Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] - "The Beautiful & Secure Messenger"

Julian Oliver julian at
Thu Jul 11 13:04:32 PDT 2013

..on Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
> Hi!
> BTW. Even Tor has centralized directory servers. And it does not
> really matter if the code there is open source or not, because you
> anyway cannot know if they are really running some particular code
> there or not.

A good point. Nonetheless the way forward for security critical software is
toward de-centralisation; encouraging deployment and adaptation to local
contexts - political, social and topological. This is why both client and server
need to be open such that they can be both audited and adapted. 

I can't think of a case where arguments in favour of closed-source deployment in
this space aren't ultimately grounded in desire for control and capital return
within a product-oriented (rather than service) business model. Selling binary
blobs sans source code in a security setting is a risky business, in that it
pushes risk onto the customers.



> On Thu, Jul 11, 2013 at 12:17 PM, Mitar <mmitar at> wrote:
> > Hi!
> >
> > On Thu, Jul 11, 2013 at 6:25 AM, Albert López <newbiesworld at> wrote:
> >> Ok, I understand what you mean. But why rely in a client-server approach
> >> when you can achieve your goal with a peer to peer solution?
> >
> > Their answer is:
> >
> > "The way to make the system secure is that we can control the
> > infrastructure. Distributing to other servers makes it impossible to
> > give any guarantees about the security. We’ll have audits from trusted
> > third parties on our platforms regularily, in cooperation with our
> > community."
> >
> > Which is a bit hand-wavy if we assumed that server code can be closed
> > source if client part is done well enough that you don't have to think
> > about the server side and you still know that you are secure. :-)
> >
> > But my main and almost only argument was, that I think we should wait
> > for a bit more concrete information before discarding the idea. At
> > least I can imagine plausible ways to implement the system securely
> > and having it known security properties while retaining part of it
> > closed source and centralized. But we don't know much to make any real
> > claims. What is interesting though, is that:
> >
> > "We are building on top of proven technologies, such as XMPP with PGP."
> >
> >
> > Mitar
> >
> > --
> >
> >
> -- 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at or changing your settings at

Julian Oliver

More information about the liberationtech mailing list