On 2012.05.25 16.37, Sarah A. Downey wrote: > I'll respond to your "everything must be open source" statement, > although I'm fairly certain it won't have any effect on your opinion > that "closed" always equals "bad." And please keep in mind that we're > giving away a /free /add-on with /zero /tracking of or advertising to > its users. > > It's an unnecessarily restrictive and self-handicapping position that > software /must /be open source to be useful for privacy. Plenty of open > source privacy tools have come and gone in the past because they aren't > sustainable without funding. > > Our software does what it says, and it's designed to be simple enough > that the vast majority of Internet users--people who aren't coders or > particularly tech savvy--can use it.
The problem here is that we don't trust you. It's nothing personal. We don't trust anyone, unless we can verify. If we can't see exactly what the tool does, we don't have a way of verifying what it does. This is critical normally, but much more important for tools that claim to provide privacy or security protection. There are a lot of ways around this. Open source is one of them. Providing source access to independent auditors under a license that does not restrict them from talking about what it does and how it does it is another. If you're not willing to be open about exactly how your tool protects my privacy, why should I trust that you got it right? No, I don't expect all users will check, or care, but some of us will, and we tell others what they should use. Privacy, like crypto, is *hard*. Would you trust someone who claimed to have a super-secure crypto algorithm that they wrote themselves that's never been peer reviewed? No. Why should we do it with a privacy tool? E. -- Ideas are my favorite toys.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
