In the Seven Days article about Gibberfish published on April 26th, two security experts criticized Gibberfish’s security model, warning that by advertising our services to activists, we pile the most vulnerable populations into one honeypot, making a big fat target. This is a very real risk, which the Gibberfish team is keenly aware of, so we think it is important to explain exactly how we will minimize this risk and address it with our future clients.
At the outset, we must identify the problem. Many security professionals rightly believe that by marketing tools to activists directly, we actually make them less secure. It is the same as piling all the troops in one place and then telling the whole world here they are. Or maybe it is like Fort Knox: A big warehouse that everyone knows is filled with gold. By making a product that is targeted to activists, you also gather all the activists in one place. And if that software gets hacked, they could get all the activists’ data in one swoop. So instead of making a safe place for activists, the security tool actually makes them more vulnerable.
In contrast, privacy tools that are marketed towards the general public effectively hide activists in the mass of general traffic. Most conversations on Signal, or web searches on Tor, are of no interest to malicious hackers or the government whatsoever. But that noise serves to hide the sensitive communications. And by advertising themselves to the general public, they have a wider user base, which leads to more funding and better access to security experts who make sure the tools are bulletproof.
But this particular solution does not work for every security tool. We are, in essence, giving away server space. If we let the general public sign up whenever they want, our servers will be packed with bootleg Hollywood movies, and much worse, in no time. A company called Megaupload tried it, and the company collapsed in a whirlwind of lawsuits and prosecutions. We can’t hide activists in the mass of the general public because we can’t give this service away to the general public.
So what do we do to address this honeypot problem?
First, we recognize that our service will not work for everyone! Security is not a one-size-fits-all concept. Some activists may approach us and we will teach them to use other tools. If someone is moving a large cache of highly sensitive data, our collaborative cloud storage solution is not their best choice and we will gladly point them to better options. Similarly, if you are part of a diverse group of protesters that needs to coordinate quickly and anonymously, we are also not your best choice. But if you are a small non-profit, or similar public interest group, that is using free email and Google Drive to run your organization, contact us! We are a much better solution.
Second, our service is not just for activists – or at least it is not targeted towards the stereotypical activists with black masks clashing with the police. Lots of people are activists on the local level, working on projects that get less news coverage, and doing real good in a more quiet way. They need security just as much as the Snowdens and Assanges of the world. So our service is not gathering all the controversial activists – who are likely the most vulnerable – in one place so they can be targeted by law enforcement. Instead, we are helping less flashy groups work together securely. We define the term activist far more broadly than law enforcement (or, it seems, the general public). In addition, by using Tor, some of our future clients will be able to hide the fact they accessed Gibberfish, making the service less of an obvious target in some instances.
Third, we may not be the biggest name out there, but we still get some of that benefit. Our software is built from an existing open source project called Nextcloud, which has a business attached to it. They have a large team of security experts. And because it is an open source project, we get the benefit of their code. What we are doing is taking this existing software and improving it by making it easier to deploy, making it zero knowledge, and by working on the user interface. By standing on the shoulders of an existing project, we are much better off than a service built from scratch. And we will be contributing our work back to Nextcloud, so if they like what we have done, they can incorporate it into their product as well. It is not the same as having an army of security experts working for us exclusively, but it is the next best thing.
And finally, we like to point out that Gibberfish is not just a privacy tool. It is a tool for collaboration that happens to be secure. Working together effectively is important for activists, non-profits, NGOs, and everyone else we hope to serve. Giving people a great program that happens to be secure is a better way of protecting their privacy than giving them a privacy tool (or a whole bunch of tools) that does not fit into their ordinary routine. If people do not use their privacy tools consistently, it doesn’t matter how great those tools are.
In the end, the criticism in the Seven Days article is well taken. But it is also slightly off the mark. When you take into account what we are offering – and who we are offering it to – the honeypot problem is less of a risk. And to the extent it is a risk – because putting data into a centralized place is always a risk – that risk is worth it if we can help move some public interest groups towards services that are more secure than the ones they are using now, all while giving them better tools to do their good work.
Rob Rickner is a civil rights and commercial litigation attorney at Rickner PLLC in New York City.