Slashdot Mirror
Hacktivismo launches ScatterChat
un1xl0ser writes to tell us Hacktivismo has released a new chat program known as ScatterChat. It is a friendly fork of GAIM that "provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation." This announcement was made at HOPE, where CDs were distributed. A torrent and several screenshots are also available."
And thought it was some kind of poo-flinging device.
liqbase
For encryption to catch on it needs to be done at protocol level, IMHO. For example the unfortunately unfree project SCIM. That's the only way to really hide it from the end user, and that's what's necessary.
Tor is a great idea. My few forays into that dimension have been, however, somewhat disappointing, speed wise. I'm not sure how well it's going to deal with a realtime app like IM. Aside from the path obfuscation provided by tor, I'm not sure how this is significantly more ... newsworthy... than OTR ( http://en.wikipedia.org/wiki/Off-the-record_messag ing ) messaging. OTR provides "Perfect Forward Secrecy" and "Deniable Encryption", and plugins/local proxies/native support is already available in/for current IM clients.
Thinking outside my Head
Gaim is quite modular and allows plugins to do a lot. The base Gaim with no plugins supports zero IM protocols and does not even show a system tray icon. (It comes with those plugins.) Why could this not have been implemented as a plugin? I already have twoend-to-end encryption plugins installed (gaim-encryption and gaim-otr). I would not expect secure file transfers to be difficult to do as a plugin. Really, I am just not sure about TOR, but that should be submitted as a patch to the offical Gaim source tree (or, at least a patch for a way for plugins to add proxy options).
Centralization breaks the internet.
Does it come with instructions for making you own tin-foil hat?
un1xl0ser writes to tell us Hacktivismo has released a new chat program known as ScatterChat. It is a friendly fork of GAIM that "provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation." This announcement was made at HOPE, where CDs were distributed. A torrent and several screenshots are also available."
.MOD songs from crackers.
It's funny that I have Tivo and I have no idea what this person is talking about.
>provides end-to-end encryption
OK good.
>This announcement was made at HOPE
Alright I'll wait. In the meantime, I'll be listening to
I don't see anything particularly interesting here. We already have gaim-encryption. You already can use tor as a proxy for gaim. So... why is this interesting?
Does anyone know why yahoo IM hasn't worked all day?
If I have something really important to communicate, I communicate by semaphore, you know, flag waving. Because lord knows it's more fun to communicate in awkward, clumsy ways that slow down our train of thought to a trickle. I hate to bash chatting, but it's used too often when a simple phone call would do. People spend hours chatting to communicate what could have been said in a few minutes verbally. I'm sure there are people that would argue that IM'ing allows them to keep their anonymity. But we've seen (at that very HOPE gathering) that anonymity is an illusion. Also, if you are hiding your identity to protect yourself from people you don't trust, why are you even talking to them? And as far as encryption goes, email can virtually eliminate the man-in-the-middle attack and basic spoofing if the third party doesn't know exactly when the message will be sent. Or at least make it not worth the effort. And all of it is really ridiculous when you realize that phones are really efficient means of communicating. The above issues could be solved by not phoning strangers and using payphones. Don't even get me started on text messaging...
7h3$3 4r3n'7 7h3 Ðr01Ð$ ¥0 4r3 £00|{1n9 f0r. M0v3 4£0n9. --OB1
This strikes me as a little odd, as the use of Tor in this context seems somewhat redundant given that public/private keypairs are being used for the communication, meaning that a the participants can be easily identified in a conversation as being user A and user B. That said, the use of Tor may make it more difficult to track that back to Person A and Person B.
The problem is that because the key pairs are persistant, a user need only connect without Tor once, and suddenly it is possible to identify the person demonstratably responsible for a potentially large number of conversations.
As another person here has mentioned, OTR would have probably been a better choice due to the deniability aspect. In conjuction with Tor, this would mean that tracking (and proving) a conversation is connected to a person would be more difficult. The exception may be if users had already exchanged public keys, in which case the ability to use those public keys may be conventient. Of course, those keys can still be taken advantage of in the first-step verification of the user for OTR communication.
It seems like a good idea, just the choice of method of encrypted communication of messages seems a strange.
But am I willing to put a CD from cDc in my machine? I think not.
I don't care about your karma, I don't care about what's hip. --Weird Al
yahoo IM is not working for me either, it has been down since before noon US CST
Erm, WTF is the Trogdor button for? (Besides burnination, obviously)
Someone at Yahoo deleted "The Internet" (icon) again!
I don't often flame people who do this kind of work. On the contrary, I admire, support and participate in online activism in places where dissent can be uncomfortable, to say the least. I'm normally the first to applaud and embrace these technologies. BUT:
I hope their code is better than their understanding of HTML. Their User's Guide goes miles out of its way to break basic web functionality. It's like they're punishing the reader for not choosing PDF in the first place.
Seriously, this is more than a nitpick. If I'm going to trust these folks with information important - possibly dangerous - enough that I have a serious need to protect it, then for heaven's sake I want to know that they know what they're doing. I mean, honestly, this is emphatically not the place where anyone should tolerate hand-waving and pooh-poohing of 'minor' details.
