Slashdot Mirror
Hacktivismo launches ScatterChat
un1xl0ser writes to tell us Hacktivismo has released a new chat program known as ScatterChat. It is a friendly fork of GAIM that "provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation." This announcement was made at HOPE, where CDs were distributed. A torrent and several screenshots are also available."
Gaim is quite modular and allows plugins to do a lot. The base Gaim with no plugins supports zero IM protocols and does not even show a system tray icon. (It comes with those plugins.) Why could this not have been implemented as a plugin? I already have twoend-to-end encryption plugins installed (gaim-encryption and gaim-otr). I would not expect secure file transfers to be difficult to do as a plugin. Really, I am just not sure about TOR, but that should be submitted as a patch to the offical Gaim source tree (or, at least a patch for a way for plugins to add proxy options).
Centralization breaks the internet.
But am I willing to put a CD from cDc in my machine? I think not.
I don't care about your karma, I don't care about what's hip. --Weird Al
I don't often flame people who do this kind of work. On the contrary, I admire, support and participate in online activism in places where dissent can be uncomfortable, to say the least. I'm normally the first to applaud and embrace these technologies. BUT:
I hope their code is better than their understanding of HTML. Their User's Guide goes miles out of its way to break basic web functionality. It's like they're punishing the reader for not choosing PDF in the first place.
Seriously, this is more than a nitpick. If I'm going to trust these folks with information important - possibly dangerous - enough that I have a serious need to protect it, then for heaven's sake I want to know that they know what they're doing. I mean, honestly, this is emphatically not the place where anyone should tolerate hand-waving and pooh-poohing of 'minor' details.
In their own words:
If you really mean this, don't you think you should fix your documentation?
Crumb's Corollary: Never bring a knife to a bun fight.
http://freehaven.net/~aphex/torch/torch.png
.onion addresses to identify buddies. It is very secure.
It is more like jabber. It uses
Oh, see, I think that FAR too often, people pick up the PHONE and CALL me when a tiny IM would have done the trick. I could do with a little less of that direct communication, thank you; most people talk, and talk, and talk, and say so very little; IM is asynchronous. I can address it when I feel like it, or if I'm in the middle of figuring out a particularly knotty problem with seven xterms running snoop and tcpdump on six different machines, I can IGNORE it.
Lots of people use OTR or other IM-encryption to keep their local net nazis from showing up at their desk because they said "b00bs" in an IM conversation with a friend. I'm not particularly worried about the government; in spite of being a political radical, I really don't present much of a threat. The local yokels, on the other hand, are positively *dying* for an opportunity to prove the value of their hand-dandy new sniffer.
Thinking outside my Head
GAIM encryption doesn't provide perfect forward secrecy, for example. And to my knowledge it doesn't do message signing to guarantee authenticity. I was in the same Crypto II class at RIT as this guy, he went over a lot of the features it contains that aren't otherwise available. He made a lot of changes to basically increase the paranoia level of the security (the key sizes are immense, the aim has been security first, speed second). Not sure if he managed to find a way to use elliptic curve DSA legally yet, but he's put a lot of thought into upping the security.