[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Richard Brooks
rrb at g.clemson.edu
Thu Jan 15 09:50:41 PST 2015
Actually, you also need to have source code for the compilers
used and the compiler's compilers...
And that ignores the use of hardware trojans.
On 01/15/2015 12:29 PM, carlo von lynX wrote:
> On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote:
>> Note you said "users will never know" if e2e is being used, but as Moxie
>> says "we'll be surfacing this into the UI" of upgraded clients.
>
> There is a systemic legal problem by which neither Facebook, nor
> Whatsapp, nor Textsecure nor Moxie are in a position to guarantee
> that whatever is surfaced into the UI actually means what it says.
>
> Still, as long as these systems are operating from U.S. American
> ground, the current legal situation is such that the President of
> the U.S. has under the U.S. Constitution the sole and final power
> of deciding whether companies and individuals in these companies
> get to implement anything they would like to implement, or not. [1]
> And the services we have been hearing about a lot operate under
> direct executive mandate of the POTUS.
>
> So, I again express respect to Moxie and everyone involved for
> trying to improve the lives of everyday users, but I see a terrible
> risk in promoting any such technology considering the NSA's track
> record on making use of its given privileges. The chances this is
> actually happening can only be considered minimal.
>
> It would take millions of people running independenlty built
> clients from source code, and a credible procedure thereof - only
> then would a hindrance for the NSA exist to exercise its privileges.
>
> As we are by now familiar with its inner workings and strategies,
> the agency will intervene in the process early enough to impede
> anything like this from happening.
>
> Prove me wrong. Give us a way to reproduce the exact client millions
> of humans are relying on, from source code. And make that information
> arise to the UI surface. Then we will know that Whatsapp and TextSecure
> are doing the right thing, and we will have to continue worrying about
> Google and Apple (the NSA may choose to pick up the TextSecure ratchets
> or private keys via Android/iOS backdoors).
>
>
> [1] Caspar Bowden, 31c3, http://cdn.media.ccc.de/congress/2014/webm-sd/31c3-6195-en-The_Cloud_Conspiracy_2008-2014_webm-sd.webm.torrent
>
More information about the liberationtech
mailing list