On 24/04/14 19:21, Zooko Wilcox-OHearn wrote: > > Oh, by the way, this part was incorrect. An example of a Tahoe-LAFS > service provider is my company, https://LeastAuthority.com. > LeastAuthority.com does not have any ability to acquire our > customers's keys, nor to backdoor our customers.
On Thu, Apr 24, 2014 at 6:13 PM, Caspar Bowden (lists) <[email protected]> wrote: > > This is semantics. If you provide the service to a customer, you can be > forced to backdoor No, this is wrong. I can understand why you say this, because you've looked at dozens — perhaps hundreds — of services which made claims like those above, and in every case it turned out that the service actually had the technical capability to backdoor its customers. Am I right? The Hushmail case that you cite was an early and famous example, and the recent Lavabit case is an example. But LeastAuthority.com is different from that, for a very specific technical reason. That reason is that not *only* is our operation free from customer plaintext and customer encryption keys, but *also* we don't deliver software to our customers. When new customers sign up at https://LeastAuthority.com, we send them a nice email explaining that now they need to go acquire the Free and Open Source software named "Tahoe-LAFS". We recommend that they get it from their operating system provider, e.g. Debian, Ubuntu, or the "pkgsrc" system (http://www.pkgsrc.org/). Therefore if a government, or a murderous mafia, compelled us to cooperate with them, we would then say "Well… okay, but… have you figured out how your target users acquires the software? Because, you know, if they're getting it from Debian, or from Tails, or something, then there's not a whole lot we can do to help you backdoor your target users…". Here's an open letter on this topic that I wrote to the Silent Circle folks when they shut down their mail service after the Lavabit story broke: https://leastauthority.com/blog/open_letter_silent_circle.html Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
