On Oct 2, 2014, at 4:55 PM, Rich Kulawiec <r...@gsp.org> wrote: > 1. Well, this has certainly been an interesting discussion, but until > Espionage is FULLY open-source, it's moot, because it hasn't (yet) been > exposed to unlimited peer review by arbitrary, independent third parties. > > Please see: > > > https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html
K, thanks for the read (I read it but nothing there seems to apply, perhaps some of its points will be addressed below). > Yes, I do note (per the Tao Effect web site) that people can "apply" to > see the source. > > Not good enough. Stating a thing does not make it true, not matter how many times it is repeated. It is not "apply". It is apply. Anyone is welcome, so long as they: 1. Are software security professionals. (Nobody else matters in this context, after all.) 2. Don't work for government intelligence agencies. 3. Sign the NDA we give them, the salient points of which are enumerated on our site. They will be given a free license to Espionage. Also, you convince me how to keep providing high quality software and support while simultaneously making Espionage completely free and open source and I will do it in a flash. You want free and open source? Use TrueCrypt. You want to see Espionage's source? Apply. > 2. About this comment on Reddit: > > "Because Espionage creates fake data for everyone, it is a fact > that at least some of the data on your drive is fake. Therefore > when you say "that data is fake", it's completely believable > that it is, because some of it is. We extensively document this > feature, so the interrogator knows, too, that your hard drive > is guaranteed to contain fake data." > > Plausible deniability is an interesting concept, but you know, if I'm > the one tortuXXXXdeploying enhanced interrogation techniques against > you because you have something I want very very badly, I'm not going to > spend my coffee break RTFM'ing about Espionage. Yes, you will. If you want the data, you will read about Espionage and how it works. You have no other choice. https://www.youtube.com/watch?v=NRISmm3dpVw Cheers, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Oct 2, 2014, at 4:55 PM, Rich Kulawiec <r...@gsp.org> wrote: > > 1. Well, this has certainly been an interesting discussion, but until > Espionage is FULLY open-source, it's moot, because it hasn't (yet) been > exposed to unlimited peer review by arbitrary, independent third parties. > > Please see: > > > https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html > > Yes, I do note (per the Tao Effect web site) that people can "apply" to > see the source. > > Not good enough. > > 2. About this comment on Reddit: > > "Because Espionage creates fake data for everyone, it is a fact > that at least some of the data on your drive is fake. Therefore > when you say "that data is fake", it's completely believable > that it is, because some of it is. We extensively document this > feature, so the interrogator knows, too, that your hard drive > is guaranteed to contain fake data." > > Plausible deniability is an interesting concept, but you know, if I'm > the one tortuXXXXdeploying enhanced interrogation techniques against > you because you have something I want very very badly, I'm not going to > spend my coffee break RTFM'ing about Espionage. > > To put it another way: > > If you or I or anyone else are going to suggest that people put their lives > (and those of their allies, families, friends, etc.) on the line and rely > on this concept to save them, then we should probably verify that it > actually works *first*. This isn't an Espionage or Truecrypt et.al. issue > per se, it's a conceptual issue and one which is very hard to research, > since of course we can't just poll the people whose answers matter > the most. (And even if we did, we couldn't trust the answers.) > In addition, some of the instance in which it failed in the field are > and will likely remain (indefinitely) unknown to us, since the only > people likely to report those failures to us are imprisoned or dead. > > This it not to say that it *never* works: it probably does, some of > the time. It is to say that we shouldn't blithely presume that it's > *always* going to work, and we especially shouldn't presume that it > will work when the stakes are high. > > ---rsk > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
