[liberationtech] Appelbaum's Ultrasurf report
Jacob Appelbaum
jacob at appelbaum.net
Tue Apr 17 15:47:21 PDT 2012
On 04/17/2012 12:40 PM, Griffin Boyce wrote:
> I'm going to disagree with Jake on this one -- it's definitely *not* a
> giant waste of time. The more frequently and more publicly privacy-related
> technologies are discussed, the more educated the general public will be.
>
I mean this very specifically - I offered to do protocol design review,
source code review, agree to some kind of NDA and so on to help them.
They asked for more time and I gave them months of time, many more
months than I think was reasonable. They in theory agreed to work
directly with me but never followed through after our first meeting. I
was never sent design documents, source code or anything of the like.
Recently, I was given their internal response and it trashed me as being
anti-american. It side stepped the problems, it did not honestly admit
that there were serious problems or have a game plan for helping the
user's in harm's way because it tried to say that there was no harm or
risk at all.
It was at that point I felt things were not worth the effort and that
they were being duplicitous, regardless of their reasons or intentions.
I'd like to think that someday, it won't be such a crappy process and
that we'll all be able to work together, where we don't feel like we're
being jerked around when we approach them nearly half a year before
going public. If you read their response, you'll get the feeling that we
just attacked them out of the blue and that they have no problems except
a Google cookie or two. Frustrating, to say the least.
> The research is very solid and *highly* condemning. Both the original
> findings and Ultrasurf's vague, defensive response are worth reading.
>
Thank for the kind words.
All the best,
Jacob
More information about the liberationtech
mailing list