On 2013-10-09 21:42, Jim Thompson wrote:
On Oct 9, 2013, at 7:41 PM, Thinker Rix <[email protected]> wrote:
We all know that the governments currently force on a daily base one company
after the other to comply to their New World
Order-Orwellian-global-surveillance phantasies and make them compromise their
software or service. So I find it absolutely NECESSARY to clear out if pfSense
has fallen (already) to them, or not. Network security is THE major reason for
using pfSense. So it should be the most important question for all of us, isn't
it?
By my comprehension, everyone who says that this is a silly question or that it
is some unimportant thought no one should further bother thinking about in
detail, is either confused, or trying to conceal something.
You just want to have a discussion.
Well, actually I started this thread with a pretty frank,
straight-forward and very simple question.
But instead of a simple and clear answer, I got some pretty aggressive,
snappish and awkward reactions (mainly from you, by the way), and some
other users additionally threw in many other aspects so that yes -
subsequently a discussion evolved.
Perhaps it makes you feel important, I don’t know. Your Alex Jonesian “New
World Odor” rhetoric is tiring.
I guess you simply cant talk without offending and dispraising your
partner, do you?
Your NECESSARY discussion is not, because in the end analysis the discussion
you want to have is orthogonal to the subject. You should instead only depend
on you and your tools to ensure your security. Asking me (or Chris, or Jamie)
to answer the question puts everyone in a position where nothing can be
learned, so it is useless, rather than NECESSARY.
Oh yes, a lot can be learned. I asked a very simple question:
"I want to ask if you have been approached by any US government
officials, such as NSA, FBI, etc. and been asked/ forced to include any
backdoors, spyware, loggers, etc. into pfsense and if you did so."
Possible answers could have been e.g.:
1. "No, fortunately we have not been approached by anyone yet"
2. "Yes, we have been approached but we withstood. The current situation
is XY"
3. "We are not allowed to answer that"
4. <no reaction>
5. etc., etc., etc.
Especially answer no. 1 should have been a no-brainer in the case that
it is true. You, me and everyone else her would just be happy about that
no one has harassed you (yet) and it should not have been any problem
whatsoever to talk about it, shouldn't it?
But strangely, instead of just saying "no, fortunately no one has
approached us yet!", I got plenty of negative and sometimes even quite
aggressive feedback for "daring to ask" such a "naive question". Like if
there is a kind of taboo on that...
This is something that clearly confounds me. As David Burgess stated
above: Sometimes by asking a question, you receive a lot of information
between the lines.
Frankly, I am still unsure about how to interpret the result of this
whole thread. Are you barking and biting so much, because you have
something to hide, finally? Is that the reason why you bully me so much
for posing a simple question that should be the most natural question to
ask such a kind of project? Or is there another reason? I don't know.
But to me it seems like if I have hit a hornet's nest with my question.
Until you understand and accept this, your messages are mere platitudes.
Thanks once again (see all other answers of you, too) for being so
"polite" to me. Being an project leader and thus a representative of the
project, by talking so rude to your users, you are casting quite a
negative light onto the project. Maybe you want to think about it some
other time..
Look,
The integrity and bravery Ladar Levison has shown in his fight is impressive. He has
definitely earned enough "cred" to restart his business outside the US and be
very successful, but my hope is that he does not.
We should celebrate Ladar for making the decision to put himself at risk in
order to protect his users, but I think we should be careful not to forget that
Ladar was forced to make that decision because the security of Lavabit was all
a complete and total hand wave. There are already technologies such as PGP,
S/MIME, smart cards, and the dozens of other ways we can have secure email
without relying on a trusted third party such as Lavabit.
Lavabit could respond to a demand for plaintext, if Ladar were willing to do so
(and in the end, he was, for a particular user); on the other hand, Google
cannot give anyone access to the plaintexts of S/MIME encrypted messages that I
send through their servers because of technical barriers. That is the point of
doing your encryption locally, and that is why security and privacy are not,
and never will be, a service.(*)
This wasn't untested water, either. The exact same thing happened to Hushmail
in 2007 for the exact same reason, and should have been evidence enough that
the model isn't viable, even for a non-US company.
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
So again, I think we should definitely support Ladar as a person, but we also
need to be careful not to confuse that with supporting Lavabit, (the company)
which was a very real danger that should never be repeated again (again).
I totally agree to that.
How you interpret this and subsequently apply it to ESF and/or pfSense is up to
you.
Frankly, I am clueless.
Jim
(*) if you think about it for very long, it also shows that Snowden is not the
Ür-hacker than the press wants to make him. His communications via Lavabit
only gave the appearance of security, and he wasn’t smart enough to understand
same.
Indeed!
Regards
Thinker Rix
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
