Re: [liberationtech] Silent Circle to publish source code?
On Fri, Oct 12, 2012 at 08:16:52PM +0200, Julian Oliver wrote: > > This should help clear things up: > > http://is.gd/ZmBaMD > > (Featuring VJ Ann O'Nymous) Please do not use URL shorteners, particularly on this list. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
I love what they say in the videos. The videos are very well done and immediately put you at ease. I have dealt with Phil's products for a very long time, and I would trust that what he says is true as far as he knows about this product. However, open scrutiny of the code is the only way to truly know it's hostile environment safe. To have the programmer community pour over the code and test it six ways to Sunday. Not only by the developers themselves. As good as Phil and the other developers are, it almost always takes a fresh eye to pour over code to put it through tests even the developers haven't foreseen. Even when code is supposedly closed, it will ultimately be cracked, and then the vulnerabilities will be known but to the bad guys only. I would like to have seen them address the question of opening up the code to the community for scrutiny in the videos. And the following is also worrisome: Google Chrome says silentcircle.com certificate is invalid and you have to click through like it is a bad site to see the site. Firefox, says that although it is https, only part of the site is encrypted and only partially protected communication, and does not prevent eavesdropping. Safari does not go to the site, but instead puts up box saying Safari can't verify the identity of the website 'silentcircle.com' Interestingly enough, Opera showed it as Trusted. Go figure. If they want people to trust their product, the site itself should be trustworthy as well, don't you think? If someone is close with these guys, maybe you could mention this to them. I am sure they want everything to vibrate safe, secure, etc. On 10/12/12 2:16 PM, Julian Oliver wrote: This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Excellent Julian! Here's the direct link for all three videos by CircledUp (http://www.youtube.com/user/CircledUp) over at Youtube: http://preview.tinyurl.com/8d3wrs6 and raw URL: http://www.youtube.com/watch?v=rhEzawkDTgE&feature=bf_prev&list=ULDhyUkrGcidQ On 10/12/12 2:16 PM, Julian Oliver wrote: This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Nathan writes: > Like "organic", open-source is a term that is easily claimed but > not often truly fulfilled. Nadim should be given more credit for the > completely transparent and engaged open-source project he runs, and for > defending an approach and philosophy that he is completely living up to. Further to that, I hope people in situations like this won't be sloppy with the distinction between "open source" and "viewable source code". Publishing source code gives some of the important benefits of open source, but not all of them. "Open source doesn't just mean access to the source code." http://opensource.org/osd.html -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Ryan Gallagher writes: > > On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: > > I sincerely apologize if my post is jumping the gun a bit, but aside > > from reassurances in private press conferences, Silent Circle hasn't > > made any statement that supports their releasing their code as open > > source. In fact, they have been very ambiguous on this issue prior to > > their alleged private statements yesterday and today. > > Hmm. It says on the SC website that it will use "Open Source Peer-Reviewed > Encryption," "Peer Reviewed Encryption and Hashing Algorithms," and also says > "we believe in open source." Is that very ambiguous? I think Google, or even Apple (!), could truthfully make the same statements, but that doesn't mean that they've committed not to develop proprietary software. (In fact, a number of quite significant open source contributions come from proprietary software vendors.) -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Thanks for spelling it out, and Nathan. NK On Oct 11, 2012 8:12 PM, "Nathan" wrote: > Ryan, > > > mm. It says on the SC website that it will use > >"Open Source Peer-Reviewed Encryption," > > "Peer Reviewed Encryption and Hashing Algorithms," > > and also says "we believe in open source." Is that very ambiguous > > As a reporter working on a "piece", you should make sure you understand > the different between using open-source and being open-source. Having code > availability for private audit or dumping a zip file of code that doesn't > quite build entirely is very different from bring a fully transparent > open-source project. I am not splitting hairs here, just trying to make > sure that you look beyond vague statements and perhaps ask "where's your > git repo going to be hosted?" or "what license are you planning to use?" or > even "will an independent developer be able to compile and run their own > version of your software?". > > As an example, Phil's much heralded ZRTP protocol was openly published but > server code to enable Asterisk support for it had a very ambiguous license > that made it unusable in anything but a pure academic setting. > > Like "organic", open-source is a term that is easily claimed but not often > truly fulfilled. Nadim should be given more credit for the completely > transparent and engaged open-source project he runs, and for defending an > approach and philosophy that he is completely living