From katrin@mobileactive.org Fri Jul 6 02:33:33 2018 From: Katrin Verclas To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Date: Fri, 06 Jul 2018 02:33:33 +0000 Message-ID: <172289277107.3881296.8826403706273065443.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0154505170513512883==" --===============0154505170513512883== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Having sat for the better part of the day with Phil Zimmerman with activists = and journalists in a room, here is what I learned:=20 On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: > On 10/11/2012 12:04 PM, James Losey wrote: >> Hi Nadim, >>=20 >> I largely agree with your assessment of Silent Circle and I offer these >> thoughts in an effort to increase my understanding of the issue. The >> product is a packaged "solution" clearly targeted towards business >> customers focused on corporate privacy. And while the company offeres >> regular transparency statements on government requests and strives to >=20 > Unless hit by a search warrant and a gag order at the same time, or a > federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (no= t a lawyer, not sure what's that worth in the end).=20 According to the Silent Circle website:=20 Websites and products that donb=19t list the people behind the technology or = where their servers are located, how the encryption keys are held or even how= you can verify that your data is actually encrypted, are typical of the indu= stry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use b Device to Device Encryptionb b=13 pu= tting the keys to your security in the palm of your hand (except for Silent M= ail, which is configured for PGP Universal and utilizes server side key encry= ption). We DO NOT have the ability to decrypt your communications across our = network and nor will anyone else - ever. Silent Phone, Silent Text and Silent= Eyes all use peer-to-peer technology and erase the session keys from your de= vice once the call or text is finished. Our servers donb=19t hold the keysb&y= ou do. Our secure encryption keeps unauthorized people from understanding you= r transmissions. It keeps criminals, governments, business rivals, neighbors = and identity thieves from stealing your data and from destroying your persona= l or corporate privacy. There are no back doors, nor will there ever be. More importantly, Zimmerman noted that Silent Circle code will be made availa= ble for audit. >=20 >> minimize storage of some types of data (and you're right that payment >> info is problematic) the company is clearly interested in paying for >> privacy assurances and seems less focused on supporting activists.=20 According to Zimmerman (who was keenly interested in use cases for activists)= will make licenses available to activists at no cost. They have not figured= out the process for this yet, but we'll certainly follow up with them.=20 Katrin=20 -- Unsubscribe, change to digest, or change password at: https://mailman.stanfor= d.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============0154505170513512883==--