Last week, Gibberfish was the subject of an article in the Seven Days newspaper. We responded to the article on this blog, and also sent a letter to the editor, which was printed in this week’s edition. We have re-printed it here as it appears in the Letters to the Editor section of sevendays.com:
In last week’s profile of Gibberfish [“Shroud in the Cloud,” April 26], an Electronic Frontier Foundation representative expressed skepticism: “It creates a honeypot. All you have to do is break this one tool, and you have all the activists.” It’s a reasonable concern, and one we thought through when designing our platform.
Unlike other offerings, we don’t run a centralized system. Each client has their own isolated server; there are no shared resources. Leaks from any of these systems will be contained to that server alone. Granted, there may be vulnerabilities in the common codebase, but that’s a universal issue for all software, even the alternatives suggested by the EFF. As we said in the interview, “It’s an arms race.”
Also, many secure systems require users to have apps and data stored on their phone or computer. These devices are more likely to be compromised by malware and viruses, or physically stolen. Gibberfish allows users to work entirely in a browser. Their files are stored on their server, not on a local device.
And by using Tor, it’s easy to access Gibberfish without leaving a trail. Our system is accessible as a “hidden service,” making it virtually impossible to monitor its use.
Finally, Gibberfish is based on Nextcloud, a commercial open-source software platform. So we benefit from having its security team testing much of the underlying code.
Is Gibberfish a magic bullet that’s perfect for everyone? Of course not, but we believe it provides a much-needed private space for public-interest organizations to collaborate.
O’Donnell is the executive director of Gibberfish.