up to. > > +n8fr8 > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Ryan, > mm. It says on the SC website that it will use >"Open Source Peer-Reviewed Encryption," > "Peer Reviewed Encryption and Hashing Algorithms," > and also says "we believe in open source." Is that very ambiguous As a reporter working on a "piece", you should make sure you understand the different between using open-source and being open-source. Having code availability for private audit or dumping a zip file of code that doesn't quite build entirely is very different from bring a fully transparent open-source project. I am not splitting hairs here, just trying to make sure that you look beyond vague statements and perhaps ask "where's your git repo going to be hosted?" or "what license are you planning to use?" or even "will an independent developer be able to compile and run their own version of your software?". As an example, Phil's much heralded ZRTP protocol was openly published but server code to enable Asterisk support for it had a very ambiguous license that made it unusable in anything but a pure academic setting. Like "organic", open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to. +n8fr8 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this a case of people (lib tech/security community) trusting people of "up-to-now good security community reputation" (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of "we will be releasing the source code") combined with briefings with selected groups? Just curious. It goes back to the discussion about trusting open source software, or trusting people who we believe to have good intentions. Bernard PS: To try and keep the mood light: I wonder if the founders are fans of mid-80s German Euro-disco bands? On 12 Oct 2012, at 00:09, Christopher Soghoian wrote: > Hi Nadim, > > You didn't directly respond to Ryan's question. Have you actually spoken to > anyone at Silent Circle? > > The Silent Circle App isn't available for download to the general public yet. > As such, I think the company can be forgiven for not having source code > available just yet. Why not wait until the product is actually available for > download before you jump the gun and state that the company is "damaging the > state of the cryptography community"? > > I've met with the CEO a couple times in person and I've spoken with Phil and > Jon. Although I'm by no means ready to bless the product -- not only do I > want to see it open sourced, but I also want to see a published, thorough > audit by a respected security consulting firm -- I am at least excited to see > folks building a business around encrypted communications (where the crypto > is the selling point, rather than an unadvertised feature, like Skype). > > Jon and Phil is are not strangers to the security community and their email > addresses can be found with about 2 seconds of Googling. If you have > questions, why not contact them? > > Chris > > [Full disclosure: They've loaned me an ipod touch with a beta copy of the app > so that I can try it out. As soon as the Android version is ready to go, I'll > promptly give the iPod back to them. I'm not a Silent Circle investor, > consultant, etc] > > > On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi wrote: > On 10/11/2012 5:51 PM, Ryan Gallagher wrote: > > To Nadim: I'm interested to know, did you contact anyone at SC before > > writing your blog post? Seems to me you arrived at your rather scathing > > conclusion largely on the basis of an assumption. A sort of shoot first, > > ask questions later approach. It actually says on the SC website that SC > > will use "Open Source Peer-Reviewed Encryption." It also says, > > unambiguously, "/We believe in open source/." > > It's almost impossible to develop the software Silent Circle is > attempting to develop without using at least one open source library - > this is in fact accentuated in my blog post. > I sincerely apologize if my post is jumping the gun a bit, but aside > from reassurances in private press conferences, Silent Circle hasn't > made any statement that supports their releasing their code as open > source. In fact, they have been very ambiguous on this issue prior to > their alleged private statements yesterday and today. > > I will update my blog post the moment they announce that Silent Circle > will be open source. I don't mean to "shoot first, ask questions later," > but rather highlight serious potential dangers. > > > > > > > >> From: [email protected] > >> Date: Thu, 11 Oct 2012 12:48:03 -0700 > >> To: [email protected] > >> Subject: Re: [liberationtech] Silent Circle to publish source code? > >> > >> We both received the same messages from Ryan Gallagher and Dan Gillmor: > >> > >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > >> doing + he told me they'll be making everything open source. > >> > >> That's why I added the question mark, in case someone on the list knew > >> anymore (for example, when -- what date? -- do they plan to publish > >> the code). > >> > >> I've contacted @Silent_Circle via Twitter and invited them on to > >> Liberationtech. If anyone knows how to reach someone on the team > >> directly, please let me know. > >> > >> It'd be nice to send them a personal invitation, so we can talk to the > >> team directly rather than have a secondhand conversation. > >> > >> Best, > >> Yosem > >> > >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: >
Re: [liberationtech] Silent Circle to publish source code?
