[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)
Collin Anderson
collin at averysmallbird.com
Tue Oct 7 11:31:54 PDT 2014
On Tue, Oct 7, 2014 at 1:25 PM, Greg <greg at kinostudios.com> wrote:
> If you want me to open a CVE, I need to hear from you (and anyone else
> advocating that I go through the process of opening and maintaining CVE
> after CVE about the always imperfect PD we provide) why we should be
> required to open a CVE when TrueCrypt, which provides _worse_ PD is not
> asked to open and maintain CVEs for their (to-date-perpetually-worse) PD.
The baseline of security disclosures that you offer to your clients should
not be determined by the failures of others. People have always felt
uncomfortable about TrueCrypt for reasons such as these, and if you want to
build greater trust with communities such as Libtech then you should learn
from others' mistakes. I cannot tell you how you should interact with
clients, but I can say that you have sold your product based on certain
claims historical. Regardless of whether these claims were removed, I would
argue that you maintain a responsibility to uphold those commitments. For
that matter there is still language such as "virtually impossible" on your
site [1], which appears increasingly like a departure from how Espionage
works in its current state. In fact many privacy tools in the FOSS and
other communities go as far as to caution users where their products don't
work. I think you should strongly consider that by the way.
I respect that you feel the need to be defensive right now, and appreciate
that you haven't just abandoned the thread, but if there is unfair
criticism of your product it still is not constructive to tell people to
'shut the fuck up.' Honestly, I don't care if you file a CVE or not, but
please never use the human rights activist claim again.
[1]
https://www.taoeffect.com/blog/2014/07/major-advancements-in-deniable-encryption-arrive-in-espionage-3-6/
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141007/c00b3407/attachment.html>
More information about the liberationtech
mailing list