C3Subtitles: 36c3: What's left for private messaging?
back

What's left for private messaging?

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:05
Language
English
Abstract
It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp have led a broader recognition of the importance of end-to-end encryption. There's still plenty of work to be done in finding new designs that balance privacy and usability in online communication.

This introduction to secure messaging will lay out the different risks that are present in communications, and talk about the projects and techniques under development to do better.

The talk will begin with a threat modeling exercise to be able to concretely talk about the different actors and potential risks that a secure messaging system can attempt to address. From there, we'll dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal (and now the noise framework).

The bulk of the talk will focus on the rest of the problem which is more in-progress, and in particular consider the various metadata risks around communication. We'll survey the problems that can arise around contact discovery, network surveillance, and server compromise. In doing so, we'll look at the forays into communication systems that attempt to address these issues. Pond offered a novel design point for discovery and a global network adversary. Katzenpost adapts mixnets to limit the power of network adversaries and server compromise in a different way. Private Information Retrieval (PIR) trades off high server costs for a scheme that could more realistically work with mobile clients. Others, for instance Secure Scuttlebutt attempt to remove the need for infrastructural servers entirely with gossip and partial views of the network, a whole other set of tradeoffs.

Talk ID
10565
Event:
36c3
Day
1
Room
Ada
Start
12:50 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Will Scott

Talk & Speaker speed statistics

Very rough underestimation:
156.6 wpm
860.8 spm
159.1 wpm
871.2 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%

Talk & Speaker speed statistics with word clouds

Whole talk:
156.6 wpm
860.8 spm
Will Scott:
159.1 wpm
871.2 spm