Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Circle Dangerous to Cryptography Software Development

James Losey losey at newamerica.net
Thu Oct 11 09:04:26 PDT 2012


Hi Nadim,

I largely agree with your assessment of Silent Circle and I offer these
thoughts in an effort to increase my understanding of the issue. The
product is a packaged "solution" clearly targeted towards business
customers focused on corporate privacy. And while the company offeres
regular transparency statements on government requests and strives to
minimize storage of some types of data (and you're right that payment info
is problematic) the company is clearly interested in paying for privacy
assurances and seems less focused on supporting activists.

However, is Silent Circle dangerous to the development of cryptography
software or simply an example of poor implementation of how to do it well?
I would argue that it is the latter. I think it can be helpful for the
development of cryptography. First and foremost, while many on this list
understand the import of encryption and privacy, increasing mainstream
digital security. One way to do this is offering a service and ease of use.
I agree that charging for services increases barriers but I also think that
increased availability also helps raise the profile of why digital security
is important.

I make no claims or defense of the actually security of Silent Circle. It
might be fine for some people and it might have built-in backdoors that
would revealed through a security audit. Either way, I would not recommend
it for sensitive uses. Where there is a perceived demand there will always
be someone ready to offer a product. Not necessarily a good one, but
something nonetheless.

Concluding, I think there are two main important themes here. First, I see
Silent Circle as an example of increased understanding of security threats
and thus increased demand for secure communications. Secondly,
 conversations of best and worst practices of cryptography are vibrant in
this community but not necessarily mainstream. I think Silent Circle is an
opportunity discuss what people need to look for in a secure communications
tool, and when not to trust it.

*TL:DR *I don't think Silent Circle is dangerous for the development of
cryptography software but demonstrates potential demand and can spark a
discussion of best and worst practices of crypto software development.

Nadim and others I'm curious of your thoughts.

J



On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> My blog post on the matter: http://log.nadim.cc/?p=89
> Your feedback is appreciated, thank you!
>
> NK
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121011/6303329f/attachment.html>


More information about the liberationtech mailing list