the finger-keyboard synapse

Freedom of misinformation and bad software

Today, a different BitWise user informed me about another [bad] IM program called PSST. Not only is my favorite "military-grade" expression used again there, but this person obviously knows nothing about encryption and has the absolute worst ideas about what to put in screenshots.

• "It would require military-grade supercomputers to crack the 128-bit block encryption." - Again, no such thing as a "military-grade" supercomputer. Besides, a fast PC these days could crack 128-bit encryption within only a couple of weeks (or faster if you got lucky, of course). This is simply laughable.
  
• "You can feel safe that no private company will be able to crack the codes. Even the US military would suffer major difficulty, and would find it easier to break into your home or office and install keyboard/screen loggers, or park TEMPEST vans outside." - Oh, of course, because the military makes a habit of breaking into people's homes and installing key logging devices. Not to mention no encryption is uncrackable--the best we have is practically uncrackable.
  
• "If you follow these steps [to run PSST from a floppy], then even if your computer is seized or inspected, a managerial or forensic audit will not reveal that PSST was used or even existed on your machine." - Unless, of course, your computer previously had software auditing/logging installed, such as you might find in a workplace. Or, in the event PSST crashed, under 2000/XP there would be an error event in your Event Log. Hardly foolproof.
  
• "Talk to the other user, via normal telephone or chat, ICQ, MSN Messenger etc, just before you want to talk via PSST." - That's sure convenient. You would have to do this every time, too, unless you both had static IPs
  
• The site at least has a screenshots page, which is good. However, the content of the screenshots is tasteless, inappropriate, and screams "teenager." One of them talks about conning the cops and setting up protests, one of them talks about being sexually harassed at work, one of them is cybersex up through "I'm rubbing myself through my panties right now" and the last is about bringing down your company's CEO for insider trading. Sure, all things you'd want encryption for, but this is across the line. If I was evaluating this software seriously (not likely), and saw these screenshots, I'd run the other way--from the 15 year old that probably coded it.
  
• Last, but not least, once you run the program (which has an awful UI), you are asked what level of encryption you want, divided into personal, commercial, military and paranoia grade. I wonder what memo I missed such that I wasn't informed of these new levels.

I guess what really bothers me most is people talking about things that they really don't know about. It's clear that the author of this program really doesn't know much about the theory of cryptography, or have a good sense of how cryptography works in the real world.

Freedom of speech (i.e. misinformation) is a wonderful thing. Anyone is entitled to say whatever they want, even if it's flat-out wrong (unless it's libel / slander, of course), and there's nothing anyone can do about it. Or is there? Readers--any ideas?

the ui is a good attempt at making thigs better looking. this thing is only on version 0.2, so we can only assume that over time it will become better looking.

looking at the screenshots area, i really love the console version - neat feature. all those times teachers tell students to close IM windows, its because they recognize them - they would never know what it was in a console :D

as for the whole concept of the program...if i wanted to do crazy things, the internet is the last place where i would discuss it.