Engadget was good enough to feature the Geekcorps Mali Wifi-via-water-bottle antenna designed by Ian Howard and crew… but they didn’t credit Ian or Geekcorps. As Ian points out in a comment on the piece, the Geekcorps crew is now developing antennas as inexpensive as $2 per install. And they’re reaching out to the web as a whole for help on other challenging problems, like how to heat-sink a Pentium 4 in a country where the air is filled with fine Saharan dust and daytime temperatures can exceed 55C. (That’s 130F for you Americans in the crowd…)

The Mali program – which is designed to help provide wireless Internet access to community radio stations – was the last project I had a hand in designing for Geekcorps. It’s working amazingly well, bringing broadband to a number of radio stations, and helping others start digitally engineering and editing their broadcasts.

Of the efforts taking place under the Geekcorps brand name, Geekcorps Mali is the one closest to my original vision for Geekcorps and the one I’m proudest of. I’m ludicriously grateful to Ian for the hard work he’s done in Mali, and in keeping the Geekcorps vision alive.

Thanks to Ndesanjo Macha’s Digital Africa for pointing me to the Engadget story.

I received excellent feedback on the first draft of the technical guide to internet anonymity I wrote a few days back for Global Voices. One of the questions I was asked (multiple times, and sometimes quite forcefully!) was why I hadn’t included the Tor (The Onion Router) network in the draft document.

The simple answer: I hadn’t had time to play with the system yet, and couldn’t talk about it in other than theoretical terms. (And I have this thing about not praising or panning software without actually using it…)

But I had some “free” (heh) time this morning and wanted to fire it up so I could add a section to the document, and see if Tor is something I’d want to run on a regular basis.

I was pretty damned impressed with the ease of installation of Tor on my Mac. I was all set to blame the Tor folks for releasing a broken .dmg file (the format used for Mac installation packages), when I discovered that I couldn’t install any .dmgs after installing Apple’s 10.3.9 update – nice work, Apple. (If you’re getting this page as a response to a search query for error -536870208 after installing 10.3.9, try running Disk First Aid, fixing any permissions errors you encounter and restarting. Worked like a charm for me.) But Tor installed itself and Privoxy, an exemplary adblocker and proxy, with almost no intervention on my behalf. After a restart, I only had to change preferences in Firefox, setting 127.0.0.1:8118 as my proxy for HTTP and HTTPS, to get the system up and working.

(Uninstallation is another matter. The installer doesn’t have an uninstall option. And the Tor-FAQ wiki is less than helpful regarding uninstallation: “This depends entirely on how you installed it. If you installed a package, then hopefully your package has a way to uninstall itself. If you installed by source, I’m afraid there is no easy uninstall method. But on the bright side, by default it only installs into /usr/local/ and it should be pretty easy to notice things there.” Gee, thanks.)

Uninstallation aside, it’s pretty clear that the developers of Tor are thinking hard about usability – as I read the draft of the paper they’re now working on, Challenges in Low-Latency Anonymity, I felt a certain amount of contrition about the rant I wrote last week about usability and anonymity. (Only a little contrition. I am a blogger, after all.)

Paper authors Roger Dingledine, Nick Mathewson and Paul Syverson make it clear that usability is one of the major goals of the system:

“The ideal Tor network would be practical, useful and anonymous. When trade-offs arise between these properties, Tor’s research strategy has been to remain useful enough to attract many users, and practical enough to support them. Only subject to these constraints do we try to maximize anonymity.”

This isn’t just because Tor’s architects are trying to be nice to their users. It’s because no anonymity strategy works if there are insufficient users. If you’re the only user of a particular strategy, you’re pretty damned visible to someone doing network analysis.

“Usability for anonymity systems contributes to their security, because usability affects the possible anonymity set. Conversely, an unusable system attracts few users and thus can’t provide much anonymity.”

Because they’re worried about maintaining large networks of users and anonymizing servers, they’re also very concerned about who uses Tor. If all the users are bad guys, it’s unlikely that universities, ISPs and other organizations capable of hosting high-bandwidth nodes will continue to participate.

“…the network’s reputability affects its operator base: more people are willing to run a service if they believe it will be used by human rights workers than if they believe it will be used exclusively for disreputable ends… So the more cancer survivors on Tor, the better for the human rights activists. The more malicious hackers, the worse for the normal users.”

