Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Greg greg at kinostudios.com
Thu Oct 2 13:08:32 PDT 2014


P.S. I would rather keep the tone of this conversation civil, and I recognize that in matching what I felt was your tone (in the previous email) it does not help accomplish that, so, sorry for that.

From my POV, this is where the upset comes from: somebody asks for a TrueCrypt alternative and I reply with one that I've been pouring my heart into since 2008. I think I'm doing a good thing, being on topic, sharing useful info (albeit in a way that counts as self-promotion, but nobody else mentioned our software and we do not spend money on advertising). Then said software and developers of it are attacked by someone who didn't take the time to even understand what it does.

That got to me. I will try to not let it, but I ask for your help in doing so. If you could please keep the scope of your deniability critiques to the deniability of the software you are critiquing, it would be appreciated, and it would help keep the tone of this conversation more civil.

Thank you,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Oct 2, 2014, at 12:39 PM, Greg <greg at kinostudios.com> wrote:

> On Oct 2, 2014, at 6:54 AM, Eleanor Saitta <ella at dymaxion.org> wrote:
> 
>> 
>> On 2014.10.01 04.22, Greg wrote:
>>> On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <ella at dymaxion.org>
>>> wrote:
>>>> I don't have any field stories that I have permission to share,
>>>> but yes, I've heard of specific incidents.
>>> 
>>> Incidents involving our software?
>> 
>> No, incidents involving "deniable" encryption systems.
> 
> There are different types of deniable encryption systems, with very _different_ deniability properties.
> 
> It is therefore erroneous to make sweeping claims about all of them, *especially* when you haven't looked into the details.
> 
>> Have you done field research on the real-world outcomes of deniable
>> encryption systems and how they shape the outcome of hostile field
>> interrogation?
> 
> Unlike you, I've done my homework and researched the deniability properties of encryption systems and why some are better than others.
> 
> In my research, I have not found any information where X deniability system lead to Y outcome for Z reasons.
> 
> If you have such research, please forward it to me, I will read it.
> 
> Now, I repeat my previous question/request:
> 
>>> How about you actually try the software before you go around
>>> insulting it and its developers?
> 
> 
> Re this:
> 
>> So, game theory is all well and good, but you'll have to excuse me if
>> I note that adversaries in the field that are likely to rip your
>> fingernails off don't do game theory proofs.
> 
> I wasn't the one making game theory proofs. Go back and read again.
> 
>> Again, field data or nothing.
> 
> If there is no useful field data, I'm afraid you'll just have to be disappointed.
> 
> I can make a quip like this too though: "RTFM or STFU" :P
> 
> Kind regards,
> Greg
> 
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> 
> On Oct 2, 2014, at 6:54 AM, Eleanor Saitta <ella at dymaxion.org> wrote:
> 
>> Signed PGP part
>> On 2014.10.01 04.22, Greg wrote:
>>> On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <ella at dymaxion.org>
>>> wrote:
>>>> I don't have any field stories that I have permission to share,
>>>> but yes, I've heard of specific incidents.
>>> 
>>> Incidents involving our software?
>> 
>> No, incidents involving "deniable" encryption systems.
>> 
>>>> More generally, it represents an utter lack of awareness on the
>>>> part of developers for the security risk analysis choices faced
>>>> by individuals actually at risk.
>>> 
>>> What lack of awareness?
>>> 
>>> How about you actually try the software before you go around
>>> insulting it and its developers?
>> 
>> Have you done field research on the real-world outcomes of deniable
>> encryption systems and how they shape the outcome of hostile field
>> interrogation?  If so, I'd love to see the research that you've done
>> that justifies the feature set you've selected, because this would be
>> a seriously amazing addition to the field (I'm completely sincere here).
>> 
>> 95+% of the time when I see people talking about deniability, they
>> have no direct field experience to back up their assertions of
>> utility, and the arguments they make look exactly like yours.  If
>> you're going to contest my statement, feel free to provide reliable
>> field data.  Short of that, you're simply wrong here.
>> 
>>> You are welcome to criticize our software based on knowledge and
>>> experience that you actually have, but don't go around making up
>>> nonsense and applying said nonsense to software that you admit
>>> having not tried.
>> 
>> So, game theory is all well and good, but you'll have to excuse me if
>> I note that adversaries in the field that are likely to rip your
>> fingernails off don't do game theory proofs.  Again, field data or
>> nothing.
>> 
>> E.
>> 
>> --
>> Ideas are my favorite toys.
>> 
>> --
>> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141002/fc005c14/attachment-0001.html>


More information about the liberationtech mailing list