Slashdot Mirror

← Back to Stories (view on slashdot.org)

CipherCloud Invokes DMCA To Block Discussions of Its Crypto System

Posted by timothy on from the at-least-the-letter-is-polite dept.

New submitter brennz writes "Cryptographers on StackExchange were discussing CipherCloud, using some promotional material from the same to provide detail. CipherCloud responded with a DMCA takedown request that some have characterized as abusive."

22 of 85 comments (clear)

  1. back up again by Trepidity · · Score: 5, Informative

    StackExchange appears to have put the question back up, but remove from it the screenshots which the DMCA takedown demand claimed constituted copyright infringement.

    The screenshots should be a pretty solid fair-use case, though, so even that part of the takedown demand is groundless.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:back up again by TemperedAlchemist · · Score: 5, Insightful

      There needs to be heavy punitive measures against this sort of thing.

    2. Re:back up again by Jeremiah+Cornelius · · Score: 5, Interesting

      There is no copyright "right" that is any equal to Human and Civil rights - including those of free speech.

      There are two broad categories I like to use in describing laws and their application. Oppressive and Protective.

      Oppressive law is mandated for the establishment and defence of Power.

      Protective law seeks the institution and restoration of Justice.

      DMCA is a prime example of oppressive law - and how tricky this distinction can be, as it masquerades itself as a measure for the protection of some natural right. In this case, the "rights" protected are - of course - merely a concession managed by the state, enacted through legislation and constitution.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    3. Re:back up again by Anonymous Coward · · Score: 5, Insightful

      Well, now everyone knows beyond a shadow of a doubt that "CipherCloud" is insecure, or else they wouldn't have tried to suppress the conversation. Since their whole business is as a security provider...

    4. Re:back up again by analyst-cz · · Score: 3, Interesting

      Being freelance data security consultant myself, seeing any (regardless of whether law-aligned or law-breaking) attempt to suppress discussion about security of some product/company initiated by producing/that company, it marks it as heavily suspect. This has nothing to do with the legality of the suppression act, rather with the suppression attempt itself.

      Adding CipherCloud on blacklist of non-recommended products/companies for my clients. Point. Issue closed at....

      --
      "Interesting times to you..." (One of the most feared black magic curses.)
  2. ...characterized as abusive... by fustakrakich · · Score: 5, Insightful

    There is no other way to characterize the DMCA.. It was no accident.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:...characterized as abusive... by fustakrakich · · Score: 3, Insightful

      That would imply reading the article. But at least now I can understand the nature of the takedown.

      Why, it looks like young men playing leapfrog.

      --
      “He’s not deformed, he’s just drunk!”
  3. We know how good CipherCloud is by Anonymous Coward · · Score: 5, Interesting

    If you have to go to such extremes to cover up what people are saying about your product, your product must really suck.

  4. Streisand effect, anyone? by bakuun · · Score: 5, Insightful

    Now I know to stay well clear of anything that has to do with Ciphercloud. I certainly wouldn't have seen the Stack exchange discussion (much less the fact that Ciphercloud feels that cryptanalysis is bad for them) if they didn't do what they did, though. Thanks, Ciphercloud!

    1. Re:Streisand effect, anyone? by Anonymous Coward · · Score: 4, Funny

      It is generally sound practice to stay clear of anything that has the world "Cloud" in the name.

    2. Re:Streisand effect, anyone? by Anonymous Coward · · Score: 5, Informative

      There's meta discussion here, including links to cached copies...

      http://meta.crypto.stackexchange.com/questions/250/ciphercloud-dmca-notice

  5. Busted Wide Open as Shit in the Comments by Khyber · · Score: 5, Informative

    One guy comes right in with an answer that pretty much blows CC's false BS claims out of the water.

    That's why the DMCA was invoked, to hide their criminal lying. That's why the images were removed, because all it took was a look at the images to figure out their bullshit.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  6. Security credibility DEPENDS on peer review by Opportunist · · Score: 5, Insightful

    The question whether something promoted as "secure" actually is depends highly on exactly this: Someone coming and trying to break it. It's not like any other software product you use, where you, the user, can easily tell whether it does its job or not. You use some word processing software, you can instantly check whether it does what YOU want it to do (even if it happens to fail in some other department, you'll easily be able to tell whether it does what YOU want). You use some game, you can easily tell whether it gives you what you wanted in it.

    Security software ... not quite. Whether it delivers what it promises isn't something you can check as the average user. Because, as the average user, you don't "use" it. Even as the person responsible for security in a company, you hardly have the time nor necessarily the knowledge to test it thoroughly. And before someone pipes in with "but if you can't break through bad security, you fail at your job", be aware that the job description for CISO hardly includes doing pen tests. If anything, you order them from companies who have the time and money to keep current with security issues.