So how well does Tor work, from the perspective of someone trying to recommend tools to human rights workers? For the most part, it works really, really well. Using IPID and noreply, I checked the IP I appeared to be coming from a couple dozen times. Six different “exit nodes” registered, from around the world. (Oddly, the first was a Harvard server, which caused me to worry for a few seconds.)

Tor automatically generates a path through proxy servers, encrypting traffic so that each router only knows the next router in the chain, and doesn’t know the contents of your packets. I’m guessing that Tor maintains each of these chains for a few minutes, changing them if they get congested, or otherwise when they “time out” – I noticed that I had the same exit node for a couple minutes at a time. (It’s, of course, possible that the intervening chain changed and the exit stayed the same.)

The ever-changing IP addresses lead to some odd web behaviors. Google, which uses geolocation to determine what nation you’re coming from, has greeted me in English, Dutch, Japanese and German over the past four searches. (And, by the way, Google clearly is using different algorithms for different languages – I get very different results for searches involving “Tor” in countries where the word means “bridge”.) That’s okay – I keep meaning to brush up my language skills. But it looks like I’m not going to be an especially good Wikipedian while using Tor. I’m blocked from editing pages because I’m coming from an anonymous proxy. Logging into my user account doesn’t help – I’m still blocked. (Oddly, this turns on and off as well. Perhaps Wikipedia is only blocking certain Tor routers?) The block page invites me to email Jimmy Wales to request a block exception and tells me that if I’m really in so much danger that I need strong anonymity that I shouldn’t contribute to Wikipedia. (I got this block page twice, but have not been able to recreate it lately, so I apologize that I don’t have the exact language.)

And Frontier, the weblog server that Harvard runs, fails utterly, complaining when I post that “the referrer did not match the expected referrer”.

Oh, and it’s slow. Noticeably slower than just using a single proxy, especially when accessing sites with a lot of images. (Flickr, for instance, is a miserable experience through Tor.) This makes sense – each file requested (each image) needs to get encrypted and decrypted several times. Even though each of those operations is pretty quick, they add up when you’re requesting a couple dozen images at a time.

But hey! Those are the only problems I’ve found. Super-complex javascript-dependent pages like gmail work just fine, and I can post to my WordPress blog just fine. And there are some lovely side effects to installing Tor and Privoxy – Privoxy does an astoundingly good job of blocking ads, so good that I’ll likely keep it running even when I disable Tor.

How useful is Tor for the theoretical whistleblower I talk about on Global Voices? Pretty darned useful. There’s three major drawbacks to the system for that imagined user:

Engadget was good enough to feature the Geekcorps Mali Wifi-via-water-bottle antenna designed by Ian Howard and crew… but they didn’t credit Ian or Geekcorps. As Ian points out in a comment on the piece, the Geekcorps crew is now developing antennas as inexpensive as $2 per install. And they’re reaching out to the web as a whole for help on other challenging problems, like how to heat-sink a Pentium 4 in a country where the air is filled with fine Saharan dust and daytime temperatures can exceed 55C. (That’s 130F for you Americans in the crowd…)

The Mali program – which is designed to help provide wireless Internet access to community radio stations – was the last project I had a hand in designing for Geekcorps. It’s working amazingly well, bringing broadband to a number of radio stations, and helping others start digitally engineering and editing their broadcasts.

Of the efforts taking place under the Geekcorps brand name, Geekcorps Mali is the one closest to my original vision for Geekcorps and the one I’m proudest of. I’m ludicriously grateful to Ian for the hard work he’s done in Mali, and in keeping the Geekcorps vision alive.

Thanks to Ndesanjo Macha’s Digital Africa for pointing me to the Engadget story.

For years, when asked about my religious affiliation, I would tell people I was a fundamentalist Unitarian. Pressed for a definition of Unitarian Fundamentalism, I told people that I was wholly intolerant of intolerance and believed that God would have his or her vengeance against anyone who didn’t respect all faiths and non-faiths. (I’ve mellowed with time, and my current church has gotten yet more liberal – now I just tell people that I’m a New England episcopalian.)

So imagine my excitement when the Unitarian Jihad sent their communique to the San Francisco Chronicle. I can’t quite figure out what they want, but that’s been true of every Unitarian I’ve ever met:

We are Unitarian Jihad. We are everywhere. We have not been born again, nor have we sworn a blood oath. We do not think that God cares what we read, what we eat or whom we sleep with. Brother Neutron Bomb of Serenity notes for the record that he does not have a moral code but is nevertheless a good person, and Unexalted Leader Garrote of Forgiveness stipulates that Brother Neutron Bomb of Serenity is a good person, and this is to be reflected in the minutes.