Hi Chris, I regrettably did not speak to anyone from Silent Circle. This is off-topic, but I find it kind of ironic for you to be asking me this; you have written scathing critiques involving my own software efforts without once contacting me, and I believe you to be much more guilty of "jumping the gun" than I could be in this occasion. But this is beside the point. I've spoken to people who have been contacted by Phil and John and I have been told prior to writing my post that both have been very ambiguous regarding the availability of Silent Circle source code in its entirety on the day of release. No formal statement has yet been made by Silent Circle; If the source code is released when the software ships, I have absolutely no problem admitting that I jumped the gun a bit; but aside from references to open source (which could very well be limited to libraries (such as libssl) or protocols (such as ZRTP), I'm still waiting on the status of the software. NK On Oct 11, 2012 7:10 PM, "Christopher Soghoian" wrote: > > Hi Nadim, > > You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? > > The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is "damaging the state of the cryptography community"? > > I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). > > Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? > > Chris > > [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] > > > On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi wrote: >> >> On 10/11/2012 5:51 PM, Ryan Gallagher wrote: >> > To Nadim: I'm interested to know, did you contact anyone at SC before >> > writing your blog post? Seems to me you arrived at your rather scathing >> > conclusion largely on the basis of an assumption. A sort of shoot first, >> > ask questions later approach. It actually says on the SC website that SC >> > will use "Open Source Peer-Reviewed Encryption." It also says, >> > unambiguously, "/We believe in open source/." >> >> It's almost impossible to develop the software Silent Circle is >> attempting to develop without using at least one open source library - >> this is in fact accentuated in my blog post. >> I sincerely apologize if my post is jumping the gun a bit, but aside >> from reassurances in private press conferences, Silent Circle hasn't >> made any statement that supports their releasing their code as open >> source. In fact, they have been very ambiguous on this issue prior to >> their alleged private statements yesterday and today. >> >> I will update my blog post the moment they announce that Silent Circle >> will be open source. I don't mean to "shoot first, ask questions later," >> but rather highlight serious potential dangers. >> >> >> > >> > >> >> From: [email protected] >> >> Date: Thu, 11 Oct 2012 12:48:03 -0700 >> >> To: [email protected] >> >> Subject: Re: [liberationtech] Silent Circle to publish source code? >> >> >> >> We both received the same messages from Ryan Gallagher and Dan Gillmor: >> >> >> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm >> >> doing + he told me they'll be making everything open source. >> >> >> >> That's why I added the question mark, in case someone on the list knew >> >> anymore (for example, when -- what date? -- do they plan to publish >> >> the code). >> >> >> >> I've contacted @Silent_Circle via Twitter and invite
Re: [liberationtech] Silent Circle to publish source code?
