Slashdot Mirror
CipherCloud Invokes DMCA To Block Discussions of Its Crypto System
New submitter brennz writes "Cryptographers on StackExchange were discussing CipherCloud, using some promotional material from the same to provide detail. CipherCloud responded with a DMCA takedown request that some have characterized as abusive."
StackExchange appears to have put the question back up, but remove from it the screenshots which the DMCA takedown demand claimed constituted copyright infringement.
The screenshots should be a pretty solid fair-use case, though, so even that part of the takedown demand is groundless.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
There is no other way to characterize the DMCA.. It was no accident.
“He’s not deformed, he’s just drunk!”
The DMCA itself is abusive in every way. It stands to reason that any DMCA takedown "request" would be characterized as abusive.
If you have to go to such extremes to cover up what people are saying about your product, your product must really suck.
Now I know to stay well clear of anything that has to do with Ciphercloud. I certainly wouldn't have seen the Stack exchange discussion (much less the fact that Ciphercloud feels that cryptanalysis is bad for them) if they didn't do what they did, though. Thanks, Ciphercloud!
One guy comes right in with an answer that pretty much blows CC's false BS claims out of the water.
That's why the DMCA was invoked, to hide their criminal lying. That's why the images were removed, because all it took was a look at the images to figure out their bullshit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Classic example of trying to convince someone that obsecurity is security... Strenght of encryption is in algorithm used and keys used to encrypt things. Since pretty much all usable and resonably secure algorithm are patented and there for public knoledge allready, i really dont understand this DMCA takedown crap..
The question whether something promoted as "secure" actually is depends highly on exactly this: Someone coming and trying to break it. It's not like any other software product you use, where you, the user, can easily tell whether it does its job or not. You use some word processing software, you can instantly check whether it does what YOU want it to do (even if it happens to fail in some other department, you'll easily be able to tell whether it does what YOU want). You use some game, you can easily tell whether it gives you what you wanted in it.
Security software ... not quite. Whether it delivers what it promises isn't something you can check as the average user. Because, as the average user, you don't "use" it. Even as the person responsible for security in a company, you hardly have the time nor necessarily the knowledge to test it thoroughly. And before someone pipes in with "but if you can't break through bad security, you fail at your job", be aware that the job description for CISO hardly includes doing pen tests. If anything, you order them from companies who have the time and money to keep current with security issues.
So the question whether a product is good or snake oil highly depends on peer review, on people going out and hammering it. If you now go out of your way to keep people from just doing that, well, how should I judge such a move? This is much like a scientist publishing a breakthrough in anti-gravity, while at the same time forbidding everyone to attempt to reproduce his results.
That's about as much credibility is left after such a move.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Look elsewhere--the only thing that should be obscure about a crypto system is the key.
If Ciphercloud invokes DMCA on enough content, it will be difficult to determine the original message from "[image removed due to DMCA request]"
http://i.stack.imgur.com/xJ6V8.png http://i.stack.imgur.com/oBXZJ.png http://i.stack.imgur.com/h7ntP.jpg http://pages.ciphercloud.com/AnyAppfiveminutesdemo.html?alild=1
DMCA, in theory, is to stop people copying around the Internet the hard work creative efforts of people. It's not to stop a screenshot of something being discussed.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I just poked around the Stack Exchange API, and it seems several CipherCloud questions have been catapulted into the hottest questions in that site's history.
Bogtha Bogtha Bogtha
Cryptographics? In a few hours I could conjure up cryptographic algorithms, which encrypt text in a way I could not decrypt myself in a 1000 years. Too bad I can never be sure that a cryptographic expert could read my encryption almost like plain text. Odds are that exactly something like that would happen.
You have a healthy respect for cryptography, and that's good. However, I will point out that many standard crypto algorithms have test suites. If your crypto implementation yields the expected result for all the test cases, then you can be reasonably certain that your implementation is correct rather than having self-canceling bugs on encrypt/decrypt.
However, then you have to ask yourself *why* you are reimplementing a standard crypto algorithm when there are multitudinous well-tested libraries available for such.
Of course, this neglects implementation concerns like timing attacks, improperly secured key material, etc... which one would hope that the standardized, well-tested implementation libraries have already addressed insofar as possible.
It's not only a DMCA request; there is also a traditional cease-and-desist lawyer letter tacked onto the end, ordering StackExchange to ban a particular user and remove the actual (user-written) text of specific posts, via the usual bluster ("false and misleading", "defamation", "lanham act",...).
Caveat Emptor is not a business model.
There is no copyright "right" that is any equal to Human and Civil rights - including those of free speech.