Beware! Unless you people shut up and begin acting like grown-ups with brains enough to understand the difference between political belief and personal faith, the Unitarian Jihad will begin a series of terrorist-like actions. We will take over television studios, kidnap so-called commentators and broadcast calm, well-reasoned discussions of the issues of the day. We will not try for “balance” by hiring fruitcakes; we will try for balance by hiring non-ideologues who have carefully thought through the issues.

I look forward to future Jihad communiques and to random acts of tolerance taking place in America’s cities and shocking our citizens with their very reasonableness.

Sorry, I’ve got to go now – someone appears to have planted a flaming question mark in my lawn, and it’s threatening to burn my raspberry bushes.

originally posted at blog.ethanzuckerman.com, April 14th

EFF published a report a few days ago, titled “How to Blog Safely”. It’s a good little piece, but it spends little time on the technical issues surrounding blogging anonymously or psuedonymously. One intriguing passage that caught my eye:

Invisiblog.com is a service that offers anonymous blog hosting for free. You may create a blog there with no real names attached. Even the people who run the service will not have access to your name.

Hmm. Now that I’ve gotta try. As we work with an increasing number of international bloggers whose blogs have the possibility of getting their authors into serious trouble, anonymous blogging seems like a really useful technology.

I give the invisiblog folks – who turn out to be a group of Aussie cypherpunks (”an anonymous conspiracy of cypherpunks and crypto-anarchists”) – credit. They’re amazingly, astoundingly, impressively paranoid. Rather than promising to throw away access logs, or log directly into /dev/null while encouraging users to use anonymous proxies, they’ve concluded the the web, as a whole, is too dangerous to use for input to blogs. You can only create an invisiblog or post to a blog via the MixMaster remailer system. And, so that you have a reliable, persistent psuedonym, Invisiblog requires that your first blog entry be your public PGP key, and that every subsequent post be signed with your private key, so it can be checked against your public key. (This is pretty clever. If they didn’t do this, there’s the danger that someone would determine the address you were sending posts to, and pretend to be anonymous-you by sending messages to the same address, posting them on your invisiblog.)

It’s been a while since I’ve looked at remailer technology – clearly, we’ve moved a long way from anon.penet.fi and the era of single-machine remailers. Those remailers made cypherpunks nervous, because a single compromised remailer could copy and redistribute all the emails it had been sent.

MixMaster – type II – remailers are chained together, sending a mail through two to twenty nodes before anonymously delivering it. I suspect, but am not sure, that MixMaster uses an “onion” encryption model to protect the message enroute. If the message is going to pass through mailers A,B,C and D, it’s first encrypted with the public key for mailer “D”. Then a header, to forward it onto mailer D is added, and encrypted for mailer C. Another header, another encryption for B and then again for A. Should anyone intercept the message at any point other than the last mailer, all they would know is where it was going next, not the message contents or the final destination. (And who knows – there’s probably some cleverness which makes it less important if the final mailer in the chain is compromised.)

Unsurprisingly, you can’t generate MixMaster messages from Thunderbird, or whatever other mail client you’re running. You need to run the MixMaster client/server and pipe your outgoing mail into the standalone program. And the program’s not available as a compiled binary in any of the currently supported versions – there’s a binary of the 2.0 software, compiled in 2002, which runs in DOS on a Windows PC, but doesn’t – for me, at least – appear to actually send any mail. To get MixMaster running on my Mac, I did some serious yak shaving. I converted from PGP to GPG, enabled sendmail on my Mac, installed the zlib, ncurses, openSSL and prce libraries and then built the program from source. (At this point, I began to realize that I was going to need to write really, really good instructions if I was going to encourage people to use this system.)

Once I got the program running, I had another problem. To function, MixMaster needs up-to-date lists of mailers, mailer keys and reliability statistics – the tarballs for MixMaster include out of date lists. So I wrote a quick shell script and attached it to a cron job so MixMaster would have up-to-date support files. (It was sometime around the moment I began writing this shell script that I realized that invisiblog, in its current configuration, really wasn’t going to work for my antigovernment activist friends in Turkmenistan.) Downloading the current files, I was ready to test the application for the first time, sending myself some anonymous mail.