In their own words:
If you really mean this, don't you think you should fix your documentation?
Crumb's Corollary: Never bring a knife to a bun fight.
http://freehaven.net/~aphex/torch/torch.png
.onion addresses to identify buddies. It is very secure.
It is more like jabber. It uses
I don't use Gaim myself. But I don't understand why those involved found it necessary to fork Gaim. Anyone knows?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
It mostly doesnt work, it crashes constantly and is confusing.
I'm a technical people, so how the hell would a non-technical people be able to figure it out?!?
I just hope he read the internet before he took it out of the tube.
I haven't installed ScatterChat yet, but I bet it suffers from the same problem as all the other encrypted IM apps. That is, it doesn't work for multiple computers that share the same accounts.
When I'm at home, if I turn on encryption for AIM, it works great. But then when I go to work and use that AIM account, everyone I talked to earlier is sending messages based on my home key, making it impossible to communicate.
The key needs to be exportable, so I can use the same key everywhere. Or, maybe there could be a command to request a key change...
In my opinion, the only way encryption would catch on is if it did three things:
1. Securly encrypt file data to prevent hacking at least 60% of the time.
2. Didn't consume so many resources and reduce system performance and speed to a crawl (this has been a recuring theme when stuff is encryted on my PC).
3. Could mask what is going on and make it appear as background traffic i.e. break up the data stream into several bits to speed up transfer and reduce chance of someone of figuring out what is beinging moved (large file should = more bandwidith and encryption, thus greater chance of it being targeted by hackers).
Maybe software agencies looking to provide reliable encryption tech should take a look at the bit torrent community they've got some pretty good stuff.
Read more: And the Yahoo! Server goes down...
"The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
You guys are all missing the point, but thats alright since the article didn't tell it to you and none of you were there.
I was, so I'll be kind enough to point it out.
ScatterChat was designed for people who have reason to fear their conversations being watched. Specifically political dissadents and activists in countries where censorship is common, such as in the middle east or channel. This is to be used for them, and for reporters, and for people who are, in some way or another, are trying to save the world but don't have the time to learn about computers.
Along these lines, Hacktivismo developed a tool that runs out of the box encryption and anonomizer. They have already met with activists to help learn what the tool should do (from a user end) and to teach them how to use it. They're also working on the next version. They mentioned that they are looking for people to help with the documentation, and for the translation into other languages (mainly, Chinese and Arab).
So, don't be so harsh. While you're all here whining about how this program isn't 1337 enough for you, these guys are working on a program that will keep people out of jail just because those people have thoughts of freedom. You think it could be better? Email them and help.
tedivm
1. Develop "ScatterChat" encrypted chat.
2. Get "Visual Radio".
3. ???
4. Superpower!
I like the use of "Lord Spankatron" in the screen shots.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I'm a bit paranoid about my privacy, but damn are the guys at Hacktivismo dramatic about it. They seem to think that everything they make is a tool that will assuredly be used in a rebellion against an oppressive regime, and boy are they ever sticking it to the Man!
"ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory."
Hostile territory? Political dissidents? HACKTIVIST WEAPON? It's a goddamn instant messenger. Useful? Sure it would be if there weren't already GAIM plugins for encrypting your messages. But even if they weren't, it's hardly a revolutionary weapon that will stamp out tyranny.
And their Hacktivismo License? That cracks me up. "If you use this software, and you commit human rights abuses, we can sue your ass!"
Don't get me wrong, I agree with these guys on a lot of points. But with the level of drama, you'd think an allegorical The Man should be wearing a black mask over his eyes and tiptoeing around the stage stealing food from starving children and shocking prisoners' testicles.
Does anyone know why yahoo IM hasn't worked all day?
My guess would be that the tubes are clogged.
Push Button, Receive Bacon
I think the features of ScatterChat can not be compared with MSN,ICQ, or others.
I don't use GAIM myself but I get a good feel for the quality of a program by the number of security advisories I see. There's no real logic to this but after I've noticed a certain number of advisories an app will be forever tainted in my mind. Do the GAIM devs take security seriously? Where are the list of fixed security problems on the GAIM website or sf project pages? What's the point in adding advanced privacy and security features when the underlying software itself has such a poor history on security?
Maybe they fired the wrong person.
Question for religious people: where do unrepentant masochists go when they die?
I couldn't find any reference in the 'easy to read manual' that said if they've fixed the atrocious password management in GAIM. Storing your passwords in pain text in a file is ridiculous. The gaim folks seems to spend more time defending this decision (they even made a special page about it) that they could have fixed the problem in this time. What's up with an encrypted file and ask you for your password once just like firefox does?
TROGDOOOORRR!!
under contact on scatterchat.com the maintainer link is a myspace account
http://www.myspace.com/j_testa
If a myspace page is your way of telling the world about yourself (and telling us WAY too much) then I'm not sure I want to run your software.
