[liberationtech] TrueCrypt Alternatives?

Greg greg at kinostudios.com
Sun Oct 5 15:56:16 PDT 2014 

On Oct 5, 2014, at 3:48 PM, Yosem Companys <companys at stanford.edu> wrote:

> This is not directed to anyone in particular. But, come on, everyone, let's have a respectful and constructive conversation. There's no need to get snippy.

I agree, and sorry if my email came off that way. Let me try to improve the tone a bit:

I *want* to open source Espionage completely, and philosophically I find myself agreeing with many of Rich's comments.

There are currently at least two obstacles to making that happen:

1. If we released all of our code for Espionage right now, it would still not be 100% source because it relies on Apple's sparsebundles, which aren't even "source available", but completely closed source. They wouldn't even reply back to an encrypted email I sent to them regarding the matter. So perhaps first we should find a suitable alternative.

2. Those interested in using an open source Espionage do not want to see it face the same fate that TrueCrypt faced. One of the most insightful comments I've seen as to why TC's developers abandoned the project was those who were auditing it received more compensation for their audit than the TC developers received in donations over the lifetime of the entire project. If that is true (and I suspect it is), I can see how that would be incredibly disheartened and demoralizing.

Therefore, we must find a way to open source it in a way that (1) actually is open source, and (2) does not kill the project in the process.

We have some ideas on how to do that, but it is not something that can happen overnight. We are working on it though.

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

> 
> Thanks,
> 
> Yosem
> One of the moderators
> 
> On Sun, Oct 5, 2014 at 3:44 PM, Greg <greg at kinostudios.com> wrote:
> Dear Rich,
> 
> On Oct 4, 2014, at 3:50 AM, Rich Kulawiec <rsk at gsp.org> wrote:
>> I'm not misunderstanding it.  I didn't bother to read it
> 
> Those two statements seem to be in conflict to me, as you are next making assumptions about what sorts of limits it puts on peer review. You use the words "legally constrain the reviewers" but neglect to mention how or why. That is not unimportant. It would be like me saying that "America is legally constraining me" but neglecting to mention that they are legally constraining me from running somebody over with a car.
> 
>> In or out of the pool.  You wanna be closed source?  Go for it.  But please,
>> stop disengenously pretending to be open source when you're clearly not.
> 
> So far the only disingenuous language has been coming from you.
> 
> We have been explicit in stating that we are not open source [1,2], and yet you are accusing us of doing so.
> 
> That is libel and/or slander.
> 
> Please stop.
> 
> Kind regards,
> Greg Slepak
> 
> 
> [1] https://www.taoeffect.com/blog/2013/09/espionage-3-now-open-source-for-professionals/ (we preserved the URL to prevent broken internet links, but changed the title and added edits in bold)
> [2] https://www.espionageapp.com (read the section on "source code available")
> 
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> 
> 
>> This is dragging out, so I'm going to try to be brief.
>> 
>> On Fri, Oct 03, 2014 at 06:07:36PM -0700, Greg wrote:
>>> You may also be misunderstanding our NDA.
>> 
>> I'm not misunderstanding it.  I didn't bother to read it, because the
>> mere fact that it exists is the problem.  People who are serious about
>> open source and peer review of code do not limit peer review, nor attempt
>> to legally constrain the reviewers, nor try to cherry-pick the reviewers
>> based on perceived expertise or personal qualities.
>> 
>> In or out of the pool.  You wanna be closed source?  Go for it.  But please,
>> stop disengenously pretending to be open source when you're clearly not.
>> 
>> ---rsk
>> 
>> p.s.  In re: "[...] we want to do our best to keep the software in the
>> hands of honest, trustworthy folks [...]" -- you've got to be kidding.
>> I *hope* you're kidding.
>> --
>> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
> 
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141005/f440ad20/attachment.html>

More information about the liberationtech mailing list