[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

Greg greg at kinostudios.com
Mon Oct 6 21:16:42 PDT 2014 

Dear Travis,

On Oct 6, 2014, at 9:08 PM, Travis Biehn <tbiehn at gmail.com> wrote:
> Greg,
> When someone else discovers an issue with your product and you find out about it - you should be thankful.
> 
I was thankful. I literally thanked him.

> In fact "irresponsible disclosure" supposes that this vulnerability was difficult to uncover. If the vulnerability was particularly easy -for any threat actor- to uncover then an argument can be made that delaying disclosure is irresponsible.
> 

Could you please give me a time estimate on this delay that you are talking about?

I believe clicking on the email I gave him would take approximately the same amount of time as replying to the list, but I could be mistaken.

Kind regards,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.


> They could have just as easily sold the bug silently to the intelligence community  - or let you otherwise continue to produce insecure software.
> 
> In fact "irresponsible disclosure" supposes that this vulnerability was difficult to uncover. If the vulnerability was particularly easy -for any threat actor- to uncover then an argument can be made that delaying disclosure is irresponsible.
> 
> Travis
> 
> On Oct 6, 2014 11:11 PM, "Greg" <greg at kinostudios.com> wrote:
> On Oct 6, 2014, at 7:21 PM, Collin Anderson <collin at averysmallbird.com> wrote:
>> Here I attempted to make a professional point that you are purporting to offer software to an audience whose needs you do not seem to be able to serve. Your seriousness in regard to the obligations that those needs incur seems to have only come up to denigrate Steve for having laid bare the situation, and in what appears to have been a few minutes worth of research.
> 
> Irresponsible disclosure is a serious problem, yes.
> 
> Are you endorsing irresponsible disclosure...?
> 
>> No, I kept my trolling to Twitter. Fun was had by many.
> 
> 
> And you are actually proud of trolling...?
> 
> Not sure what's so difficult about asking us to just change the text. We're happy to address you concerns. You don't need to troll us to get a response, in fact you're more likely to get a better one when you don't troll.
> 
>> Rather than this blasé and hostile attitude, you should have expressed some shame for using this community to push your software.
> 
> Someone wanted to know about truecrypt alternatives, and I here was my reply:
> 
> See this list on ArsTechnica's forum:
> 
> http://arstechnica.com/civis/viewtopic.php?f=21&t=1245367
> 
> I work for Tao Effect LLC, our software is on that list, and you can read about how its plausible deniability compares to TrueCrypt's here (forgive this subreddit's insane color scheme):
> 
> http://www.reddit.com/r/security/comments/2b5icu/major_advancements_in_deniable_encryption_arrive/cj24a1n
> 
> In case anyone on this list wants a license, here's a code for 15% off: LIBERATIONTECH
> 
> There are 10 of them and you can use them on espionageapp.com. They expire November 1st.
> 
> 
>> But you haven't. Let us know when Steve's bug has a CVE number.
> 
> 
> Sure, I can do that for you. :)
> 
> I can also change the website's wording for you. Just send us an email with how you would prefer we phrase our website's text: support at taoeffect.com
> 
> Kind regards,
> Greg Slepak
> 
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> 
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141006/5b694e39/attachment.html>

More information about the liberationtech mailing list