[liberationtech] Silent Circle to publish source code?

Thu Oct 11 16:19:58 PDT 2012

Hi Chris,

I regrettably did not speak to anyone from Silent Circle. This is
off-topic, but I find it kind of ironic for you to be asking me this; you
have written scathing critiques involving my own software efforts without
once contacting me, and I believe you to be much more guilty of "jumping
the gun" than I could be in this occasion. But this is beside the point.

I've spoken to people who have been contacted by Phil and John and I have
been told prior to writing my post that both have been very ambiguous
regarding the availability of Silent Circle source code in its entirety on
the day of release. No formal statement has yet been made by Silent Circle;
If the source code is released when the software ships, I have absolutely
no problem admitting that I jumped the gun a bit; but aside from references
to open source (which could very well be limited to libraries (such as
libssl) or protocols (such as ZRTP), I'm still waiting on the status of the
software.

NK

On Oct 11, 2012 7:10 PM, "Christopher Soghoian" <chris at soghoian.net> wrote:
>
> Hi Nadim,
>
> You didn't directly respond to Ryan's question. Have you actually spoken
to anyone at Silent Circle?
>
> The Silent Circle App isn't available for download to the general public
yet. As such, I think the company can be forgiven for not having source
code available just yet. Why not wait until the product is actually
available for download before you jump the gun and state that the company
is "damaging the state of the cryptography community"?
>
> I've met with the CEO a couple times in person and I've spoken with Phil
and Jon. Although I'm by no means ready to bless the product -- not only do
I want to see it open sourced, but I also want to see a published, thorough
audit by a respected security consulting firm -- I am at least excited to
see folks building a business around encrypted communications (where the
crypto is the selling point, rather than an unadvertised feature, like
Skype).
>
> Jon and Phil is are not strangers to the security community and their
email addresses can be found with about 2 seconds of Googling. If you have
questions, why not contact them?
>
> Chris
>
> [Full disclosure: They've loaned me an ipod touch with a beta copy of the
app so that I can try it out. As soon as the Android version is ready to
go, I'll promptly give the iPod back to them. I'm not a Silent Circle
investor, consultant, etc]
>
>
> On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
>>
>> On 10/11/2012 5:51 PM, Ryan Gallagher wrote:
>> > To Nadim: I'm interested to know, did you contact anyone at SC before
>> > writing your blog post? Seems to me you arrived at your rather scathing
>> > conclusion largely on the basis of an assumption. A sort of shoot
first,
>> > ask questions later approach. It actually says on the SC website that
SC
>> > will use "Open Source Peer-Reviewed Encryption." It also says,
>> > unambiguously, "/We believe in open source/."
>>
>> It's almost impossible to develop the software Silent Circle is
>> attempting to develop without using at least one open source library -
>> this is in fact accentuated in my blog post.
>> I sincerely apologize if my post is jumping the gun a bit, but aside
>> from reassurances in private press conferences, Silent Circle hasn't
>> made any statement that supports their releasing their code as open
>> source. In fact, they have been very ambiguous on this issue prior to
>> their alleged private statements yesterday and today.
>>
>> I will update my blog post the moment they announce that Silent Circle
>> will be open source. I don't mean to "shoot first, ask questions later,"
>> but rather highlight serious potential dangers.
>>
>>
>> >
>> >
------------------------------------------------------------------------
>> >> From: companys at stanford.edu
>> >> Date: Thu, 11 Oct 2012 12:48:03 -0700
>> >> To: liberationtech at lists.stanford.edu
>> >> Subject: Re: [liberationtech] Silent Circle to publish source code?
>> >>
>> >> We both received the same messages from Ryan Gallagher and Dan
Gillmor:
>> >>
>> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm
>> >> doing + he told me they'll be making everything open source.
>> >>
>> >> That's why I added the question mark, in case someone on the list knew
>> >> anymore (for example, when -- what date? -- do they plan to publish
>> >> the code).
>> >>
>> >> I've contacted @Silent_Circle via Twitter and invited them on to
>> >> Liberationtech. If anyone knows how to reach someone on the team
>> >> directly, please let me know.
>> >>
>> >> It'd be nice to send them a personal invitation, so we can talk to the
>> >> team directly rather than have a secondhand conversation.
>> >>
>> >> Best,
>> >> Yosem
>> >>
>> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi <nadim at nadim.cc>
wrote:
>> >> > It would have been much nicer to create this thread based on real
source
>> >> > code, instead of a tweet based on word of mouth. We'll see.
>> >> >
>> >> > NK
>> >> >
>> >> > On 10/11/2012 3:27 PM, Yosem Companys wrote:
>> >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday
>> >> >> that Silent Circle (contrary to what you say in your post) will
>> >> >> publish source code.
>> >> >> --
>> >> >> Unsubscribe, change to digest, or change password at:
>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >> >>
>> >> > --
>> >> > Unsubscribe, change to digest, or change password at:
>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >> --
>> >> Unsubscribe, change to digest, or change password at:
>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >
>> >
>> > --
>> > Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >
>> --
>> Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121011/ec53ac47/attachment.html>