[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Brian Behlendorf
brian at behlendorf.com
Thu Jan 15 10:38:55 PST 2015
On Thu, 15 Jan 2015, carlo von lynX wrote:
> On Thu, Jan 15, 2015 at 12:50:41PM -0500, Richard Brooks wrote:
>> Actually, you also need to have source code for the compilers
>> used and the compiler's compilers...
>
> Yes, we have those. We have systems completely produced from
> source and others that are working on complete reproduceability.
If anyone would like a decent intro and overview of why this is important
and what the current state is, Mike Perry's and Seth Schoen's presentation
from CCC is worth the time:
http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html#video
Sadly, given what we know about the current state of play and the actors
involved (state-based, non-state, ad-tech companies, etc) it's sadly the
case that we can't trust binaries made in the US if the public can't
reproduce the build from source. This is tragic both for users and for
US firms in this space. This is not tinfoil-hat terrain. The good news
is every incremental step towards that goal - reproduceable builds from
public source - brings some benefit. So no need to be cynical or feel
helpless. Axolotl seems like a good first step; maybe it'll be a gateway
drug to ChatSecure.
Brian
More information about the liberationtech
mailing list