpin%40inria.fr
> 
> You are subscribed as: harry.halpin at inria.fr
>

More information about the Autocrypt mailing list