1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
- @title = "Let's play security bingo!"
- @author = "Elijah"
- @posted_at = "2012-08-28"
- @preview = capture_haml do
:textile
To be honest, this is might be the least satisfying game of bingo ever--but let's play anyway. The rules are simple: draw a grid, label the columns for different platforms, and label the rows for important communication toolsets. In each cell, put the name of an open source software package with reasonable security properties. If this exercise doesn't make you break down in tears, then you have won.
%style
:sass
table.table
border: 1px solid #ccc
background: white
td
width: 12.5%
font-size: 0.9em
border-right: 1px solid #ccc
td.section
border-right: 0
= @preview
:textile
The rules probably need some adjustment if this game is to catch on.
Here is my attempt at playing:
%table.table
%tr
%th
%th
%th Windows
%th Mac
%th Linux
%th iOS
%th Android
%th Web
%tbody
%tr
%td.section{:rowspan => 3} Messages
%td Short Message
%td{:colspan => 3} Pidgin, Gajim, OTR
%td SecureChat
%td Gibberbot, Beem, TextSecure
%td Cryptocat
%tr
%td Long Message
%td{:colspan => 3} (Thunderbird + Enigmail)
%td
%td (K-9 + AGP)
%td
-# %tr
%td Social Networking
%td
%td
%td
%td
%td
%td
%tbody
%tr
%td.section{:rowspan => 5} Files
%td Storage
%td DiskCryptor
%td
%td EncFS, DMCrypt
%td
%td (AOSP, LUKS Manager, Cryptonite)
%td SafeWith.me
%tr
%td Backup
%td Duplicati
%td
%td Déjà Dup
%td
%td FlashBack
%td
%tr
%td Synchronization
%td{:colspan => 3} (Syncany, git-annex)
%td
%td
%td
%tr
%td Data Wipe
%td
%td
%td wipe
%td
%td InTheClear
%td N/A
-# %tr
%td Collaboration
%td
%td
%td
%td
%td
%td
%tbody
%tr
%td.section{:rowspan => 3} Audio/Video
%td Direct Calling
%td{:colspan => 3} (Jitsi)
%td
%td RedPhone, CSimpleSip
%td
%tr
%td Conference
%td{:colspan => 3} (Mumble)
%td
%td (Mumble)
%td
%tr
%td Capture & Reporting
%td
%td
%td
%td
%td ObscuraCam
%td
%tbody
%tr
%td.section{:rowspan => 2} Network
%td Availability
%td{:colspan => 5} Commotion
%td N/A
%tr
%td Confidentiality & Anonymity
%td{:colspan => 5} Tor, (OpenVPN)
%td N/A
%tbody
%tr
%td.section{:rowspan => 3} Identity
%td Passwords
%td{:colspan => 3} KeePassX
%td
%td KeePassDroid
%td
%tr
%td Validation
%td{:colspan => 6} (OpenPGP, OTR)
%tr
%td Authentication
%td{:colspan => 6} Mozilla Persona, WebID
-# %tbody
%tr
%td.section{:rowspan => 2} Anti-intrusion
%td Firewall
%td
%td
%td Many
%td
%td DroidWall
%td N/A
%tr
%td Anti-virus
%td
%td ClamXav
%td ClamAV
%td
%td
%td N/A
-# %tbody
%tr
%td.section{:rowspan => 3} Productivity
%td Events & Scheduling
%td
%td
%td
%td
%td
%td
%tr
%td Tasks & Planning
%td
%td
%td
%td
%td
%td
:textile
Looking at this table, two things are immediately obvious: first, I don't know much about Mac or iOS; second, there are a lot of missing cells, and most of the filled cells are dubious in nature.
I put cells in parenthesis whenever I felt that the cell contents were egregiously doubtful. This could be for any number of reasons:
* *Not ready*: Some software shows promise, but there is not really any code that is ready to be used. For example, Syncany and git-annex.
* *Security problems*: Some software has notable security problems. Mumble, for example, only supports variable bit-rate encoding and is thus not suited to prevent eavesdropping by a skilled adversary.
* *Hostile to users*: Much of the available software exemplifies a painful user experience. For example, Jitsi, OpenVPN, or OpenPGP.
What is missing might be more revealing than what is listed. These toolsets are entirely absent from my 'security bingo' game card:
* *Social Networking:* When I excluded software that I think is unfeasible (SecureShare) or has no security (Diaspora, etc), then you end up with zero projects.
* *Document Collaboration:* I have high hopes an encrypted etherpad, but so far no one has started work on it.
* *Photos/Vidoes & Galleries:* Nothing I have heard of.
* *Events & Scheduling:* Nothing I have heard of.
* *Tasks & Planning:* Nothing I have heard of.
I also excluded a few obvious categories:
* *Firewall:* Reasonable firewall support is now built into most operating systems.
* *Anti-virus:* Viruses are still mostly a problem on Windows. Other platforms have just gotten lucky so far.
If you have suggestions for how I can fill in my game card, please write elijah@leap.se.
|