I'm sorry but this could easily refer to open source libraries, and commonly does. I will update my blog post again once source code is available, which should hopefully be when the app is released next week. NK On Oct 11, 2012 6:49 PM, "Ryan Gallagher" wrote: > > > On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: > > I sincerely apologize if my post is jumping the gun a bit, but aside > > from reassurances in private press conferences, Silent Circle hasn't > > made any statement that supports their releasing their code as open > > source. In fact, they have been very ambiguous on this issue prior to > > their alleged private statements yesterday and today. > > Hmm. It says on the SC website that it will use "Open Source Peer-Reviewed Encryption," "Peer Reviewed Encryption and Hashing Algorithms," and also says "we believe in open source." Is that very ambiguous? > > > > Date: Thu, 11 Oct 2012 18:26:28 -0400 > > From: [email protected] > > > To: [email protected] > > Subject: Re: [liberationtech] Silent Circle to publish source code? > > > > On 10/11/2012 5:51 PM, Ryan Gallagher wrote: > > > To Nadim: I'm interested to know, did you contact anyone at SC before > > > writing your blog post? Seems to me you arrived at your rather scathing > > > conclusion largely on the basis of an assumption. A sort of shoot first, > > > ask questions later approach. It actually says on the SC website that SC > > > will use "Open Source Peer-Reviewed Encryption." It also says, > > > unambiguously, "/We believe in open source/." > > > > It's almost impossible to develop the software Silent Circle is > > attempting to develop without using at least one open source library - > > this is in fact accentuated in my blog post. > > I sincerely apologize if my post is jumping the gun a bit, but aside > > from reassurances in private press conferences, Silent Circle hasn't > > made any statement that supports their releasing their code as open > > source. In fact, they have been very ambiguous on this issue prior to > > their alleged private statements yesterday and today. > > > > I will update my blog post the moment they announce that Silent Circle > > will be open source. I don't mean to "shoot first, ask questions later," > > but rather highlight serious potential dangers. > > > > > > > > > > > > >> From: [email protected] > > >> Date: Thu, 11 Oct 2012 12:48:03 -0700 > > >> To: [email protected] > > >> Subject: Re: [liberationtech] Silent Circle to publish source code? > > >> > > >> We both received the same messages from Ryan Gallagher and Dan Gillmor: > > >> > > >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > > >> doing + he told me they'll be making everything open source. > > >> > > >> That's why I added the question mark, in case someone on the list knew > > >> anymore (for example, when -- what date? -- do they plan to publish > > >> the code). > > >> > > >> I've contacted @Silent_Circle via Twitter and invited them on to > > >> Liberationtech. If anyone knows how to reach someone on the team > > >> directly, please let me know. > > >> > > >> It'd be nice to send them a personal invitation, so we can talk to the > > >> team directly rather than have a secondhand conversation. > > >> > > >> Best, > > >> Yosem > > >> > > >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: > > >> > It would have been much nicer to create this thread based on real source > > >> > code, instead of a tweet based on word of mouth. We'll see. > > >> > > > >> > NK > > >> > > > >> > On 10/11/2012 3:27 PM, Yosem Companys wrote: > > >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday > > >> >> that Silent Circle (contrary to what you say in your post) will > > >> >> publish source code. > > >> >> -- > > >> >> Unsubscribe, change to digest, or change password at: > > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > >> >> > > >> > -- > > >> > Unsubscribe, change to digest, or change password at: > > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > >> -- > > >> Unsubscribe, change to digest, or change password at: > > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > > > > > > -- > > > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > > -- > > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is "damaging the state of the cryptography community"? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi wrote: > On 10/11/2012 5:51 PM, Ryan Gallagher wrote: > > To Nadim: I'm interested to know, did you contact anyone at SC before > > writing your blog post? Seems to me you arrived at your rather scathing > > conclusion largely on the basis of an assumption. A sort of shoot first, > > ask questions later approach. It actually says on the SC website that SC > > will use "Open Source Peer-Reviewed Encryption." It also says, > > unambiguously, "/We believe in open source/." > > It's almost impossible to develop the software Silent Circle is > attempting to develop without using at least one open source library - > this is in fact accentuated in my blog post. > I sincerely apologize if my post is jumping the gun a bit, but aside > from reassurances in private press conferences, Silent Circle hasn't > made any statement that supports their releasing their code as open > source. In fact, they have been very ambiguous on this issue prior to > their alleged private statements yesterday and today. > > I will update my blog post the moment they announce that Silent Circle > will be open source. I don't mean to "shoot first, ask questions later," > but rather