Hi Chris, I regrettably did not speak to anyone from Silent Circle. This is off-topic, but I find it kind of ironic for you to be asking me this; you have written scathing critiques involving my own software efforts without once contacting me, and I believe you to be much more guilty of "jumping the gun" than I could be in this occasion. But this is beside the point.
I've spoken to people who have been contacted by Phil and John and I have been told prior to writing my post that both have been very ambiguous regarding the availability of Silent Circle source code in its entirety on the day of release. No formal statement has yet been made by Silent Circle; If the source code is released when the software ships, I have absolutely no problem admitting that I jumped the gun a bit; but aside from references to open source (which could very well be limited to libraries (such as libssl) or protocols (such as ZRTP), I'm still waiting on the status of the software. NK On Oct 11, 2012 7:10 PM, "Christopher Soghoian" <ch...@soghoian.net> wrote: > > Hi Nadim, > > You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? > > The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is "damaging the state of the cryptography community"? > > I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). > > Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? > > Chris > > [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] > > > On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi <na...@nadim.cc> wrote: >> >> On 10/11/2012 5:51 PM, Ryan Gallagher wrote: >> > To Nadim: I'm interested to know, did you contact anyone at SC before >> > writing your blog post? Seems to me you arrived at your rather scathing >> > conclusion largely on the basis of an assumption. A sort of shoot first, >> > ask questions later approach. It actually says on the SC website that SC >> > will use "Open Source Peer-Reviewed Encryption." It also says, >> > unambiguously, "/We believe in open source/." >> >> It's almost impossible to develop the software Silent Circle is >> attempting to develop without using at least one open source library - >> this is in fact accentuated in my blog post. >> I sincerely apologize if my post is jumping the gun a bit, but aside >> from reassurances in private press conferences, Silent Circle hasn't >> made any statement that supports their releasing their code as open >> source. In fact, they have been very ambiguous on this issue prior to >> their alleged private statements yesterday and today. >> >> I will update my blog post the moment they announce that Silent Circle >> will be open source. I don't mean to "shoot first, ask questions later," >> but rather highlight serious potential dangers. >> >> >> > >> > ------------------------------------------------------------------------ >> >> From: compa...@stanford.edu >> >> Date: Thu, 11 Oct 2012 12:48:03 -0700 >> >> To: email@example.com >> >> Subject: Re: [liberationtech] Silent Circle to publish source code? >> >> >> >> We both received the same messages from Ryan Gallagher and Dan Gillmor: >> >> >> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm >> >> doing + he told me they'll be making everything open source. >> >> >> >> That's why I added the question mark, in case someone on the list knew >> >> anymore (for example, when -- what date? -- do they plan to publish >> >> the code). >> >> >> >> I've contacted @Silent_Circle via Twitter and invited them on to >> >> Liberationtech. If anyone knows how to reach someone on the team >> >> directly, please let me know. >> >> >> >> It'd be nice to send them a personal invitation, so we can talk to the >> >> team directly rather than have a secondhand conversation. >> >> >> >> Best, >> >> Yosem >> >> >> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi <na...@nadim.cc> wrote: >> >> > It would have been much nicer to create this thread based on real source >> >> > code, instead of a tweet based on word of mouth. We'll see. >> >> > >> >> > NK >> >> > >> >> > On 10/11/2012 3:27 PM, Yosem Companys wrote: >> >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >> >> >> that Silent Circle (contrary to what you say in your post) will >> >> >> publish source code. >> >> >> -- >> >> >> Unsubscribe, change to digest, or change password at: >> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >> >> >> >> > -- >> >> > Unsubscribe, change to digest, or change password at: >> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >> -- >> >> Unsubscribe, change to digest, or change password at: >> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > >> > >> > -- >> > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > >> -- >> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech