[liberationtech] Open letter to Phil Zimmermann & Jon Callas of Silent Circle, re: Silent Mail shutdown

Fri Aug 16 15:58:15 PDT 2013

OK. I still disagree - in these threat models they don't care about effort.
They dissuade people by killing a few first. The OPSEC model against
hostile State or non-State models has very little to do with issues like
we're increasing bringing to the forefront. The overlap becomes obscures
behind FUD and more obvious problems like connectivity.

However, all the power to getting it done "right" across the board and
constantly improved.

I'm just growing increasingly concerned with dog eat dog bite consumer
circles.

Thank you for taking the time, - Ali
 On Aug 16, 2013 6:42 PM, "Jacob Appelbaum" <jacob at appelbaum.net> wrote:

> Ali-Reza Anghaie:
> > I understand we're talking about verifiable builds and software
> > distribution but using the Zetas as an example is getting kind of
> > ridiculous.
> >
>
> The point of using the Zetas is perhaps not clear but I think I
> understand well what Zooko means. We've talked about it a few times in
> person and I think it isn't always clear upon first read or the first
> time someone hears the example.
>
> The Zetas represent something totally different from our personal
> relationship with the State - they represent a potentially lawless but
> powerful element in global society, one where we probably can't reason
> with them and in the end, we won't have a lot of leeway in convincing
> them to stop whatever they're planning. So, how does the architecture of
> the system hold up when such an adversary is in your threat model? How
> can you comply with the Zetas? How might one do so without harming
> users? How might you save your own life and hopefully by doing
> everything that they want, everyone other than the attacker is satisfied
> with your actions and the resulting outcomes?
>
> There are very few systems that accomplish this goal or even try to
> tackle this goal.
>
> Distributed, decentralized systems have other issues - though this is
> one place where they tend to do well. Centralized systems without
> external verifiability tend to fail very badly under threat from such an
> adversary.
>
> Yes, the Zetas could go after anyone publishing software. If we walk
> through it - if there is only one person who does the publishing, and
> only one person who can sign and upload the build, we have most of
> today's software. If we have a system where there is an eco system of
> providers, software distributer and so on - we have a few of today's
> systems.
>
> Which system is more likely to fail and fail silently from the Zeta
> threat? Which will fail without notice by anyone, especially an end user?
>
> The centralized system will almost certainly fall first - especially if
> it is a small startup.
>
> All the best,
> Jacob
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130816/36db0cf2/attachment.html>