[General] Bulk CNE - Improve Tox threat model

bob smith bobsint at hotmail.com
Mon Oct 5 21:36:55 EDT 2015 



In After the Summer of Snowden Jacob Appelbaum states the following:



And a lot of people I think probably would say, well targeted 
surveillance is okay, mass surveillance is wrong. This is a false 
distinction, and whenever someone presents it to you, you should reject 
it. Because, actually, what the British government has just come out and
 said, is that the future of surveillance is going to be bulk CNE, or 
Computer Network Intrusion, where they break into computers to extract 
data. So the notion of targeting a specific computer to exfiltrate data 
is something they want to do at mass scale. To pull data out. So 
everything is about mass surveillance, about bulk transfer of 
information.





My proposal is, add




"Tox (or any other software-only product for that matter) can't protect you from bulk CNE.
 When sending messages, be aware that you no longer need to be an 
"important" target to get your computer hacked, and anything you see or 
type may be seen by entities such as the FBI / NSA / GCHQ."


either to front page, or after the "--life-or-death situation." at Tox FAQ. The end result would look like





While we believe Tox is secure against attackers who want to decrypt 
your messages, you may wish to use a more established solution if you 
are in a life-or-death situation; Tox (or any other software-only 
product for that matter) can't protect you from bulk CNE.
 When sending messages, be aware that you no longer need to be an 
"important" target to get your computer hacked, and anything you see or 
type may be seen by entities such as the FBI / NSA / GCHQ.





I understand that it's not the job of Tox to fix issues in host OS, but running TCB on networked OS is inherently insecure configuration. To quote Matthew Green:





Each of the apps seem quite good, cryptographically speaking. But 
that's not the problem. The real issue is that they each run on a 
vulnerable, networked platform. 






Tox like all tools, should provide a fair warning about this. Tox is 
intended to be a "secure Skype replacement". There's no denying that Tox
 is more secure than Skype, but failure to mention Tox's limitations 
against the changing threat model of the average Joe, might place him 
under larger danger, when he assumes he's able to speak freely.

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tox.chat/pipermail/general/attachments/20151006/6ac21848/attachment.html>

More information about the General mailing list