https://cpunks.org//pipermail/cypherpunks/2014-September/005507.html
Reply in thread please.
the point was that I would not use bleep messenger from bittorrent, as it is not open source.
The point in this particular thread is... that since day one you and your project developers are ignoring real concerns being raised about your apparent cluster of projects.
Others like the one you did a research on might be worth for further testings, either by the binaries
Why don' t you test the binaries?
7) Ask a friend [...] to use the binaries: exchange keys, and chat. Done. All is encrypted and you never need to exchange keys.
Your repeated classic dodge... suggesting that people run blobs instead of answering the question. The 'research' was posted to throw up red flags about these projects for anyone searching so the can see and form their own opinion. The world does not need more closed source. And it does not need more non-reproducible binaries. ESPECIALLY from software projects claiming to protect users privacy through encryption, and further enticing the masses to run them by putting cute little doggies on the tin.
The source and the binaries might not be machting from hash, because if you know source projects, the source might be corrected on one or two files even when the binaries have been build.
Fix your code then. Reproducible builds are a MUST for any security/privacy project like yours.
So better build the software from source and use your own binaries. I would suggest to build the crypto core first, which is spot-on.
I cannot help you with compile firefloo messenger on linux or windows, as I have not done this yet.
I'm not going to waste time attempting to build stuff that apparently no one but you and or your devs have been able to build. And I'm not going to waste time disassembling the binaries either. Post your SHA-256 reproducible build instructions on the wiki's for your projects. Then ask for build confirmation/review from the community. Until you either ... A) Quit distributing binaries or B) Tell people in a COMPILING doc included in the sources how to make binaries that SHA-256 match the ones you distribute and then C) Answer why you claimed to be announced/partnered with EFF/CCC (which they have both denied [1]), why you are continuing to mimic the Tor homepage/TBB, why you're directly spamming people with invites, why you are dodging these and other questions, and generally appearing and acting very unusual for an opensource privacy suite ... no one is going to believe these projects are anything but untrustworthy snake oil. Help us help you. In my opinion at this time, these (your) projects have serious trust issues and I wouldn't recommend them until resolved. And while this list isn't perfect or comprehensive, those needing privacy solutions have other options to choose from here... https://www.prism-break.org/ License issues... http://www.gossamer-threads.com/lists/gnupg/users/62118 An example of a decent model announcement and request for review, that your seeming sockpuppet then replied to with a lure... https://lists.torproject.org/pipermail/tor-talk/2014-March/032498.html Old stuff... (RetroShare?) http://nabble.documentfoundation.org/Instant-Messenger-for-Libre-Office-serv... ss-and-open-source-td2595287.html http://comments.gmane.org/gmane.os.haiku.devel/18674 Can anyone provide an overall interpretation in English of posts? http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundre... /AKV-mailarchiv-2009-201310/author.html http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundre... /AKV-mailarchiv-2009-201310/26906.html Ps: To date, none of the people potentially related to these projects that I previously CC'd seeking comment from have replied either. [1] Official Comments EFF: https://lists.torproject.org/pipermail/tor-talk/2013-July/029129.html CCC: Subject: [rt.ccc.de #40481] False press using EFF / CCC? goldbug.sf.net