For Mike Kelly, @mikekelly85

Alec Muffett
Nov 7 · 4 min read

So there’s this thread, by this guy, who is pitching that “WhatsApp isn’t open-source so it must be bad in [various hypothetical ways]”.

Mike, the argument you’re making is quite literally anti-security; let’s start:

  • there IS no such thing as perfect security
  • there ARE no such things as ubiquitous threat models
  • and people ARE empowered to make their own choices (with admittedly, varying degrees of informed-ness) and choose and act accordingly.
let’s see if Mike can see the irony in “prove you’re not a bot”

Part of the fallacy of Mike’s argument is in bandying around the concepts of “guarantees” — which later come back as:

Alec, you built E2EE into Facebook stuff but even if you reviewed every line of code of the app you still can’t give any personal guarantee about the integrity of the binary that’s served off the App Store because Apple could do anything with it before it gets to my phone.

and:

Back in the real world, your Neo-from-the-Matrix posturing on E2EE results in:
— lay people thinking your app guarantees them privacy when it doesn’t.
— your app abetting unsophisticated criminals; making them more expensive for authorities to monitor, and causing society harm.

This is a variety of “strawman” argument; aside from the facts that:

  • there are no “guarantees” in security
  • nobody sensible or competent ever makes “guarantees” regarding the security of a messenger app, nor makes such promises to “lay people”
  • you’re appealing without proof to an amorphous constituency (“lay people”) and holding that they must possess some shared misunderstanding, and asserting that that misbelief IS SOMEONE ELSE’S FAULT ENTIRELY?

…aside from all that, somehow Mike manages to instantly switch from:

“lay people who are completely incapable of benefitting from end-to-end encryption, somehow because WhatsApp is not open-source”

to:

“unsophisticated criminals leveraging end-to-end encryption [presumably of the same, closed-source WhatsApp] to cause cost to ‘authorities’ and cause ‘society harm’”

…within the space of two bullet points.

How? How is this rational?

Answer: it’s not.

All we’re looking for is a little consistency, Mike.

Mike is angry at closed source:

“This includes not acting like backdooring E2EE would make any real difference to users in practice.” — this is nonsense, you’re saying “we don’t know where our food comes from, so it must not be fit for consumption” irrespective of from where you’re getting it.

You can see where he’s going (“yes, sometimes there are cockroaches in kitchens and mice poop in granaries”) but unless you live a very boring diet and grow everything yourself from seed — and, also, previously check your soil and manure for carcinogens, biohazards, and toxins — you’re gonna starve.

So: don’t starve. Accept that there is still some risk in any platform or software tool, mitigate it as appropriate to the nature of communication you are having, and the extent of your threat profile.

Use apparently decent software. Change it if circumstances change. Don’t take guarantees from anybody, including baseless and evidence-free guarantees that [some software] will not help you in [some way], because it might.

td;dr — use common sense and do your best. Not everyone is Ed Snowden, nor faces his challenges, and I think Ed would agree.

So yeah, Mike, maybe you are a bot?

I have literally heard Sir David Omand attempt to make the nihilistic “Facebook have all your data, why can’t we have it too?” argument[*], and all this solipsism (“stuff outside my direct experience is not trustworthy”) and nihilism (“you can’t get perfect security, so why even bother?”) is really toxic to actual, practical, beneficial user education.

I doubt that any of this will change you one jot, but it’s a lot nicer to get it down on Medium rather than attempt to squeeze it into tweets, and I’m writing it for the other people, in any case.

Thread: https://twitter.com/AlecMuffett/status/1192206611907063808

edit/ps: Thompson made all of Mike’s core points, except rationally and more coherently, in this epic paper from 1984: Reflections on Trusting Trust

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf


[*] The answer, David, is: because if Facebook is between Alice and Bob, they are the third party platform and comms provider. GCHQ is a fourth party, why should you be involved at all?


Edit: oh dear.

Alec Muffett

Written by

Security Researcher. Recovering Cynic.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade