Slashdot Mirror
Hacktivismo launches ScatterChat
un1xl0ser writes to tell us Hacktivismo has released a new chat program known as ScatterChat. It is a friendly fork of GAIM that "provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation." This announcement was made at HOPE, where CDs were distributed. A torrent and several screenshots are also available."
And thought it was some kind of poo-flinging device.
liqbase
For encryption to catch on it needs to be done at protocol level, IMHO. For example the unfortunately unfree project SCIM. That's the only way to really hide it from the end user, and that's what's necessary.
Tor is a great idea. My few forays into that dimension have been, however, somewhat disappointing, speed wise. I'm not sure how well it's going to deal with a realtime app like IM. Aside from the path obfuscation provided by tor, I'm not sure how this is significantly more ... newsworthy... than OTR ( http://en.wikipedia.org/wiki/Off-the-record_messag ing ) messaging. OTR provides "Perfect Forward Secrecy" and "Deniable Encryption", and plugins/local proxies/native support is already available in/for current IM clients.
Thinking outside my Head
Gaim is quite modular and allows plugins to do a lot. The base Gaim with no plugins supports zero IM protocols and does not even show a system tray icon. (It comes with those plugins.) Why could this not have been implemented as a plugin? I already have twoend-to-end encryption plugins installed (gaim-encryption and gaim-otr). I would not expect secure file transfers to be difficult to do as a plugin. Really, I am just not sure about TOR, but that should be submitted as a patch to the offical Gaim source tree (or, at least a patch for a way for plugins to add proxy options).
Centralization breaks the internet.
Does it come with instructions for making you own tin-foil hat?
I don't see anything particularly interesting here. We already have gaim-encryption. You already can use tor as a proxy for gaim. So... why is this interesting?
Does anyone know why yahoo IM hasn't worked all day?
This strikes me as a little odd, as the use of Tor in this context seems somewhat redundant given that public/private keypairs are being used for the communication, meaning that a the participants can be easily identified in a conversation as being user A and user B. That said, the use of Tor may make it more difficult to track that back to Person A and Person B.
The problem is that because the key pairs are persistant, a user need only connect without Tor once, and suddenly it is possible to identify the person demonstratably responsible for a potentially large number of conversations.
As another person here has mentioned, OTR would have probably been a better choice due to the deniability aspect. In conjuction with Tor, this would mean that tracking (and proving) a conversation is connected to a person would be more difficult. The exception may be if users had already exchanged public keys, in which case the ability to use those public keys may be conventient. Of course, those keys can still be taken advantage of in the first-step verification of the user for OTR communication.
It seems like a good idea, just the choice of method of encrypted communication of messages seems a strange.
But am I willing to put a CD from cDc in my machine? I think not.
I don't care about your karma, I don't care about what's hip. --Weird Al
Someone at Yahoo deleted "The Internet" (icon) again!
trogdor was a cipher
maybe he was a cipher...key
or maybe he was just a key
but he was still TROGDOOOOR
I don't often flame people who do this kind of work. On the contrary, I admire, support and participate in online activism in places where dissent can be uncomfortable, to say the least. I'm normally the first to applaud and embrace these technologies. BUT:
I hope their code is better than their understanding of HTML. Their User's Guide goes miles out of its way to break basic web functionality. It's like they're punishing the reader for not choosing PDF in the first place.
Seriously, this is more than a nitpick. If I'm going to trust these folks with information important - possibly dangerous - enough that I have a serious need to protect it, then for heaven's sake I want to know that they know what they're doing. I mean, honestly, this is emphatically not the place where anyone should tolerate hand-waving and pooh-poohing of 'minor' details.
In their own words:
If you really mean this, don't you think you should fix your documentation?
Crumb's Corollary: Never bring a knife to a bun fight.
http://freehaven.net/~aphex/torch/torch.png
.onion addresses to identify buddies. It is very secure.
It is more like jabber. It uses
Oh, see, I think that FAR too often, people pick up the PHONE and CALL me when a tiny IM would have done the trick. I could do with a little less of that direct communication, thank you; most people talk, and talk, and talk, and say so very little; IM is asynchronous. I can address it when I feel like it, or if I'm in the middle of figuring out a particularly knotty problem with seven xterms running snoop and tcpdump on six different machines, I can IGNORE it.
Lots of people use OTR or other IM-encryption to keep their local net nazis from showing up at their desk because they said "b00bs" in an IM conversation with a friend. I'm not particularly worried about the government; in spite of being a political radical, I really don't present much of a threat. The local yokels, on the other hand, are positively *dying* for an opportunity to prove the value of their hand-dandy new sniffer.
Thinking outside my Head
I just hope he read the internet before he took it out of the tube.
You guys are all missing the point, but thats alright since the article didn't tell it to you and none of you were there.
I was, so I'll be kind enough to point it out.
ScatterChat was designed for people who have reason to fear their conversations being watched. Specifically political dissadents and activists in countries where censorship is common, such as in the middle east or channel. This is to be used for them, and for reporters, and for people who are, in some way or another, are trying to save the world but don't have the time to learn about computers.
Along these lines, Hacktivismo developed a tool that runs out of the box encryption and anonomizer. They have already met with activists to help learn what the tool should do (from a user end) and to teach them how to use it. They're also working on the next version. They mentioned that they are looking for people to help with the documentation, and for the translation into other languages (mainly, Chinese and Arab).
So, don't be so harsh. While you're all here whining about how this program isn't 1337 enough for you, these guys are working on a program that will keep people out of jail just because those people have thoughts of freedom. You think it could be better? Email them and help.
tedivm
I like the use of "Lord Spankatron" in the screen shots.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I'm a bit paranoid about my privacy, but damn are the guys at Hacktivismo dramatic about it. They seem to think that everything they make is a tool that will assuredly be used in a rebellion against an oppressive regime, and boy are they ever sticking it to the Man!
"ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory."
Hostile territory? Political dissidents? HACKTIVIST WEAPON? It's a goddamn instant messenger. Useful? Sure it would be if there weren't already GAIM plugins for encrypting your messages. But even if they weren't, it's hardly a revolutionary weapon that will stamp out tyranny.
And their Hacktivismo License? That cracks me up. "If you use this software, and you commit human rights abuses, we can sue your ass!"
Don't get me wrong, I agree with these guys on a lot of points. But with the level of drama, you'd think an allegorical The Man should be wearing a black mask over his eyes and tiptoeing around the stage stealing food from starving children and shocking prisoners' testicles.
A million. You see, despite Hacktivismo being an offshoot of the cDc focused on information rights, they are specifically interested in the contents of YOUR computer. Sure, putting backdors in would undermine the progress that has been made with Camerashy and 6/4, but archived hatemail you sent to your ex will be theirs, GODDAMIT. And afterwords, they will use it to hack China. ALL of china.
Clean my soul, clean my carpet.