Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The great open-source balancing act

Griffin Boyce griffin at
Sun Sep 1 12:06:21 PDT 2013

Hash: SHA1

Douglas Lucas wrote:
> Periodic reminder that despite promises and people's positive emotional
> investments in Phil Zimmerman, Silent Circle is still not open source.
> We need an

  I think that this is the most difficult balancing act that anyone has
as a developer.  If you offer open-source software, the very act of
being more transparent directly impacts your bottom line. And not every
side-effect is a positive one.

  So from a business perspective, I can respect that both Silent Circle
and Hemlis have made the decision not to offer their full source.  But I
am also in a position to choose -- I choose not to support Silent Circle
-or- Hemlis and to openly caution people about the risks of using
closed-source communication software.  There's too much opportunity to
fail quietly (silently, even), either through bad code or outside
pressure or various legal quandries or greed.  Too many times people
have put their faith into something that is closed-source and
for-profit, only to have unforeseen security problems crop up later.

  But it's a balancing act - perhaps particularly if you're a service. 
If you open-source all of your code, someone could create a competing
service.  If a company is transparent about receiving a subpoena for
customer data, they run the risk of users leaving.  It's easy to say "no
big deal" when it's not your rent money.  But on balance, I would much
rather support organizations who are willing to take that risk and put
faith in their users.  Silent Circle is clearly not willing to give a
potential user like me the benefit of the doubt.  So while I like the
idea of us all using cypherpunk walkie-talkies, I'd rather code my own
solution than give my money and my voice to Silent Circle.  Again, it
has nothing to do with them as people, and everything to do with their
business practices.

  I don't come at this discussion lightly.  I use closed-source software
every day.  I've built stuff that uses Twilio, which is a closed-source
communications API.  Other people feel differently about this topic and
that is Okay.


- -- 
"Cypherpunks write code not flame wars." --Jurre van Bergen
#REDACTED / PGP: 0xAE792C97 / OTR: saint at

My posts are my own, not my employers.
Version: GnuPG v1.4.11 (GNU/Linux)


More information about the liberationtech mailing list