What document establishes the existence of "Human and Civil rights - including those of free speech" in more than one country? The Universal Declaration of Human Rights, for example, mentions freedom of expression in article 19 but mentions copyright in article 27(2).
It is generally sound practice to stay clear of anything that has the world "Cloud" in the name.
So would Final Fantasy VII characters, PS2 games, and replacements for the old MP3.com be part of your "generally" or part of the exception?
These folks are idiots for issuing a DMCA in regards to their own material. Guess who wont be in business much longer.
Mod me up/Mod me down: I wont frown as I've no crown
Now that CipherCloud is exposed, I wonder how their clients would react.
There are some real companies on that list, if they haven't lied about those as well, then there are a few companies that need to seriously question their decision making process (which obviously did not include a real security evaluation).
I'd be surprised if these customers would stay on board after being manipulated and mislead.
Their logo is very ironic. They claim to provide "trust in the cloud", it even says that on their logo.
I wouldn't trust this company to make me a sandwich, let alone "encrypt" my sensitive data.
What a bunch of liars...
.
And this review pretty much shows that CipherCloud only performs -- "per word" encryption into a limited range
-- uses the same separator code-word to delimit each new encrypted word
-- does no encryption on punctuation marks
-- leaves itself wide open to word-frequency attacks
And the image is a very necessary way to show it, though each reader could go to the ciphercloud web site and try it out themselves.
.
Strangely, I can see their point of view of DMCA'ing the use of a complete copyrighted image, but I can also see the "fair use" point of view. At least the commentary and text on stackexchange has been restored. And the utter uselessness of ciphercloud's approach has been Barbra Streisanded out into the open rather than being hidden away in the way they expected the DMCA takedown notice to effect.
.
i don't see how "per word" encryption can be homomorphic, though. Well, any more than applying homomorphic encryption per word. blech.
Maybe they meant "homeopathic" encryption. The worse the encryption scheme, the safer your data is!
Freedom of speech is unbreakable and defamation cases in America are a myth, riiiiight.
1. Funny, how you conveniently omitted, that the paragraph right in front of that states the exact opposite: "(1) Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits."
2. This complete self-contradiction is yet another one of the many things that make this declaration such a ridiculous joke that nobody gives a shit about. How could you possibly follow that contradict themselves
3. This is NOT EVEN related to copyright! It talks about author's rights! You are aware that "copyright" is a DISTRIBUTOR's right, right? NOT an author's right! Not even remotely! It is actually the closest you can get to the opposite of an artist's right!
4. It also is solely a concept of ENGLISH-SPEAKING countries.
Germany has a completely different system! (Even though it appears many morons in the government and most citizens have been brainwashed into not knowing that anymore.)
Germany has Urheberrecht, which IS a author's right. Which is implicit. (This very text is "protected" right now. Without any need to state so explicitly.) And which you cannot sign away, not matter what you do, and no matter how much utterly retarded moron you and the criminal cokehead pieces of shit oppressing you want that!
6. What he was trying to say, is that
-- there are laws that say you can't harm somebody (No, the laws "protect" nobody! They are just a piece of paper. It's the people obeying it that protect people!)
-- and there are laws that say somebody can harm you!
And copyright is such a law that is there to make it legal for people to harm other people! It protects from no harm or loss whatsoever! (Lack of guaranteed profit is not "loss"! A copy is not harm! Especially not of something that publicly available in literally infinite abundance. Nothing is lost! Geez, why do I even have to explain this to UTTER MORONS LIKE YOU??)
7. So in all those places I, of course, use the term "right" loosely, since it is a harmful oppressive law, just as he stated and as I explained above.
So how about, when you don’t know shit, you keep your retarded mouth shut?
Noo... of course not. Since of course, you are by definition too fuckin. retarded for that!
CipherCloud's "success" stories includes the New Democratic Party of Canada. There are also a few other businesses that should really know better.
The taken-down images, and the promotional video around 2:53
http://pages.ciphercloud.com/AnyAppfiveminutesdemo.html?aliId=1
make it clear that in these promotional materials, identical plaintext leads to identical ciphertext.
Ciphercould's DMCA takedown notice
http://meta.crypto.stackexchange.com/a/258/555
rebuts that as wrong ("Ciphercloud's product is not deterministic"), with a key point at the beginning of page 3:
"[detractor] implies that what was perceived from a public demo is Ciphercould's product offering".
Ciphercould's position is: you misjudged us from what we have shown, which is not the real thing.
If they were doing secure encryption they could have just answered the question themselves. Since they instead went for silencing the critique, I guess the security of CipherCloud most be pretty bad.
