Re: [liberationtech] Silent Circle to publish source code?
On Fri, Oct 12, 2012 at 08:16:52PM +0200, Julian Oliver wrote: This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) Please do not use URL shorteners, particularly on this list. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Excellent Julian! Here's the direct link for all three videos by CircledUp (http://www.youtube.com/user/CircledUp) over at Youtube: http://preview.tinyurl.com/8d3wrs6 and raw URL: http://www.youtube.com/watch?v=rhEzawkDTgEfeature=bf_prevlist=ULDhyUkrGcidQ On 10/12/12 2:16 PM, Julian Oliver wrote: This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
I love what they say in the videos. The videos are very well done and immediately put you at ease. I have dealt with Phil's products for a very long time, and I would trust that what he says is true as far as he knows about this product. However, open scrutiny of the code is the only way to truly know it's hostile environment safe. To have the programmer community pour over the code and test it six ways to Sunday. Not only by the developers themselves. As good as Phil and the other developers are, it almost always takes a fresh eye to pour over code to put it through tests even the developers haven't foreseen. Even when code is supposedly closed, it will ultimately be cracked, and then the vulnerabilities will be known but to the bad guys only. I would like to have seen them address the question of opening up the code to the community for scrutiny in the videos. And the following is also worrisome: Google Chrome says silentcircle.com certificate is invalid and you have to click through like it is a bad site to see the site. Firefox, says that although it is https, only part of the site is encrypted and only partially protected communication, and does not prevent eavesdropping. Safari does not go to the site, but instead puts up box saying Safari can't verify the identity of the website 'silentcircle.com' Interestingly enough, Opera showed it as Trusted. Go figure. If they want people to trust their product, the site itself should be trustworthy as well, don't you think? If someone is close with these guys, maybe you could mention this to them. I am sure they want everything to vibrate safe, secure, etc. On 10/12/12 2:16 PM, Julian Oliver wrote: This should help clear things up: http://is.gd/ZmBaMD (Featuring VJ Ann O'Nymous) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Silent Circle to publish source code?
Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Copying Susan Alderson, VP of Informatics, Silent Circle who was also in the meeting Eric and I referred to. Susan, forwarding you a thread from the Liberation Tech discussion list about Silent Circle source code, location of servers, etc. Please feel free to chime in, and nice to meet you! Cheers, Katrin On Oct 11, 2012, at 3:48 PM, Yosem Companys wrote: We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org kat...@mobileactive.org skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Can someone explain what this big secret briefing was? Are they making the PR rounds in DC? Yosem Companys compa...@stanford.edu wrote: We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Here's my prediction: Silent Circle will not fundamentally change anything. It will have no where near the impact that Phil's work on open cryptography standards has. It may be a great niche product for businesses, professional journalist groups and large NGOs looking for a turnkey solution. It will not be relevant for the majority people on the ground in high risk places with state based surveillance. It will not satisfy the most privacy concerned users in free countries either. Ultimately it is a *commercial product* aiming to package up complex capabilities into a promise of a tidy easy to use solutions. It is a worthy endeavor but there are many, many people out there trying to go the business route and I don't believe there is actually enough of a market for this to satisfy a venture capitalist or organic revenue to sustain itself. Cryptophone, WaveSecure, Cryptcell, IronKey, ZeroBank, Hushmail are just a few attempted similar efforts. All worthy efforts... but niche and ultimately not having the large impact we all might hope, and perhaps some even doing damage by promoting forked, out of date solutions. I fundamentally believe you can't design a product both for CEOs and revolutionaries. The threat models are entirely different. You can't be all things to all people especially if you are charging 20 USD per user per month, on top of a users existing 3g data plan. +n8fr8 Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. Hmm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous? Date: Thu, 11 Oct 2012 18:26:28 -0400 From: na...@nadim.cc To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
I'm sorry but this could easily refer to open source libraries, and commonly does. I will update my blog post again once source code is available, which should hopefully be when the app is released next week. NK On Oct 11, 2012 6:49 PM, Ryan Gallagher r...@rjgallagher.co.uk wrote: On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. Hmm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous? Date: Thu, 11 Oct 2012 18:26:28 -0400 From: na...@nadim.cc To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Hi Chris, I regrettably did not speak to anyone from Silent Circle. This is off-topic, but I find it kind of ironic for you to be asking me this; you have written scathing critiques involving my own software efforts without once contacting me, and I believe you to be much more guilty of jumping the gun than I could be in this occasion. But this is beside the point. I've spoken to people who have been contacted by Phil and John and I have been told prior to writing my post that both have been very ambiguous regarding the availability of Silent Circle source code in its entirety on the day of release. No formal statement has yet been made by Silent Circle; If the source code is released when the software ships, I have absolutely no problem admitting that I jumped the gun a bit; but aside from references to open source (which could very well be limited to libraries (such as libssl) or protocols (such as ZRTP), I'm still waiting on the status of the software. NK On Oct 11, 2012 7:10 PM, Christopher Soghoian ch...@soghoian.net wrote: Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post
Re: [liberationtech] Silent Circle to publish source code?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this a case of people (lib tech/security community) trusting people of up-to-now good security community reputation (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of we will be releasing the source code) combined with briefings with selected groups? Just curious. It goes back to the discussion about trusting open source software, or trusting people who we believe to have good intentions. Bernard PS: To try and keep the mood light: I wonder if the founders are fans of mid-80s German Euro-disco bands? On 12 Oct 2012, at 00:09, Christopher Soghoian wrote: Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https
Re: [liberationtech] Silent Circle to publish source code?
Thanks for spelling it out, and Nathan. NK On Oct 11, 2012 8:12 PM, Nathan nat...@freitas.net wrote: Ryan, mm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous As a reporter working on a piece, you should make sure you understand the different between using open-source and being open-source. Having code availability for private audit or dumping a zip file of code that doesn't quite build entirely is very different from bring a fully transparent open-source project. I am not splitting hairs here, just trying to make sure that you look beyond vague statements and perhaps ask where's your git repo going to be hosted? or what license are you planning to use? or even will an independent developer be able to compile and run their own version of your software?. As an example, Phil's much heralded ZRTP protocol was openly published but server code to enable Asterisk support for it had a very ambiguous license that made it unusable in anything but a pure academic setting. Like organic, open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to. +n8fr8 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Nathan writes: Like organic, open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to. Further to that, I hope people in situations like this won't be sloppy with the distinction between open source and viewable source code. Publishing source code gives some of the important benefits of open source, but not all of them. Open source doesn't just mean access to the source code. http://opensource.org/osd.html -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