And that’s where the next problem reared its head. Most FAQs on MixMaster warn you that it can take anywhere from 2 to 48 hours for an anonymous message to reach its destination. Oh, and that I could expect a MixMaster network to fail on at least 2% of messages sent, and that many users chose to send multiple copies of a message, assuming one or more would fail. As you can imagine, this makes it hard to tell whether a system is working or not. Over the last two days, I’ve sent out about half a dozen messages – each containing a timestamp and the exact flags I used to send the message – to myself. I finally hit on the right combination of flags and configuration files and got an anonymous message from myself around 5pm today.

So now I’m ready to test Invisiblog, about two days after beginning the project. (Yes, in fairness, I’ve gone from Berkshire to Boston and back and then to Atlanta in that time period, as well…) But I no longer have any confidence that it could be at all useful for the folks I’d like to introduce it to – human rights activists in repressive nations – because I absolutely can’t imagine supporting the program remotely. “Oh yeah, Ahmed, MixMaster sometimes takes two days to deliver a mail. Why don’t you just wait patiently for your post on government-sponsored torture to appear online. And if it doesn’t, you can try to post it again in a couple of days. Stay safe!”

All of which brings me to the actual subject of my rant: the unusability of cryptography. At “Fellows Hour” at Berkman – the weekly get-together of the geeky lawyers and lawyerly geeks I hang out with – I asked the ten people in the room how many people had installed and used PGP, GPG or another email encryption tool. Three hands went up, including mine. When I asked who’d used the system in the last three months, mine was the only hand that remained up. (Just so you know that I’m not the sort of paranoid geek who encrypts his email by default, the only messages I’ve sent via PGP are ones including credit card numbers or Unix passwords.

Why aren’t my extremely smart, extremely geeky friends using strong crypto? “It’s too hard.” Which obviously can’t be the answer. Passing the Massachusetts state bar exam is hard. Installing PGP and generating a key is awkward, but not actually hard. What my friends mean is “I don’t perceive a benefit to using email encruption, and therefore it’s not worth the bother.”

The truth is they (and I) use crypto all the time. Rarely does a day go by when I don’t access a site using SSL. But I seldom think about the fact that I’m using cruptography because my browser already had a certificate installed and most of the crypto work is handled by the server administrator, not by me. And yes, I understand that SSL encryption is considered weak by the cypherpunks and that central key registries are inherently insecure. But folks actually USE SSL, dammit, and very, very few people use PGP. With this in mind, I’ve been looking forward to seeing how Ciphire, which promises to make much of the awkwardness of strong crypto transparent, gets adopted.

The biggest development for secure communications in the developing world is not Ciphire, Invisiblog or even well-thought out systems like Benetech’s Martus, which encrypts and backs up human rights information – it’s Skype. Skype uses AES – a very strong cipher, approved by the NSA for top secret information – to encrypt all traffic. This makes “tapping” a Skype call impossible, unless AES is vulnerable to an attack that is, at this point, completely secret. (As you’ve probably guessed, I’m insufficiently paranoid to believe that NSA can crack AES and listen to my Skype calls.) I expect US law enforcement, the media, Congress or all three to catch onto this any moment now – the headlines write themselves: “Estonian Hackers Give Al Qaeda a Perfectly Secure Telephone”.

But here’s the thing – the vast majority of new Skype users aren’t attracted by the strong crypto – they come for the free phonecalls, and most don’t know that they’re getting strong privacy in the bargain. And when email encryption catches on, that’s how it’s going to take the market – it’s going to be built into some supremely cool new email client, which will gain market share from its other features and allow the encryption to sneak in.

Ditto anonymous blogging – it will not catch on until a major bloghost happens, perhaps without announcing it, that they will take strong measures to maintain user privacy. invisiblog doesn’t appear to be catching on very quickly. There aren’t a lot of people starting invisiblogs, and those who are aren’t getting a ton of readership. (Wonderfully, invisiblogs publishes all their traffic statistics on the front page of the site. Why? It’s a security procedure. If there were a stats page specific to my website, I’d be likely to visit it more often than any random visitor. By analyzing access logs and looking to see who looked most often at a stats page, you could make an educated guess at the IP address of a weblog author. See, I told you these guys were paranoid. And smart. But mostly really paranoid.) Maybe it’s the fact that your blog is issued a catchy URL – the last 16 bytes of the fingerprint of your public PGP key. (”Hey man, check out my blog. It’s called ‘45a3ec12ef87aab0′!) Or that there’s one possible design – black type on white. (At least your links are blue.)