highlight serious potential dangers. > > > > > > ---------------------------- > >> From: [email protected] > >> Date: Thu, 11 Oct 2012 12:48:03 -0700 > >> To: [email protected] > >> Subject: Re: [liberationtech] Silent Circle to publish source code? > >> > >> We both received the same messages from Ryan Gallagher and Dan Gillmor: > >> > >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > >> doing + he told me they'll be making everything open source. > >> > >> That's why I added the question mark, in case someone on the list knew > >> anymore (for example, when -- what date? -- do they plan to publish > >> the code). > >> > >> I've contacted @Silent_Circle via Twitter and invited them on to > >> Liberationtech. If anyone knows how to reach someone on the team > >> directly, please let me know. > >> > >> It'd be nice to send them a personal invitation, so we can talk to the > >> team directly rather than have a secondhand conversation. > >> > >> Best, > >> Yosem > >> > >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi > wrote: > >> > It would have been much nicer to create this thread based on real > source > >> > code, instead of a tweet based on word of mouth. We'll see. > >> > > >> > NK > >> > > >> > On 10/11/2012 3:27 PM, Yosem Companys wrote: > >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday > >> >> that Silent Circle (contrary to what you say in your post) will > >> >> publish source code. > >> >> -- > >> >> Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> >> > >> > -- > >> > Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> -- > >> Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > > > -- > > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
> On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: > I sincerely apologize if my post is jumping the gun a bit, but aside > from reassurances in private press conferences, Silent Circle hasn't > made any statement that supports their releasing their code as open > source. In fact, they have been very ambiguous on this issue prior to > their alleged private statements yesterday and today. Hmm. It says on the SC website that it will use "Open Source Peer-Reviewed Encryption," "Peer Reviewed Encryption and Hashing Algorithms," and also says "we believe in open source." Is that very ambiguous? > Date: Thu, 11 Oct 2012 18:26:28 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [liberationtech] Silent Circle to publish source code? > > On 10/11/2012 5:51 PM, Ryan Gallagher wrote: > > To Nadim: I'm interested to know, did you contact anyone at SC before > > writing your blog post? Seems to me you arrived at your rather scathing > > conclusion largely on the basis of an assumption. A sort of shoot first, > > ask questions later approach. It actually says on the SC website that SC > > will use "Open Source Peer-Reviewed Encryption." It also says, > > unambiguously, "/We believe in open source/." > > It's almost impossible to develop the software Silent Circle is > attempting to develop without using at least one open source library - > this is in fact accentuated in my blog post. > I sincerely apologize if my post is jumping the gun a bit, but aside > from reassurances in private press conferences, Silent Circle hasn't > made any statement that supports their releasing their code as open > source. In fact, they have been very ambiguous on this issue prior to > their alleged private statements yesterday and today. > > I will update my blog post the moment they announce that Silent Circle > will be open source. I don't mean to "shoot first, ask questions later," > but rather highlight serious potential dangers. > > > > > > ------------------------ > >> From: [email protected] > >> Date: Thu, 11 Oct 2012 12:48:03 -0700 > >> To: [email protected] > >> Subject: Re: [liberationtech] Silent Circle to publish source code? > >> > >> We both received the same messages from Ryan Gallagher and Dan Gillmor: > >> > >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > >> doing + he told me they'll be making everything open source. > >> > >> That's why I added the question mark, in case someone on the list knew > >> anymore (for example, when -- what date? -- do they plan to publish > >> the code). > >> > >> I've contacted @Silent_Circle via Twitter and invited them on to > >> Liberationtech. If anyone knows how to reach someone on the team > >> directly, please let me know. > >> > >> It'd be nice to send them a personal invitation, so we can talk to the > >> team directly rather than have a secondhand conversation. > >> > >> Best, > >> Yosem > >> > >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: > >> > It would have been much nicer to create this thread based on real source > >> > code, instead of a tweet based on word of mouth. We'll see. > >> > > >> > NK > >> > > >> > On 10/11/2012 3:27 PM, Yosem Companys wrote: > >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday > >> >> that Silent Circle (contrary to what you say in your post) will > >> >> publish source code. > >> >> -- > >> >> Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> >> > >> > -- > >> > Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> -- > >> Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > > > -- > > Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
