#WiReD is butthurt that @csoghoian called them out. They’re wrong. /cc @rsingel @runasand #cryptocat

Update: Chris responds

This is off the cuff…

If you didn’t see Chris Soghoian’s posting, it won’t make sense why WiReD is so butthurt.

But then their being butthurt does not make a lot of sense.

Soghoian was right. The media – me included, in my small way – tend to say “woo shiny new toy” at the slightest provocation – and in the case of Cryptocat we can be quite happy that Nadim Kobeissi has stepped up to the bat to fix the issues which have been seething in discussion for the past week or so on various security-related maillists and blogs.

So: Kudos to Cryptocat and Nadim.

But – again – Soghoian was right; Haystack sucked, the media luvvies kissed Austin Heap’s ass in a fit of do-gooding, and as a friend put it: “people could have died because of that”.

Likewise: Hushmail bent over when the Government came to call; were the technology different that might not have been feasible.

And nobody’s mentioned DIASPORA* yet.

But how have WiReD responded?

Let’s selectively quote just on one aspect:

While this post is a response to Soghoian’s critique, it’s not really directed at him — it’s meant for the portion of the security community his blast was emblematic of.

First, you’d have no indication from Soghoian’s critique that Quinn Norton is anything other than an overworked, technically illiterate blogger filling a quota by writing up press releases hyping the next big thing.

Moreover, Soghoian suggesting that if Quinn Norton ever wanted to write about about encryption tools in the future, she ought to “step back, take a deep breath, and pull the power cord from your computer” isn’t just rude and obnoxious, it’s border-line sexist and an outright abuse of Soghoian’s place in the computer security world.

Intriguingly, even preemptively following Soghoian’s advice of “approaching an independent security researcher” about Cryptocat, doesn’t save Norton from Soghoian’s rant.

Norton asked Meredith Patterson, a talented and well-known security figure, who was initially critical of Cryptocat and who has reviewed the codebase, for comment:

But Patterson, one of the all-too few female security researchers, doesn’t seem to count for much in Soghoian’s analysis. In fact, his original blog post totally missed that Patterson had originally been critical of the project. Only after she pointed it out to him on Twitter, did he update the post, without noting on the post that he did so.

Instead, Soghoian believes, Norton should have turned to one of four more vocal critics he names — all of them men.

Right, so security is a feminist issue? No it’s not, no more than cookery is. There are associated gender stereotypes (which shift back and forth) but in the end the person who wields the knife and the frying pan be they Julia Child or Gordon Ramsay either produce a good meal, or they do not.

Nadim is a promising young chef. He is not saviour of the world, but give it time.

Hence the original headline:

This Cute Chat Site Could Save Your Life and Help Overthrow Your Government

…was hyperbole, and Ryan Single (editor) made a bad call; he says:

I won’t apologize for the headline which, though bold, was also accurate. Moreover, Quinn’s first draft had the section that Soghoian thought came too late — about the tool being in its early stages and being vulnerable to certain attacks — starting in the ninth paragraph of a very long piece.

Try “this cute chat site may in future, after peer review, further development and adoption, be a useful tool that could save your life” – it would be accurate and raise neither hype nor ire.

Also it seems as if Ryan is not on the same maillists as Nadim, Chris and sundry related characters in the discussion, else he’d know what the state of play is now; all the arguments are settled and a secure-enough way to move forwards with Cryptocat has been (apparently) agreed, and there is much clubbish accord and mutual support.

Once again the digital/print media are behind the times.

That’s the good thing about programmers – they defend their code like lions, but show them how to do it demonstrably better and they will generally spin on a dime and adopt the improvements, without rancour.

Ryan, instead, takes it a bit more personally, longer and harder, and tries to be snarky:

If only [normal people] would try harder [to do security better], one supposes, they’d figure out how how to use TOR, and make sure they did so without leaking data by running Flash. (What, you didn’t know to disable Flash and Java when using TOR? What, you don’t know how to do that?)

It’s called “Install the Tor browser bundle” – you don’t know that’s the preferred way to use Tor nowadays? That the switch-off-flash-fer-chrissakes comes for free that way?

Oops. Don’t put yourself on a pedestal as a security expert, Ryan.

What was Chris’ suggestion, something about unplugging your computer? I won’t suggest that, you need to make a living somehow. Just try keeping up to date re: that about which you write; and as a petty aside “Tor” takes mixed-case nowadays – and “Cryptocat” seems to take a single capital.

But instead of having that conversation and questioning the privileged world of the crypto community and how little its ultra-secure creations have filtered to the real world, Soghoian chose to craft a scathing jeremiad, penned from the safe confines of the center of the “crypto community,” whose main point seemed to be to tell a woman to shut up and unplug from the net.

It’s a shame that so many people read the post as an object lesson for tech journalists, rather than as an example of how those in a position of power can use it to put a woman, an outsider and an orthodoxy-challenging project in their “proper” places.

Potential translation:

“We’re journalists who do our best reporting on stuff we don’t understand, and we are entitled to our roles as authorities by virtue of having access to significant communications channels. We see no contradiction in this, and when challenged will dissemble and pursue ad-hominem arguments to dilute the embarrassment”.

Is that about right, oh fellow privileged security geeks who have no right to express opinions regards our privileged understanding?

– Alec Muffett blogs for Computerworld UK

3 Replies to “#WiReD is butthurt that @csoghoian called them out. They’re wrong. /cc @rsingel @runasand #cryptocat”

  1. Wow, I can’t believe the hypocrisy of WiReD playing the gender card!! I poured over Chris Soghoian’s article they’re replying to, the only reference to Quinn Norton being female is the female pronoun–someone correct me if I’m wrong but I couldn’t find *anything* that could remotely be construed as misogynist in any sense whatsoever. (maybe the WiReD editor Ryan confused things somebody else said somewhere else?)

    Compare that to Quinn’s tweet where she calls cryptography researchers “privileged boys”!! Try referring to women in IT as “girls” and you get lynched as Mark Shuttleworth learned a while back–rightly so IMO, it’s an important issue, but there’s no reason to forcefully drag gender into every discussion just because some “privileged white boy” disagreed with a female tech journalist.

    If I were Quinn I’d actually be quite embarassed over WiReD editor Ryan framing the critique in such a way.

Leave a Reply

Your email address will not be published. Required fields are marked *