And perhaps it’s a good thing that these blogs aren’t getting a lot of readership. One of the most popular and frequently updated is a very scary document called “Diary of a Paedophile”, which is either the inner monologue of a very scary man, or a harrowing work of fiction. I’m seeing a few dozen blogs per week created on the site, most of which are a single test post. You’d think, with perfect anonymity, more people would have secrets to share. Maybe all the interesting people are still trying to get MixMaster to compile.

The problem with cryptography software is that it’s written by people who really, really, really care about cryptography. As a result, you get fantastically well thought-out software that’s filled with flaming usability hoops for users to jump through. Just a few minutes with GPG makes you realise that this was a piece of software written without input from the marketing department. (”Please select what kind of key you want: DSA and Elgamal, just DSA or just RSA?”) The battle between geeks and marketing – where marketroids ask geeks to do the impossible to make theoretical users happy – would greatly improve the usability of crypto tools. And yes, it would probably be less secure. And maybe that’s okay, because lots of users with pretty good privacy may beat a handful of elite users with bulletproof anonymity.

For years, when asked about my religious affiliation, I would tell people I was a fundamentalist Unitarian. Pressed for a definition of Unitarian Fundamentalism, I told people that I was wholly intolerant of intolerance and believed that God would have his or her vengeance against anyone who didn’t respect all faiths and non-faiths. (I’ve mellowed with time, and my current church has gotten yet more liberal – now I just tell people that I’m a New England episcopalian.)

So imagine my excitement when the Unitarian Jihad sent their communique to the San Francisco Chronicle. I can’t quite figure out what they want, but that’s been true of every Unitarian I’ve ever met:

We are Unitarian Jihad. We are everywhere. We have not been born again, nor have we sworn a blood oath. We do not think that God cares what we read, what we eat or whom we sleep with. Brother Neutron Bomb of Serenity notes for the record that he does not have a moral code but is nevertheless a good person, and Unexalted Leader Garrote of Forgiveness stipulates that Brother Neutron Bomb of Serenity is a good person, and this is to be reflected in the minutes.

Beware! Unless you people shut up and begin acting like grown-ups with brains enough to understand the difference between political belief and personal faith, the Unitarian Jihad will begin a series of terrorist-like actions. We will take over television studios, kidnap so-called commentators and broadcast calm, well-reasoned discussions of the issues of the day. We will not try for “balance” by hiring fruitcakes; we will try for balance by hiring non-ideologues who have carefully thought through the issues.

I look forward to future Jihad communiques and to random acts of tolerance taking place in America’s cities and shocking our citizens with their very reasonableness.

Sorry, I’ve got to go now – someone appears to have planted a flaming question mark in my lawn, and it’s threatening to burn my raspberry bushes.

EFF published a report a few days ago, titled “How to Blog Safely”. It’s a good little piece, but it spends little time on the technical issues surrounding blogging anonymously or psuedonymously. One intriguing passage that caught my eye:

Invisiblog.com is a service that offers anonymous blog hosting for free. You may create a blog there with no real names attached. Even the people who run the service will not have access to your name.

Hmm. Now that I’ve gotta try. As we work with an increasing number of international bloggers whose blogs have the possibility of getting their authors into serious trouble, anonymous blogging seems like a really useful technology.

I give the invisiblog folks – who turn out to be a group of Aussie cypherpunks (“an anonymous conspiracy of cypherpunks and crypto-anarchists”) – credit. They’re amazingly, astoundingly, impressively paranoid. Rather than promising to throw away access logs, or log directly into /dev/null while encouraging users to use anonymous proxies, they’ve concluded the the web, as a whole, is too dangerous to use for input to blogs. You can only create an invisiblog or post to a blog via the MixMaster remailer system. And, so that you have a reliable, persistent psuedonym, Invisiblog requires that your first blog entry be your public PGP key, and that every subsequent post be signed with your private key, so it can be checked against your public key. (This is pretty clever. If they didn’t do this, there’s the danger that someone would determine the address you were sending posts to, and pretend to be anonymous-you by sending messages to the same address, posting them on your invisiblog.)

It’s been a while since I’ve looked at remailer technology – clearly, we’ve moved a long way from anon.penet.fi and the era of single-machine remailers. Those remailers made cypherpunks nervous, because a single compromised remailer could copy and redistribute all the emails it had been sent.