On 10/11/2012 5:51 PM, Ryan Gallagher wrote: > To Nadim: I'm interested to know, did you contact anyone at SC before > writing your blog post? Seems to me you arrived at your rather scathing > conclusion largely on the basis of an assumption. A sort of shoot first, > ask questions later approach. It actually says on the SC website that SC > will use "Open Source Peer-Reviewed Encryption." It also says, > unambiguously, "/We believe in open source/." It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to "shoot first, ask questions later," but rather highlight serious potential dangers. > > >> From: [email protected] >> Date: Thu, 11 Oct 2012 12:48:03 -0700 >> To: [email protected] >> Subject: Re: [liberationtech] Silent Circle to publish source code? >> >> We both received the same messages from Ryan Gallagher and Dan Gillmor: >> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm >> doing + he told me they'll be making everything open source. >> >> That's why I added the question mark, in case someone on the list knew >> anymore (for example, when -- what date? -- do they plan to publish >> the code). >> >> I've contacted @Silent_Circle via Twitter and invited them on to >> Liberationtech. If anyone knows how to reach someone on the team >> directly, please let me know. >> >> It'd be nice to send them a personal invitation, so we can talk to the >> team directly rather than have a secondhand conversation. >> >> Best, >> Yosem >> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: >> > It would have been much nicer to create this thread based on real source >> > code, instead of a tweet based on word of mouth. We'll see. >> > >> > NK >> > >> > On 10/11/2012 3:27 PM, Yosem Companys wrote: >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >> >> that Silent Circle (contrary to what you say in your post) will >> >> publish source code. >> >> -- >> >> Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >> >> > -- >> > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >> -- >> Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Yep, I met with Silent Circle's CEO and other staff including Jon Callas for a Slate piece I'm doing which I think might address some of the q's being raised here. Was told quite categorically that everything will be made open source after release. Also told me they have a white paper which is being peer reviewed then published. I believe there may be one or two people on this list who've been testing the beta version, so maybe they might want to weigh in...? I'd be v keen to hear the thoughts of anyone who's tested. To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use "Open Source Peer-Reviewed Encryption." It also says, unambiguously, "We believe in open source." > From: [email protected] > Date: Thu, 11 Oct 2012 12:48:03 -0700 > To: [email protected] > Subject: Re: [liberationtech] Silent Circle to publish source code? > > We both received the same messages from Ryan Gallagher and Dan Gillmor: > > @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > doing + he told me they'll be making everything open source. > > That's why I added the question mark, in case someone on the list knew > anymore (for example, when -- what date? -- do they plan to publish > the code). > > I've contacted @Silent_Circle via Twitter and invited them on to > Liberationtech. If anyone knows how to reach someone on the team > directly, please let me know. > > It'd be nice to send them a personal invitation, so we can talk to the > team directly rather than have a secondhand conversation. > > Best, > Yosem > > On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: > > It would have been much nicer to create this thread based on real source > > code, instead of a tweet based on word of mouth. We'll see. > > > > NK > > > > On 10/11/2012 3:27 PM, Yosem Companys wrote: > >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday > >> that Silent Circle (contrary to what you say in your post) will > >> publish source code. > >> -- > >> Unsubscribe, change to digest, or change password at: > >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> > > -- > > Unsubscribe, change to digest, or change password at: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
No secret briefing. An event with the Committee to Protect Journalists with many people in attendance including staff from Silent Circle. Katrin On Oct 11, 2012, at 4:20 PM, Nathan wrote: > Can someone explain what this big secret briefing was? Are they making the PR > rounds in DC? > > Yosem Companys wrote: > >> We both received the same messages from Ryan Gallagher and Dan Gillmor: >> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm >> doing + he told me they'll be making everything open source. >> >> That's why I added the question mark, in case someone on the list knew >> anymore (for example, when -- what date? -- do they plan to publish >> the code). >> >> I've contacted @Silent_Circle via Twitter and invited them on to >> Liberationtech. If anyone knows how to reach someone on the team >> directly, please let me know. >> >> It'd be nice to send them a personal invitation, so we can talk to the >> team directly rather than have a secondhand conversation. >> >> Best, >> Yosem >> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: >>> It would have been much nicer to create this thread based on real source >>> code, instead of a tweet based on word of mouth. We'll see. >>> >>> NK >>> >>> On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> -- >>> Unsubscribe, change to digest, or change password at: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org [email protected] skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Here's my prediction: Silent Circle will not