[liberationtech] Silent Circle to publish source code?

[Fran Parker]

I love what they say in the videos. The videos are very well done and 
immediately put you at ease. I have dealt with Phil's products for a 
very long time, and I would trust that what he says is true as far as he 
knows about this product.

However, open scrutiny of the code is the only way to truly know it's 
hostile environment safe. To have the programmer community pour over the 
code and test it six ways to Sunday. Not only by the developers 
themselves. As good as Phil and the other developers are, it almost 
always takes a fresh eye to pour over code to put it through tests even 
the developers haven't foreseen.

Even when code is supposedly closed, it will ultimately be cracked, and 
then the vulnerabilities will be known but to the bad guys only.

I would like to have seen them address the question of opening up the 
code to the community for scrutiny in the videos.

And the following is also worrisome:

Google Chrome says silentcircle.com certificate is invalid and you have 
to click through like it is a bad site to see the site.

Firefox, says that although it is https, only part of the site is 
encrypted and only partially protected communication, and does not 
prevent eavesdropping.

Safari does not go to the site, but instead puts up box saying Safari 
can't verify the identity of the website 'silentcircle.com'

Interestingly enough, Opera showed it as Trusted. Go figure.

If they want people to trust their product, the site itself should be 
trustworthy as well, don't you think?

If someone is close with these guys, maybe you could mention this to 
them. I am sure they want everything to vibrate safe, secure, etc.





On 10/12/12 2:16 PM, Julian Oliver wrote:
>
> This should help clear things up:
>
>      http://is.gd/ZmBaMD
>
> (Featuring VJ Ann O'Nymous)
>