    So the question whether a product is good or snake oil highly depends on peer review, on people going out and hammering it. If you now go out of your way to keep people from just doing that, well, how should I judge such a move? This is much like a scientist publishing a breakthrough in anti-gravity, while at the same time forbidding everyone to attempt to reproduce his results.

    That's about as much credibility is left after such a move.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Security credibility DEPENDS on peer review by Takatata · · Score: 5, Insightful

      100% agreement. That's on user side. I am a freelancing software developer. The only project offers I strictly refuse are projects which involve cryptographic tasks. I just can't deliver. I am self-taught and did learning on the job in many projects. When I get the task to put a rotating green cube on the screen, I know the job is done when I see a rotating green cube on the screen. Even if I never did any 3D graphics before. Cryptographics? In a few hours I could conjure up cryptographic algorithms, which encrypt text in a way I could not decrypt myself in a 1000 years. Too bad I can never be sure that a cryptographic expert could read my encryption almost like plain text. Odds are that exactly something like that would happen.

    2. Re:Security credibility DEPENDS on peer review by Opportunist · · Score: 3, Interesting

      Allow me to let you in on a secret: A good portion of people writing "security" software don't really understand it either. You can tell when you review it. There is a fair lot of cargo cult programming going on, coupled with the use of libraries without first reviewing them or understanding their inner working or at least knowing to what degree it is self-sealing or how far you have to sanitize the input. This by itself is not yet a huge problem, as long as the libraries themselves work flawlessly, they are well and completely documented (and that documentation actually gets read) and they are being used correctly. And those things are more often than not a real problem.

      Now couple this with programmers using a lot of copy/pasting to get their programs written, often from rather dubious and not reviewed sources (you know the kind, where self proclaimed experts exchange their ideas what programming is like...), possibly copying snippets that were by no means MEANT to be secure or sanitized, and I guess I needn't go into detail.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Security credibility DEPENDS on peer review by Takatata · · Score: 3, Insightful

      Allow me to let you in on a secret: A good portion of people writing "security" software don't really understand it either. [...]

      I know. But I don't have to add to bad software. And as self-taught freelancer I have to be a little bit more aware of my reputation. Taking cryptographic related task would be a lose/lose situation for everyone.

  7. Probably not secure then. by Jeremy+Erwin · · Score: 5, Insightful

    Look elsewhere--the only thing that should be obscure about a crypto system is the key.

  8. here are some of the links in the dmca notice by Adult+film+producer · · Score: 4, Informative

    http://i.stack.imgur.com/xJ6V8.png http://i.stack.imgur.com/oBXZJ.png http://i.stack.imgur.com/h7ntP.jpg http://pages.ciphercloud.com/AnyAppfiveminutesdemo.html?alild=1

  9. Slight nuance by Anonymous Coward · · Score: 4, Interesting

    Cryptographics? In a few hours I could conjure up cryptographic algorithms, which encrypt text in a way I could not decrypt myself in a 1000 years. Too bad I can never be sure that a cryptographic expert could read my encryption almost like plain text. Odds are that exactly something like that would happen.

    You have a healthy respect for cryptography, and that's good. However, I will point out that many standard crypto algorithms have test suites. If your crypto implementation yields the expected result for all the test cases, then you can be reasonably certain that your implementation is correct rather than having self-canceling bugs on encrypt/decrypt.

    However, then you have to ask yourself *why* you are reimplementing a standard crypto algorithm when there are multitudinous well-tested libraries available for such.

    Of course, this neglects implementation concerns like timing attacks, improperly secured key material, etc... which one would hope that the standardized, well-tested implementation libraries have already addressed insofar as possible.

  10. Cloud Strife, Dark Cloud, SoundCloud by tepples · · Score: 3, Funny

    It is generally sound practice to stay clear of anything that has the world "Cloud" in the name.

    So would Final Fantasy VII characters, PS2 games, and replacements for the old MP3.com be part of your "generally" or part of the exception?

  11. Re:"Per word" encryption + unencrypted punctuation by maugle · · Score: 4, Funny

    Maybe they meant "homeopathic" encryption. The worse the encryption scheme, the safer your data is!

  12. Re:Copyright in Universal Declaration of Human Rig by Jane+Q.+Public · · Score: 3, Insightful

    "Fuck that, Copyright laws are important. If I make a software, I WANT all the users to pay me for my creation."

    Copyright laws may be important, but they also need to be reasonable, and they also have to allow for "fair use". Anything else is a genuine crime against society.

    A single screen cap out of a video, as part of a discussion about the product, is CLEARLY fair use, by U.S. law.

    The problem here isn't the concept of copyright law. The problem here is greedy corporations and abusive laws like the DMCA.