fundamentally change anything. It will have no where near the impact that Phil's work on open cryptography standards has. It may be a great niche product for businesses, professional journalist groups and large NGOs looking for a turnkey solution. It will not be relevant for the majority people on the ground in high risk places with state based surveillance. It will not satisfy the most privacy concerned users in "free" countries either. Ultimately it is a *commercial product* aiming to package up complex capabilities into a promise of a tidy easy to use solutions. It is a worthy endeavor but there are many, many people out there trying to go the business route and I don't believe there is actually enough of a market for this to satisfy a venture capitalist or organic revenue to sustain itself. Cryptophone, WaveSecure, Cryptcell, IronKey, ZeroBank, Hushmail are just a few attempted similar efforts. All worthy efforts... but niche and ultimately not having the large impact we all might hope, and perhaps some even doing damage by promoting forked, out of date solutions. I fundamentally believe you can't design a product both for CEOs and revolutionaries. The threat models are entirely different. You can't be all things to all people especially if you are charging 20 USD per user per month, on top of a users existing 3g data plan. +n8fr8 Nadim Kobeissi wrote: >It would have been much nicer to create this thread based on real source >code, instead of a tweet based on word of mouth. We'll see. > >NK > >On 10/11/2012 3:27 PM, Yosem Companys wrote: >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >> that Silent Circle (contrary to what you say in your post) will >> publish source code. >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >-- >Unsubscribe, change to digest, or change password at: >https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Can someone explain what this big secret briefing was? Are they making the PR rounds in DC? Yosem Companys wrote: >We both received the same messages from Ryan Gallagher and Dan Gillmor: > >@rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm >doing + he told me they'll be making everything open source. > >That's why I added the question mark, in case someone on the list knew >anymore (for example, when -- what date? -- do they plan to publish >the code). > >I've contacted @Silent_Circle via Twitter and invited them on to >Liberationtech. If anyone knows how to reach someone on the team >directly, please let me know. > >It'd be nice to send them a personal invitation, so we can talk to the >team directly rather than have a secondhand conversation. > >Best, >Yosem > >On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: >> It would have been much nicer to create this thread based on real source >> code, instead of a tweet based on word of mouth. We'll see. >> >> NK >> >> On 10/11/2012 3:27 PM, Yosem Companys wrote: >>> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >>> that Silent Circle (contrary to what you say in your post) will >>> publish source code. >>> -- >>> Unsubscribe, change to digest, or change password at: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >-- >Unsubscribe, change to digest, or change password at: >https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Copying Susan Alderson, VP of Informatics, Silent Circle who was also in the meeting Eric and I referred to. Susan, forwarding you a thread from the Liberation Tech discussion list about Silent Circle source code, location of servers, etc. Please feel free to chime in, and nice to meet you! Cheers, Katrin On Oct 11, 2012, at 3:48 PM, Yosem Companys wrote: > We both received the same messages from Ryan Gallagher and Dan Gillmor: > > @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm > doing + he told me they'll be making everything open source. > > That's why I added the question mark, in case someone on the list knew > anymore (for example, when -- what date? -- do they plan to publish > the code). > > I've contacted @Silent_Circle via Twitter and invited them on to > Liberationtech. If anyone knows how to reach someone on the team > directly, please let me know. > > It'd be nice to send them a personal invitation, so we can talk to the > team directly rather than have a secondhand conversation. > > Best, > Yosem > > On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: >> It would have been much nicer to create this thread based on real source >> code, instead of a tweet based on word of mouth. We'll see. >> >> NK >> >> On 10/11/2012 3:27 PM, Yosem Companys wrote: >>> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >>> that Silent Circle (contrary to what you say in your post) will >>> publish source code. >>> -- >>> Unsubscribe, change to digest, or change password at: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org [email protected] skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi wrote: > It would have been much nicer to create this thread based on real source > code, instead of a tweet based on word of mouth. We'll see. > > NK > > On 10/11/2012 3:27 PM, Yosem Companys wrote: >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >> that Silent Circle (contrary to what you say in your post) will >> publish source code. >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: > Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday > that Silent Circle (contrary to what you say in your post) will > publish source code. > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
