At this point, I'd like to realize that I'm no longer contributing productively to this conversation. I've stated my points, would like to apologize should anyone have felt offended, and am going to bow out.
NK On Fri, Feb 8, 2013 at 11:48 AM, Nadim Kobeissi <na...@nadim.cc> wrote: > Overall, I am dissatisfied with Chris totally ignoring my point regarding > hype in the media. Chris selectively criticizes projects he doesn't like > when the media hypes them up, but when it's Silent Circle, even calling it > "unbreakable crypto" doesn't get anything out of him but dozens of > quotations all over their media blitz. I remain convinced that he is being > absolutely unfair and biased. > > > NK > > > On Thu, Feb 7, 2013 at 8:14 PM, Christopher Soghoian > <ch...@soghoian.net>wrote: > >> See Inline >> >> On Thu, Feb 7, 2013 at 12:15 PM, Andy Isaacson <a...@hexapodia.org> wrote: >> >>> Silent Circle may be an excellent privacy app. It might not have any >>> significant security problems. It might even do a good job of >>> mitigating important platform-based attacks and supporting important new >>> use cases (the "burn after reading" feature). When it's actually open >>> source I'll take a look and if it is good, I'll recommend it to users. >>> >>> Until that open review happens, I think it's inappropriate for voices in >>> our community to commend or recommend such a proprietary system. Each >>> person makes their own choices, of course, and nobody should base their >>> actions solely on what *I* think is right, but I hope you can hear my >>> concerns and consider the outcomes of your actions. >>> >> >> Twitter's official client and server code are not open source. That >> hasn't stopped the good folks at EFF, as well as many other privacy >> advocates from praising the company's law enforcement transparency >> policies, as well as Twitter's willingness to go the extra mile when >> responding to various forms of legal process. >> >> Much of Google's code, including all of the Gmail backend code is not >> open source, but that hasn't stopped privacy advocates from legitimately >> praising the company for voluntarily publishing some really useful data on >> government requests and DMCA takedown demands. >> >> Although I have not recommended Silent Circle to anyone, I believe that >> it is entirely legitimate to praise the company for its commitment to >> transparency regarding law enforcement requests and the company's overall >> law enforcement policy. >> >> Hell, looking at the list of companies ranked on EFF's "Who's got your >> back" website, closed source is by far the norm, not the exception. That >> hasn't stopped EFF from giving out gold stars where they feel they are >> deserved. See: >> https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back >> >> In fact, for many of the factors that I am most interested in, source >> code is completely irrelevant. Client source code does not reveal a >> company's data retention policy, and server data retention configurations >> are impossible to verify. Source code does not reveal whether a company >> will tell its users about subpoenas submitted for user data where not >> prevented from doing so by a gag order. Source code will not reveal a >> company's willingness to spend hundreds of thousands of dollars on legal >> bills to fight an improper request submitted by lawyers at the Department >> of Justice. For such things, you have to evaluate the company on its public >> policy (and, once the policy is put into action, you can judge the company >> via its track record). >> >> By all means, continue to harass Silent Circle about its source code. >> Likewise, please do hold journalists accountable for the bogus headlines >> they, or their editors have selected. But do not dismiss my legitimate >> interest in the law enforcement legal policies adopted by companies. These >> policies are often just as important, yet impossible to verify, even when >> companies publish their source code. >> >> Cheers, >> >> Chris >> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
