[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

[Tempest]

Andy Isaacson:
> Nope nope nope.  You don't get to try to shame free research and sweep
> this issue under the rug by insisting on private email.

this right here. i've found the developer's words on this matter
especially disheartening, particularly since he came into this thread
through attempting to sell a piece of software with a list based
discount. when a member of the very community a developer is advertising
to discovers what would be a crippling security flaw in a number of
circumstances which could lead to incarceration and torture, you don't
call them out for not keeping it private. keeping it private would be
unethical, particularly since this security flaw didn't even involve an
exploit of the code. it just involved basic cursory research.

> When systems are proprietary, make grandiose claims of dubious validity,
> and do not carry any of the hallmarks of being well engineered, it is
> unlikely that they are worth spending much time on.  

and when the developers appear hostile to valid criticism, it's a great
way for them to make sure their software will be thoroughly panned by
the community with the natural consequence of other users being
instructed to avoid their product.

-- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34