Why didn't Snowden disclose Heartbleed (and others)?

[Lodewijk andré de la porte]

2014-04-15 21:11 GMT+02:00 Cypher <cypher at cpunk.us>:

> This is why I've long been an advocate of total disclosure. I think
> the document holders should publish everything they have. After they
> do that, they could continue to 'leak release' documents with detailed
> explanations for those who are too lazy or too confused by the
> documents to sift through them and read them but having a document
> dump out there would make the process of disclosure /much/ faster.
>

The problem is that the general public is very slow to learn. Every step
along the way even the wise said things like "OH! The NSA said A, but
they'll *never* say B!". Then two weeks later the docs show that B has not
just been said, it'd been SCREAMED. Then the word is "But they'll never say
C!". Etc. Maybe at some point people will pick it up differently.

It also fits the media format better to drip info. A new news article every
new drip. That makes for a lot more exposure.

It's sad but true. I would *LOVE* instant full disclosure. But it just
wouldn't have the same effect. Maybe you could do selective full
disclosure, but who'd be allowed access? And who'd prevent the store of
data from being leaked again?

Additionally there's the rewriting and securing. Often documents have
person-specific typo's or sentence changes that can identify a specific
instance of a document. There was this company that wanted to use it on
e-books, rewriting "good" to "not bad", etc.

Anyway, mixed bag regarding full disclosure. I think this is easier, safer
and reaches the general public better and as such it's the right choice.
It's a damn shame that it is, sensationalism isn't fun.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2413 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140415/7823effc/attachment-0001.txt>