Fuck that,
Copyright laws are important. If I make a software, I WANT all the users to pay me for my creation. If you don't use it don't pay, make it yourself , it will only take you 20 weeks of coding. But if I made it , I should be paid by all the users.PERIOD. I don't care that it's bits and they could be copied easily. I have the moral right to decide who can use what I made.
Fuck that,
Copyright laws are important. If I make a software, I WANT all the users to pay me for my creation. If you don't use it don't pay, make it yourself , it will only take you 20 weeks of coding. But if I made it , I should be paid by all the users.PERIOD. I don't care that it's bits and they could be copied easily. I have the moral right to decide who can use what I made.
You are clearly an evil capitalist or a sock puppet for MPAA / RIAA / some other content conglomerate. There are no real people who believe in copyright law being applied to bits and bytes, especially not people who develop software since we are all communist hippies who think everything should be free.
Of course I actually agree with you though even though you may well be a troll :)
I dont read
Guess which political party the MAFIAA bought in order to get the DMCA passed?
Yeah, the party that LOVES more and more government.
The very same party that by some crazy-ass "logic" thinks that the same government that runs the TSA should run health care for everyone.
Imagine that.
(How the hell can the Slashtards who rail against rampant government incompetence when the TSA is involved or when the Patriot Act or warrantless wiretaps are mentioned suddenly love handing over 1/6 of the economy and control of their health care decisions to the same bureaucrats? IT'S THE SAME OVERWEENING INCOMPETENT GOVERNMENT YOU FUCKING MORONS! IT ISN'T GOING TO MAKE ANYTHING BETTER BECAUSE IT NEVER HAS!)
It was passed unanimously which means some republicans voted for it too. This is especially true since they controlled the senate and the house of representatives in 1996 when it passed. http://en.wikipedia.org/wiki/Republican_Revolution
If the GOP gave two shits about the DMCA they have had ample opportunities to change it since. They haven't because they don't give a shit. Maybe the only reason for the vast payments to the Democratic party that year is simply because they needed more buying off, the republicans were on side already.
I dont read
No troll,
just an independent iOs developer trying to make a living on the appstore...
It appears that CipherClouds website is down. Hmm.
OMFG, that's great. May I use that phrase? I can well need it from time to time in meetings.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Adam Savage: "Well there's your problem!"
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
1. Funny, how you conveniently omitted, that the paragraph right in front of that states the exact opposite: "(1) Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits."
2. This complete self-contradiction is yet another one of the many things that make this declaration such a ridiculous joke that nobody gives a shit about. How could you possibly follow that contradict themselves
I see 27(2) as describing copyright and 27(1) as describing fair use.
This is NOT EVEN related to copyright! It talks about author's rights!
The French word for copyright is droit d'auteur which literally means right of author. It is intended as a culturally neutral way to refer to the concept of exclusive rights reserved to the author.
You are aware that "copyright" is a DISTRIBUTOR's right
The U.S. Constitution specifies that Congress grants exclusive rights "to authors and inventors". Are you referring to works of corporate authorship, or are you referring to standard form contracts in various parts of the publishing industry that require a permanent exclusive license?
Germany has Urheberrecht, which IS a author's right. Which is implicit. (This very text is "protected" right now. Without any need to state so explicitly.)
Likewise, the United States automatically grants copyright to the author of any work that has been fixed in a tangible medium. I am quoting you under fair use, and as the footer of this comment page reminds us ("Comments owned by the poster"), I have copyright on my own words too.
And which you cannot sign away, not matter what you do
Are authors also unable to grant an exclusive license under German law? And who owns the German author's rights in, say, Apple iOS?
retarded [...] cokehead [...] MORONS [...] you don’t know shit [...] retarded [...] retarded
I don't know why I even bother replying.
If you don't use it don't pay, make it yourself , it will only take you 20 weeks of coding.
George Harrison tried making music himself, and Bright Tunes Music still sued and won. Xio Software tried making software itself, and The Tetris Company still sued and won.
"Fuck that, Copyright laws are important. If I make a software, I WANT all the users to pay me for my creation."
Copyright laws may be important, but they also need to be reasonable, and they also have to allow for "fair use". Anything else is a genuine crime against society.
A single screen cap out of a video, as part of a discussion about the product, is CLEARLY fair use, by U.S. law.
The problem here isn't the concept of copyright law. The problem here is greedy corporations and abusive laws like the DMCA.
Oh come on folks.... Don't you think there is a witch hunt on this company? How bad can their software be ? Lots of users are using it, hasn't been hacked yet. It is easy to say their stuff sucks, but do you have proof? So someone messed up and pulled a dcma... So what? Prove that the software is insecure!!
No troll,
just an independent iOs developer trying to make a living on the appstore...
Good luck with that
I dont read