[liberationtech] TrueCrypt Alternatives?
Rich Kulawiec
rsk at gsp.org
Thu Oct 2 16:55:21 PDT 2014
1. Well, this has certainly been an interesting discussion, but until
Espionage is FULLY open-source, it's moot, because it hasn't (yet) been
exposed to unlimited peer review by arbitrary, independent third parties.
Please see:
https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html
Yes, I do note (per the Tao Effect web site) that people can "apply" to
see the source.
Not good enough.
2. About this comment on Reddit:
"Because Espionage creates fake data for everyone, it is a fact
that at least some of the data on your drive is fake. Therefore
when you say "that data is fake", it's completely believable
that it is, because some of it is. We extensively document this
feature, so the interrogator knows, too, that your hard drive
is guaranteed to contain fake data."
Plausible deniability is an interesting concept, but you know, if I'm
the one tortuXXXXdeploying enhanced interrogation techniques against
you because you have something I want very very badly, I'm not going to
spend my coffee break RTFM'ing about Espionage.
To put it another way:
If you or I or anyone else are going to suggest that people put their lives
(and those of their allies, families, friends, etc.) on the line and rely
on this concept to save them, then we should probably verify that it
actually works *first*. This isn't an Espionage or Truecrypt et.al. issue
per se, it's a conceptual issue and one which is very hard to research,
since of course we can't just poll the people whose answers matter
the most. (And even if we did, we couldn't trust the answers.)
In addition, some of the instance in which it failed in the field are
and will likely remain (indefinitely) unknown to us, since the only
people likely to report those failures to us are imprisoned or dead.
This it not to say that it *never* works: it probably does, some of
the time. It is to say that we shouldn't blithely presume that it's
*always* going to work, and we especially shouldn't presume that it
will work when the stakes are high.
---rsk
More information about the liberationtech
mailing list