MixMaster – type II – remailers are chained together, sending a mail through two to twenty nodes before anonymously delivering it. I suspect, but am not sure, that MixMaster uses an “onion” encryption model to protect the message enroute. If the message is going to pass through mailers A,B,C and D, it’s first encrypted with the public key for mailer “D”. Then a header, to forward it onto mailer D is added, and encrypted for mailer C. Another header, another encryption for B and then again for A. Should anyone intercept the message at any point other than the last mailer, all they would know is where it was going next, not the message contents or the final destination. (And who knows – there’s probably some cleverness which makes it less important if the final mailer in the chain is compromised.)

Unsurprisingly, you can’t generate MixMaster messages from Thunderbird, or whatever other mail client you’re running. You need to run the MixMaster client/server and pipe your outgoing mail into the standalone program. And the program’s not available as a compiled binary in any of the currently supported versions – there’s a binary of the 2.0 software, compiled in 2002, which runs in DOS on a Windows PC, but doesn’t – for me, at least – appear to actually send any mail. To get MixMaster running on my Mac, I did some serious yak shaving. I converted from PGP to GPG, enabled sendmail on my Mac, installed the zlib, ncurses, openSSL and prce libraries and then built the program from source. (At this point, I began to realize that I was going to need to write really, really good instructions if I was going to encourage people to use this system.)

Once I got the program running, I had another problem. To function, MixMaster needs up-to-date lists of mailers, mailer keys and reliability statistics – the tarballs for MixMaster include out of date lists. So I wrote a quick shell script and attached it to a cron job so MixMaster would have up-to-date support files. (It was sometime around the moment I began writing this shell script that I realized that invisiblog, in its current configuration, really wasn’t going to work for my antigovernment activist friends in Turkmenistan.) Downloading the current files, I was ready to test the application for the first time, sending myself some anonymous mail.

And that’s where the next problem reared its head. Most FAQs on MixMaster warn you that it can take anywhere from 2 to 48 hours for an anonymous message to reach its destination. Oh, and that I could expect a MixMaster network to fail on at least 2% of messages sent, and that many users chose to send multiple copies of a message, assuming one or more would fail. As you can imagine, this makes it hard to tell whether a system is working or not. Over the last two days, I’ve sent out about half a dozen messages – each containing a timestamp and the exact flags I used to send the message – to myself. I finally hit on the right combination of flags and configuration files and got an anonymous message from myself around 5pm today.

So now I’m ready to test Invisiblog, about two days after beginning the project. (Yes, in fairness, I’ve gone from Berkshire to Boston and back and then to Atlanta in that time period, as well…) But I no longer have any confidence that it could be at all useful for the folks I’d like to introduce it to – human rights activists in repressive nations – because I absolutely can’t imagine supporting the program remotely. “Oh yeah, Ahmed, MixMaster sometimes takes two days to deliver a mail. Why don’t you just wait patiently for your post on government-sponsored torture to appear online. And if it doesn’t, you can try to post it again in a couple of days. Stay safe!”

All of which brings me to the actual subject of my rant: the unusability of cryptography. At “Fellows Hour” at Berkman – the weekly get-together of the geeky lawyers and lawyerly geeks I hang out with – I asked the ten people in the room how many people had installed and used PGP, GPG or another email encryption tool. Three hands went up, including mine. When I asked who’d used the system in the last three months, mine was the only hand that remained up. (Just so you know that I’m not the sort of paranoid geek who encrypts his email by default, the only messages I’ve sent via PGP are ones including credit card numbers or Unix passwords.

Why aren’t my extremely smart, extremely geeky friends using strong crypto? “It’s too hard.” Which obviously can’t be the answer. Passing the Massachusetts state bar exam is hard. Installing PGP and generating a key is awkward, but not actually hard. What my friends mean is “I don’t perceive a benefit to using email encruption, and therefore it’s not worth the bother.”

The truth is they (and I) use crypto all the time. Rarely does a day go by when I don’t access a site using SSL. But I seldom think about the fact that I’m using cruptography because my browser already had a certificate installed and most of the crypto work is handled by the server administrator, not by me. And yes, I understand that SSL encryption is considered weak by the cypherpunks and that central key registries are inherently insecure. But folks actually USE SSL, dammit, and very, very few people use PGP. With this in mind, I’ve been looking forward to seeing how Ciphire, which promises to make much of the awkwardness of strong crypto transparent, gets adopted.

