[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

Yosem Companys companys at stanford.edu
Mon Oct 6 21:23:14 PDT 2014 

I think the point has been made. And, substantively, this thread has
been interesting. So let's get back to the subject at hand or, if it
has run its course, let's move on.

Thanks,
Yosem
(One of the moderators)

On Mon, Oct 6, 2014 at 9:16 PM, Greg <greg at kinostudios.com> wrote:
> Dear Travis,
>
> On Oct 6, 2014, at 9:08 PM, Travis Biehn <tbiehn at gmail.com> wrote:
>
> Greg,
> When someone else discovers an issue with your product and you find out
> about it - you should be thankful.
>
> I was thankful. I literally thanked him.
>
> In fact "irresponsible disclosure" supposes that this vulnerability was
> difficult to uncover. If the vulnerability was particularly easy -for any
> threat actor- to uncover then an argument can be made that delaying
> disclosure is irresponsible.
>
> Could you please give me a time estimate on this delay that you are talking
> about?
>
> I believe clicking on the email I gave him would take approximately the same
> amount of time as replying to the list, but I could be mistaken.
>
> Kind regards,
> Greg
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
>
> They could have just as easily sold the bug silently to the intelligence
> community  - or let you otherwise continue to produce insecure software.
>
> In fact "irresponsible disclosure" supposes that this vulnerability was
> difficult to uncover. If the vulnerability was particularly easy -for any
> threat actor- to uncover then an argument can be made that delaying
> disclosure is irresponsible.
>
> Travis
>
> On Oct 6, 2014 11:11 PM, "Greg" <greg at kinostudios.com> wrote:
>>
>> On Oct 6, 2014, at 7:21 PM, Collin Anderson <collin at averysmallbird.com>
>> wrote:
>>
>> Here I attempted to make a professional point that you are purporting to
>> offer software to an audience whose needs you do not seem to be able to
>> serve. Your seriousness in regard to the obligations that those needs incur
>> seems to have only come up to denigrate Steve for having laid bare the
>> situation, and in what appears to have been a few minutes worth of research.
>>
>>
>> Irresponsible disclosure is a serious problem, yes.
>>
>> Are you endorsing irresponsible disclosure...?
>>
>> No, I kept my trolling to Twitter. Fun was had by many.
>>
>>
>> And you are actually proud of trolling...?
>>
>> Not sure what's so difficult about asking us to just change the text.
>> We're happy to address you concerns. You don't need to troll us to get a
>> response, in fact you're more likely to get a better one when you don't
>> troll.
>>
>> Rather than this blasé and hostile attitude, you should have expressed
>> some shame for using this community to push your software.
>>
>>
>> Someone wanted to know about truecrypt alternatives, and I here was my
>> reply:
>>
>> See this list on ArsTechnica's forum:
>>
>> http://arstechnica.com/civis/viewtopic.php?f=21&t=1245367
>>
>> I work for Tao Effect LLC, our software is on that list, and you can read
>> about how its plausible deniability compares to TrueCrypt's here (forgive
>> this subreddit's insane color scheme):
>>
>>
>> http://www.reddit.com/r/security/comments/2b5icu/major_advancements_in_deniable_encryption_arrive/cj24a1n
>>
>> In case anyone on this list wants a license, here's a code for 15% off:
>> LIBERATIONTECH
>>
>> There are 10 of them and you can use them on espionageapp.com. They expire
>> November 1st.
>>
>>
>>
>> But you haven't. Let us know when Steve's bug has a CVE number.
>>
>>
>> Sure, I can do that for you. :)
>>
>> I can also change the website's wording for you. Just send us an email
>> with how you would prefer we phrase our website's text:
>> support at taoeffect.com
>>
>> Kind regards,
>> Greg Slepak
>>
>> --
>> Please do not email me anything that you are not comfortable also sharing
>> with the NSA.
>>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
>> change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> companys at stanford.edu.

More information about the liberationtech mailing list