[liberationtech] TrueCrypt Alternatives?

[Greg]

On Oct 2, 2014, at 6:54 AM, Eleanor Saitta <ella at dymaxion.org> wrote:

> 
> On 2014.10.01 04.22, Greg wrote:
> > On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <ella at dymaxion.org>
> > wrote:
> >> I don't have any field stories that I have permission to share,
> >> but yes, I've heard of specific incidents.
> >
> > Incidents involving our software?
> 
> No, incidents involving "deniable" encryption systems.

There are different types of deniable encryption systems, with very _different_ deniability properties.

It is therefore erroneous to make sweeping claims about all of them, *especially* when you haven't looked into the details.

> Have you done field research on the real-world outcomes of deniable
> encryption systems and how they shape the outcome of hostile field
> interrogation?

Unlike you, I've done my homework and researched the deniability properties of encryption systems and why some are better than others.

In my research, I have not found any information where X deniability system lead to Y outcome for Z reasons.

If you have such research, please forward it to me, I will read it.

Now, I repeat my previous question/request:

> > How about you actually try the software before you go around
> > insulting it and its developers?


Re this:

> So, game theory is all well and good, but you'll have to excuse me if
> I note that adversaries in the field that are likely to rip your
> fingernails off don't do game theory proofs.

I wasn't the one making game theory proofs. Go back and read again.

> Again, field data or nothing.

If there is no useful field data, I'm afraid you'll just have to be disappointed.

I can make a quip like this too though: "RTFM or STFU" :P

Kind regards,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Oct 2, 2014, at 6:54 AM, Eleanor Saitta <ella at dymaxion.org> wrote:

> Signed PGP part
> On 2014.10.01 04.22, Greg wrote:
> > On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <ella at dymaxion.org>
> > wrote:
> >> I don't have any field stories that I have permission to share,
> >> but yes, I've heard of specific incidents.
> >
> > Incidents involving our software?
> 
> No, incidents involving "deniable" encryption systems.
> 
> >> More generally, it represents an utter lack of awareness on the
> >> part of developers for the security risk analysis choices faced
> >> by individuals actually at risk.
> >
> > What lack of awareness?
> >
> > How about you actually try the software before you go around
> > insulting it and its developers?
> 
> Have you done field research on the real-world outcomes of deniable
> encryption systems and how they shape the outcome of hostile field
> interrogation?  If so, I'd love to see the research that you've done
> that justifies the feature set you've selected, because this would be
> a seriously amazing addition to the field (I'm completely sincere here).
> 
> 95+% of the time when I see people talking about deniability, they
> have no direct field experience to back up their assertions of
> utility, and the arguments they make look exactly like yours.  If
> you're going to contest my statement, feel free to provide reliable
> field data.  Short of that, you're simply wrong here.
> 
> > You are welcome to criticize our software based on knowledge and
> > experience that you actually have, but don't go around making up
> > nonsense and applying said nonsense to software that you admit
> > having not tried.
> 
> So, game theory is all well and good, but you'll have to excuse me if
> I note that adversaries in the field that are likely to rip your
> fingernails off don't do game theory proofs.  Again, field data or
> nothing.
> 
> E.
> 
> --
> Ideas are my favorite toys.
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.