The biggest development for secure communications in the developing world is not Ciphire, Invisiblog or even well-thought out systems like Benetech’s Martus, which encrypts and backs up human rights information – it’s Skype. Skype uses AES – a very strong cipher, approved by the NSA for top secret information – to encrypt all traffic. This makes “tapping” a Skype call impossible, unless AES is vulnerable to an attack that is, at this point, completely secret. (As you’ve probably guessed, I’m insufficiently paranoid to believe that NSA can crack AES and listen to my Skype calls.) I expect US law enforcement, the media, Congress or all three to catch onto this any moment now – the headlines write themselves: “Estonian Hackers Give Al Qaeda a Perfectly Secure Telephone”.

But here’s the thing – the vast majority of new Skype users aren’t attracted by the strong crypto – they come for the free phonecalls, and most don’t know that they’re getting strong privacy in the bargain. And when email encryption catches on, that’s how it’s going to take the market – it’s going to be built into some supremely cool new email client, which will gain market share from its other features and allow the encryption to sneak in.

Ditto anonymous blogging – it will not catch on until a major bloghost happens, perhaps without announcing it, that they will take strong measures to maintain user privacy. invisiblog doesn’t appear to be catching on very quickly. There aren’t a lot of people starting invisiblogs, and those who are aren’t getting a ton of readership. (Wonderfully, invisiblogs publishes all their traffic statistics on the front page of the site. Why? It’s a security procedure. If there were a stats page specific to my website, I’d be likely to visit it more often than any random visitor. By analyzing access logs and looking to see who looked most often at a stats page, you could make an educated guess at the IP address of a weblog author. See, I told you these guys were paranoid. And smart. But mostly really paranoid.) Maybe it’s the fact that your blog is issued a catchy URL – the last 16 bytes of the fingerprint of your public PGP key. (“Hey man, check out my blog. It’s called ’45a3ec12ef87aab0′!) Or that there’s one possible design – black type on white. (At least your links are blue.)

And perhaps it’s a good thing that these blogs aren’t getting a lot of readership. One of the most popular and frequently updated is a very scary document called “Diary of a Paedophile”, which is either the inner monologue of a very scary man, or a harrowing work of fiction. I’m seeing a few dozen blogs per week created on the site, most of which are a single test post. You’d think, with perfect anonymity, more people would have secrets to share. Maybe all the interesting people are still trying to get MixMaster to compile.

The problem with cryptography software is that it’s written by people who really, really, really care about cryptography. As a result, you get fantastically well thought-out software that’s filled with flaming usability hoops for users to jump through. Just a few minutes with GPG makes you realise that this was a piece of software written without input from the marketing department. (“Please select what kind of key you want: DSA and Elgamal, just DSA or just RSA?”) The battle between geeks and marketing – where marketroids ask geeks to do the impossible to make theoretical users happy – would greatly improve the usability of crypto tools. And yes, it would probably be less secure. And maybe that’s okay, because lots of users with pretty good privacy may beat a handful of elite users with bulletproof anonymity.

Friend Erik D’Amato, founder of the snarky and brilliant pesticide.hu, is guest-editing Gridskipper this week. One of the new properties of the ever-expanding Gawker media empire, Gridskipper appears to be targetted at a demographic/psychographic that includes me: frequent global travellers who hop between cosmopolitan cities. (Unfortunately the site doesn’t seem to include either the Berkshires or West Africa…)

I sent Erik the review I wrote for an email list of friends and family of commerç 24 in Barcelona, which I’ve referred to as “food porn”. And while I’m embarrased to admit in public that I’ve paid 100 euros for dinner – and smiled while doing it – I’m happy to have Gridskipper in my aggregator, as it’s already giving me tips for forthcoming trips to Cape Town and London.

Whatever benefits it holds for the world at large, Global Voices is proving to be a fascinating way for me to discover new blogs that I’m interested in keeping up with. For the most part, I’ve been encountering writers from parts of the world I know little about. This morning’s discovery, though, was the blog of a British stockbroker, Shaun Attwood, who is incarcerated in Arizona on drug and money laundering charges.

(The blog is titled “Jon’s Jail Journal”, and is maintained by Shaun’s father, Derick Atwood. The blog was initially anonymous – only in the past few months has Shaun’s identity been revealed. Shaun corresponds with his father via letter and his texts are reposted on the web.)

