Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Rich Kulawiec rsk at gsp.org
Thu Oct 2 16:55:21 PDT 2014


1. Well, this has certainly been an interesting discussion, but until
Espionage is FULLY open-source, it's moot, because it hasn't (yet) been
exposed to unlimited peer review by arbitrary, independent third parties.

Please see:

	https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html

Yes, I do note (per the Tao Effect web site) that people can "apply" to
see the source.

Not good enough.

2. About this comment on Reddit:

	"Because Espionage creates fake data for everyone, it is a fact
	that at least some of the data on your drive is fake. Therefore
	when you say "that data is fake", it's completely believable
	that it is, because some of it is. We extensively document this
	feature, so the interrogator knows, too, that your hard drive
	is guaranteed to contain fake data."

Plausible deniability is an interesting concept, but you know, if I'm
the one tortuXXXXdeploying enhanced interrogation techniques against
you because you have something I want very very badly, I'm not going to
spend my coffee break RTFM'ing about Espionage.

To put it another way:

If you or I or anyone else are going to suggest that people put their lives
(and those of their allies, families, friends, etc.)  on the line and rely
on this concept to save them, then we should probably verify that it
actually works *first*.  This isn't an Espionage or Truecrypt et.al. issue
per se, it's a conceptual issue and one which is very hard to research,
since of course we can't just poll the people whose answers matter
the most.  (And even if we did, we couldn't trust the answers.)
In addition, some of the instance in which it failed in the field are
and will likely remain (indefinitely) unknown to us, since the only
people likely to report those failures to us are imprisoned or dead.

This it not to say that it *never* works: it probably does, some of
the time.  It is to say that we shouldn't blithely presume that it's
*always* going to work, and we especially shouldn't presume that it
will work when the stakes are high.

---rsk




More information about the liberationtech mailing list