[Dailydave] Clique - a stillborn project

Thomas Quinlan tom at thomasquinlan.com
Tue Jul 12 13:33:57 EDT 2016 

Nothing says you have to use your real identity with something like 
this:

https://spideroak.com/solutions/semaphor



On 12 Jul 2016, at 4:43, Ben Nagy wrote:

> I just spent a while talking myself out of spending my holiday writing
> code. Instead I am going to be doing elementary Ancient Greek,
> finishing up the calculus sections of khanacademy and working through
> Malory's epic Mort D'Arthur.
>
> Here's the pitch: Clique is a standalone app that operates a gmail
> account. If you're registered, you can send PGP encrypted emails to it
> (but if you're using ancient ciphers they'll bounce). Clique decrypts
> them, then re-encrypts and re-mails them individually to the other
> registered participants. Yes, it's a mailing list.
>
> There are several elephants in this room, and I'll take a minute to
> address them as straw-men. Or straw-elephants. I don't even know if
> metaphors stack.
>
> Why not just use [some piece of crap OSS mailing list server]?
>
> First and foremost, I didn't even find any that claim to be able to do
> this. The key point of Clique is that it encrypts outgoing emails to
> individual public keys. Secondly, there are a lot of users who would
> be... uncomfortable... with the idea of trusting a mail server that
> speaks to the internet (for DNS and, say, SMTP(s) IMAP(s) or POP). It
> would get worse when you tell them that it's running a plugin to
> automatically muck around with GPG.
>
> I thought you hated GPG, publicly, because you're all COMSEC hipster 
> and shit?
>
> What I've actually said is that GPG is a terrible choice for covert
> communication. The users that would like Clique are something like
> (huge coincidence) research teams working on secret shit. Everyone
> knows who they are and that they talk. The main driver for those users
> is the confidentiality of the messages and the ability to be able to
> add or remove users from the list fairly expediently.
>
> Why not just use Tor and Signal?
>
> Once again, there are some users for whom "linking" is their
> overwhelming concern. If their real identities are linked to
> pseudonyms, that's a problem. If real identities are linked to
> "certain other users" then that's also a problem. To address those
> issues, there are a number of technologies that have evolved to have
> very different properties to, say, PGP. Because those approaches are
> more recent, they are assumed, in some circles, to be universally
> superior; in reality, however, they are simply better at _certain
> things_
>
> Covert multi-party communication is hard. Stupid hard. Instead of
> trying to hitch my cart to the hype-train express, I had planned to
> just spend a couple of weeks banging out code and have a tool that
> would work well for the people that needed it.
>
> Why run it through Google? Are you a lizard person?
>
> I am a fan of letting Google handle the hard stuff. DNS is hard.
> Running a mail server is hard. Data security, physical security, blah
> blah blah. Since Clique (would) run on any machine and is simply a
> consumer of the Gmail API it has a much smaller attack surface. Also,
> since the flow is through Gmail, that takes care of most of the
> availability issues (if such exist). There is no privacy concern with
> using Gmail for this, though. They get to see encrypted messages.
> That's the entire threat the system is designed to resist. It's fine.
> They get to see who is emailing, and when. Yes, but that's a threat
> this system is NOT designed to resist.
>
> I may yet be a lizard person, that's an independent premise.
>
> What could possibly go wrong?
>
> If the person running Clique is malicious, you lose everything. That
> shouldn't worry you, though, since you all use Slack. Since clique
> (would have been) a standalone client, written in Go, it doesn't
> depend on any OS stuff, so you'd be free to just set a machine to
> auto-install all updates and reboot whenever. Anything can be hacked,
> of course, but a standalone machine which you're allowed to update,
> running one client in a memory-safe language is close to a best-case
> scenario.
>
> Anyway, that's it. It's probably wrong to bore thousands of people
> with an elevator pitch for software I didn't even write, but it's at
> least a change from SILICA videos.
>
> If you find yourself with a couple of weeks and nothing better to do,
> feel free to keep the name.
>
> Cheers,
>
> ben
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list