Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox

Zooko Wilcox-OHearn zooko at leastauthority.com
Thu Apr 24 12:09:48 PDT 2014


On 24/04/14 19:21, Zooko Wilcox-OHearn wrote:
>
> Oh, by the way, this part was incorrect. An example of a Tahoe-LAFS
> service provider is my company, https://LeastAuthority.com.
> LeastAuthority.com does not have any ability to acquire our
> customers's keys, nor to backdoor our customers.

On Thu, Apr 24, 2014 at 6:13 PM, Caspar Bowden (lists)
<lists at casparbowden.net> wrote:
>
> This is semantics. If you provide the service to a customer, you can be
> forced to backdoor

No, this is wrong. I can understand why you say this, because you've
looked at dozens — perhaps hundreds — of services which made claims
like those above, and in every case it turned out that the service
actually had the technical capability to backdoor its customers. Am I
right? The Hushmail case that you cite was an early and famous
example, and the recent Lavabit case is an example.

But LeastAuthority.com is different from that, for a very specific
technical reason.

That reason is that not *only* is our operation free from customer
plaintext and customer encryption keys, but *also* we don't deliver
software to our customers.

When new customers sign up at https://LeastAuthority.com, we send them
a nice email explaining that now they need to go acquire the Free and
Open Source software named "Tahoe-LAFS". We recommend that they get it
from their operating system provider, e.g. Debian, Ubuntu, or the
"pkgsrc" system (http://www.pkgsrc.org/).

Therefore if a government, or a murderous mafia, compelled us to
cooperate with them, we would then say "Well… okay, but… have you
figured out how your target users acquires the software? Because, you
know, if they're getting it from Debian, or from Tails, or something,
then there's not a whole lot we can do to help you backdoor your
target users…".

Here's an open letter on this topic that I wrote to the Silent Circle
folks when they shut down their mail service after the Lavabit story
broke:

https://leastauthority.com/blog/open_letter_silent_circle.html

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.



More information about the liberationtech mailing list