The message is encrypted by the TEA algorithm, before being sent to server at the browser. The password remains only in the browser window.
The TEA is the strong encryption. Besides the source code of the Secure Chat can be viewed easily. And the data sent and received can be checked easily.
You can check it here:
http://www.enetplanet.com/schat/
Participants should have the agreed password prior to using the Secure Chat.
I picked up the Chicago Tribune this week. It's finally been established conclusively--after it was established no one would go to jail for it--that Chicago cops have been tying people to radiators, beating them, and (natch) shocking their balls for years. No one is going to jail. Now there's Gitmo and extraordinary rendition and telcos with big old Matrix hoses coming out the back of their heads. Journalists are disappearing in battle zones, being imprisoned. CIA agent "outed." Missing weapons of mass deception and so on. So when should we start feeling paranoid? I'll add too that there was a time when people in the Eastern Bloc were getting random donations of old modems, which they wanted very much to help their dissident zamizdat publications. I have met a poet who can't communicate with his family per his government's order. Maybe some chatting or something would be nice.... Sometimes American's and others don't know how nice they have it.
I've been testing out this Scatterchat on a Windows XP machine, and it crashed like 10 times in 6 hours already. Not something I would use when I would want to take over the world.
When I saw this post today regarding the public release of ScatterChat, a bad tingle went down my spine, as I sensed that either the FBI or DHS would be "collecting" its co-contributors and possibly also people attending the HOPE conference in New York (..not that they're directly related, as they're not). I've looked into this a little, and I don't believe that Hacktivismo broke the law -- by legally querying databases on an individual who signed his permission over for same. However, ScatterChat is just the type of product that represents a serious threat to our government. Why, you ask? Because of the simple fact that it's algorithms and encryption scheme enable users to communicate anonymously and securely, without any real fear of having that conversation compromised or sniffed successfully. The product is immune to replay attacks and penetration attacks, and it uses a level of encryption that the DoD would consider pretty darn secure! Consider the implications: a terrorist cell communicating with their higher-ups in another country. While I'd be one of the first people to stand up and say that our government isn't *squeaky-clean* itself, it is faced with an awful task of trying to prevent terrorism, or terror-enabling activity, in order to protect it's citizens (us). As interesting as it is to discuss and think about, I'd consider ScatterChat and products of similar ilk, to be a threat to national security, and I'd suggest that the government might well see it that way as well. IMHO, ScatterChat may well have been the real reason that the FBI raided the HOPE conference and arrested Hacktivismo.
http://upload.wikimedia.org/wikipedia/en/d/d8/Tian asquare.jpg
I think they have a right to be a tad dramatic.
But even if they weren't, it's hardly a revolutionary weapon that will stamp out tyranny.
If they eventually create a tool that Chinese dissedents can use to easily communicate with one another without being tracked, it could very well be such a tool.
I concur with your comments about ScatterChat's docs, but give 'em a break; most good coders aren't the right people to document their own work. To be honest, I'm more concerned that these guys who wrote this secure IM client don't know how dangerous posting stuff like that is on their website.
This quote from their press release says it all: "...Please don't use these torrents if you are residing in America or another country where strong cryptography is considered a dangerous weapon that shouldn't be shared freely, use one of the mirrors below instead."
Islamic Fundamentalist organizations don't need more encouragement to get sneakier. But by them posting this stuff publicly, ScatterChat's developers are inviting scrutiny from the Feds, that they won't enjoy one bit.. Peace!
A million. You see, despite Hacktivismo being an offshoot of the cDc focused on information rights, they are specifically interested in the contents of YOUR computer. Sure, putting backdors in would undermine the progress that has been made with Camerashy and 6/4, but archived hatemail you sent to your ex will be theirs, GODDAMIT. And afterwords, they will use it to hack China. ALL of china.
Clean my soul, clean my carpet.
While I'll bite my tongue on your choice of clients, it seems that somebody is or was working on an OTR plugin for Trillian.
p hp?threadid=69580
p hp?s=&threadid=80721
You might want to read through this thread here:
http://www.ceruleanstudios.com/forums/showthread.
You can almost certainly use OTR through Trillian using OTR's proxy mode (where you point Trillian to the localhost as a proxy server for AIM, and OTR encrypts the messages and then sends them out to the real AOL server -- this method is AIM-only), and there does seem to be significant interest in getting a native plugin so that it works as easily as GAIM and Adium do.
Supposedly (according to one post in that thread above), the makers of Trillian have a plugin available for download so you can use OTR, and you can get it from this login-required link:
http://www.ceruleanstudios.com/forums/showthread.
(You need some sort of 'premium' membership or something.)
I would be very interested if you wanted to check it out (if you have a membership) and report back, and I'd also be curious if they're distributing source. It's a bit sleazy of them IMO to be restricting downloads of the thing to members only, but maybe that's just because it's beta. I'll give them the benefit of the doubt there, I suppose, since the Cerulean people have played pretty nicely with OSS efforts in the past, I've heard.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
cDc in the house bitches, REALIZE