Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged "solution" clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists.
However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi <na...@nadim.cc> wrote: > My blog post on the matter: http://log.nadim.cc/?p=89 > Your feedback is appreciated, thank you! > > NK > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech