[Dailydave] Clique - a stillborn project

Ben Nagy ben at iagu.net
Mon Jul 11 23:43:52 EDT 2016


I just spent a while talking myself out of spending my holiday writing
code. Instead I am going to be doing elementary Ancient Greek,
finishing up the calculus sections of khanacademy and working through
Malory's epic Mort D'Arthur.

Here's the pitch: Clique is a standalone app that operates a gmail
account. If you're registered, you can send PGP encrypted emails to it
(but if you're using ancient ciphers they'll bounce). Clique decrypts
them, then re-encrypts and re-mails them individually to the other
registered participants. Yes, it's a mailing list.

There are several elephants in this room, and I'll take a minute to
address them as straw-men. Or straw-elephants. I don't even know if
metaphors stack.

Why not just use [some piece of crap OSS mailing list server]?

First and foremost, I didn't even find any that claim to be able to do
this. The key point of Clique is that it encrypts outgoing emails to
individual public keys. Secondly, there are a lot of users who would
be... uncomfortable... with the idea of trusting a mail server that
speaks to the internet (for DNS and, say, SMTP(s) IMAP(s) or POP). It
would get worse when you tell them that it's running a plugin to
automatically muck around with GPG.

I thought you hated GPG, publicly, because you're all COMSEC hipster and shit?

What I've actually said is that GPG is a terrible choice for covert
communication. The users that would like Clique are something like
(huge coincidence) research teams working on secret shit. Everyone
knows who they are and that they talk. The main driver for those users
is the confidentiality of the messages and the ability to be able to
add or remove users from the list fairly expediently.

Why not just use Tor and Signal?

Once again, there are some users for whom "linking" is their
overwhelming concern. If their real identities are linked to
pseudonyms, that's a problem. If real identities are linked to
"certain other users" then that's also a problem. To address those
issues, there are a number of technologies that have evolved to have
very different properties to, say, PGP. Because those approaches are
more recent, they are assumed, in some circles, to be universally
superior; in reality, however, they are simply better at _certain
things_

Covert multi-party communication is hard. Stupid hard. Instead of
trying to hitch my cart to the hype-train express, I had planned to
just spend a couple of weeks banging out code and have a tool that
would work well for the people that needed it.

Why run it through Google? Are you a lizard person?

I am a fan of letting Google handle the hard stuff. DNS is hard.
Running a mail server is hard. Data security, physical security, blah
blah blah. Since Clique (would) run on any machine and is simply a
consumer of the Gmail API it has a much smaller attack surface. Also,
since the flow is through Gmail, that takes care of most of the
availability issues (if such exist). There is no privacy concern with
using Gmail for this, though. They get to see encrypted messages.
That's the entire threat the system is designed to resist. It's fine.
They get to see who is emailing, and when. Yes, but that's a threat
this system is NOT designed to resist.

I may yet be a lizard person, that's an independent premise.

What could possibly go wrong?

If the person running Clique is malicious, you lose everything. That
shouldn't worry you, though, since you all use Slack. Since clique
(would have been) a standalone client, written in Go, it doesn't
depend on any OS stuff, so you'd be free to just set a machine to
auto-install all updates and reboot whenever. Anything can be hacked,
of course, but a standalone machine which you're allowed to update,
running one client in a memory-safe language is close to a best-case
scenario.

Anyway, that's it. It's probably wrong to bore thousands of people
with an elevator pitch for software I didn't even write, but it's at
least a change from SILICA videos.

If you find yourself with a couple of weeks and nothing better to do,
feel free to keep the name.

Cheers,

ben


More information about the Dailydave mailing list