GoldBug SF projects [was: Bittorrent Bleep]

grarpamp grarpamp at
Sun Sep 21 23:55:05 PDT 2014


Reply in thread please.

> the point was that I would not use bleep messenger from bittorrent, as
> it is not open source.

The point in this particular thread is... that since day one you
and your project developers are ignoring real concerns being raised
about your apparent cluster of projects.

> Others like the one you did a research on might
> be worth for further testings, either by the binaries

> Why don' t you test the binaries?

> 7) Ask a friend [...] to use the binaries: exchange keys,
> and chat. Done. All is encrypted and you never need to exchange keys.

Your repeated classic dodge... suggesting that people run blobs
instead of answering the question.

The 'research' was posted to throw up red flags about these projects
for anyone searching so the can see and form their own opinion.

The world does not need more closed source.
And it does not need more non-reproducible binaries.
ESPECIALLY from software projects claiming to protect users privacy
through encryption, and further enticing the masses to run them by
putting cute little doggies on the tin.

> The source and the binaries might not be machting from hash,
> because if you know source projects, the source might be corrected
> on one or two files even when the binaries have been build.

Fix your code then. Reproducible builds are a MUST for any
security/privacy project like yours.

> So better build the software from source and use your own binaries.
> I would suggest to build the crypto core first, which is spot-on.

> I cannot help you with compile firefloo messenger on linux or
> windows, as I have not done this yet.

I'm not going to waste time attempting to build stuff that apparently
no one but you and or your devs have been able to build. And I'm
not going to waste time disassembling the binaries either.

Post your SHA-256 reproducible build instructions on the wiki's for
your projects. Then ask for build confirmation/review from the

Until you either ...

A) Quit distributing binaries
B) Tell people in a COMPILING doc included in the sources how to
make binaries that SHA-256 match the ones you distribute

 and then

C) Answer why you claimed to be announced/partnered with EFF/CCC
(which they have both denied [1]), why you are continuing to mimic
the Tor homepage/TBB, why you're directly spamming people with
invites, why you are dodging these and other questions, and generally
appearing and acting very unusual for an opensource privacy suite

... no one is going to believe these projects are anything but
untrustworthy snake oil.

Help us help you.

In my opinion at this time, these (your) projects have serious trust
issues and I wouldn't recommend them until resolved.

And while this list isn't perfect or comprehensive, those needing
privacy solutions have other options to choose from here...

License issues...

An example of a decent model announcement and request for review,
that your seeming sockpuppet then replied to with a lure...

Old stuff... (RetroShare?)

Can anyone provide an overall interpretation in English of posts?

Ps: To date, none of the people potentially related to these projects
that I previously CC'd seeking comment from have replied either.

[1] Official Comments
Subject: [ #40481] False press using EFF / CCC?

More information about the cypherpunks mailing list