Shaun was initially imprisoned in Maricopa County, which includes Phoenix, Arizona. The sheriff of Maricopa County is Joe Arpaio, the self-styled “America’s toughest sheriff”. Arpaio is notorious for his “get-tough” policies on inmates under his control, which include serving extremely cheap food to inmates, requiring inmates to wear pink underpants, housing prisoners in tent cities unprotected from the Arizona heat and organizing the “first and only” chaingang for female inmates. Arpaio’s style is clearly popular with some Maricopa County voters, as he continues to get elected, but there are a number of citizen groups organized to protest his self-aggrandizing style and his aggresive policies.

Shaun’s journal has been featured in a series in The Guardian, which ran a collection of disturbing posts about Shaun’s experiences in the county jail. His posts since July 18th, when he was moved into a state facility, have been less desperate, though still graphic and disturbing.

According to the International Centre for Prison Studies at King’s College, London, the United States leads the world in total prison population, with roughly 2.1 million inmates. 6.6% percent of those inmates are not US citizens – the 1,950,000 American citizens in custody represent 0.67% of our nation. Because so many of the prisoners – 91.6% – are male, 1.33% of American males are incarcerated. The rates can be much higher within certain demographics – one set of estimates finds that 12.9% of black men between 25-29 were in jail or prison in the US in 2002.

As we’ve tried to figure out what groups of bloggers Global Voices should focus on in its early stages, we’ve had a couple of intense conversations about prison bloggers. On the one hand, prisoners are a population whose voices are rarely heard. Charlie Nesson, our friend and collaborator, is working closely with a group of prisoners and prison reformers in Jamaica, to help Jamaica’s prisoners begin audioblogging – we’d love to feature some of these voices.

On the other hand, many of our current participants are human rights activists, who may be threatened by repressive governments. Their association with Harvard may be a factor that helps keep them out of prison… but if Global Voices is perceived as a program that focuses on prisoners and prisoner issues, the Harvard association may prove to be a minus, rather than a plus.

Whatever benefits it holds for the world at large, Global Voices is proving to be a fascinating way for me to discover new blogs that I’m interested in keeping up with. For the most part, I’ve been encountering writers from parts of the world I know little about. This morning’s discovery, though, was the blog of a British stockbroker, Shaun Attwood, who is incarcerated in Arizona on drug and money laundering charges.

(The blog is titled “Jon’s Jail Journal”, and is maintained by Shaun’s father, Derick Atwood. The blog was initially anonymous – only in the past few months has Shaun’s identity been revealed. Shaun corresponds with his father via letter and his texts are reposted on the web.)

Shaun was initially imprisoned in Maricopa County, which includes Phoenix, Arizona. The sheriff of Maricopa County is Joe Arpaio, the self-styled “America’s toughest sheriff”. Arpaio is notorious for his “get-tough” policies on inmates under his control, which include serving extremely cheap food to inmates, requiring inmates to wear pink underpants, housing prisoners in tent cities unprotected from the Arizona heat and organizing the “first and only” chaingang for female inmates. Arpaio’s style is clearly popular with some Maricopa County voters, as he continues to get elected, but there are a number of citizen groups organized to protest his self-aggrandizing style and his aggresive policies.

Shaun’s journal has been featured in a series in The Guardian, which ran a collection of disturbing posts about Shaun’s experiences in the county jail. His posts since July 18th, when he was moved into a state facility, have been less desperate, though still graphic and disturbing.

According to the International Centre for Prison Studies at King’s College, London, the United States leads the world in total prison population, with roughly 2.1 million inmates. 6.6% percent of those inmates are not US citizens – the 1,950,000 American citizens in custody represent 0.67% of our nation. Because so many of the prisoners – 91.6% – are male, 1.33% of American males are incarcerated. The rates can be much higher within certain demographics – one set of estimates finds that 12.9% of black men between 25-29 were in jail or prison in the US in 2002.

As we’ve tried to figure out what groups of bloggers Global Voices should focus on in its early stages, we’ve had a couple of intense conversations about prison bloggers. On the one hand, prisoners are a population whose voices are rarely heard. Charlie Nesson, our friend and collaborator, is working closely with a group of prisoners and prison reformers in Jamaica, to help Jamaica’s prisoners begin audioblogging – we’d love to feature some of these voices.

On the other hand, many of our current participants are human rights activists, who may be threatened by repressive governments. Their association with Harvard may be a factor that helps keep them out of prison… but if Global Voices is perceived as a program that focuses on prisoners and prisoner issues, the Harvard association may prove to be a minus, rather than a plus.