[liberationtech] Trusting tools under US jurisdiction

Fri Nov 27 02:28:08 PST 2015

On https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/
I frequently see VPN service providers explaining their reason for operating
from the US as follows:

	>> We choose to operate in the US in order to provide no logging service, as there is no mandatory data retention law in the US. Additionally, our beloved clients are given access to some of the strongest consumer protection laws, and thus, are able to purchase with confidence. <<

... which may be correct if you look at all the laws except for the Patriot Act
by which companies such as DuckDuckGo, OpenWhisperSystems and even NGOs such as
riseup.net must quietly allow the authorities to obtain full access to all 
data, tell as little as possible people about it (frequently the CEO is not
informed so that they can evangelize convincingly how safe their product is,
not be all shaky and nervous like Gen. Clapper), and order the company to carry 
on promoting the notion that privacy be in safe hands. We know from PRISM and 
Lavabit how much that isn't true, but since then the US is pretending times
have changed, which - knowing the NSA - cannot be true. It would be strategic
madness to leave the knowledge over data to other nations.

In any case it is reasonable to assume that all of these privacy companies
based in the US are selling snake oil because they just cannot refuse when
the letter comes. The question is if *formally* anything has changed with
the adoption of the Freedom Act. Is PRISM a little bit more illegal now than
it was before? Would there be any judicial consequence if companies get
caught selling out to authorities again?

In any case I don't understand how people happily use riseup instead of a/i,
Duck Duck Go instead of ixquick, Signal instead of Telegram. I haven't found
any place that offers an independently built Android binary for Signal. How
reasonable is it to assume that OpenWhisperSystems can operate on US soil
without shipping an NSA backdoor in all Signal installations? What other
reason can there realistically be to actively fight the existence of
deterministically or alternatively built copies of the Signal client?

Have we learned anything from the Snowden revelations at all? The last thing 
we can do is trust humans to have the integrity to withstand the power of the
US government. It is inappropriate to expect all the crypto pop stars to be 
heroes and entrust our safety to them. Trust the maths and the facts, not the
figureheads. Do not overload the people with responsibility. One thing humanity
knows very well is how to corrupt people.

-- 
  E-mail is public! Talk to me in private using encryption:
         http://loupsycedyglgamf.onion/LynX/
          irc://loupsycedyglgamf.onion:67/lynX
         https://psyced.org:34443/LynX/