Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Sudden Policy Change In Truecrypt Explained

Posted by timothy on from the maybe-your-canary-needs-a-canary dept.

X10 (186866) writes "I use Truecrypt, but recently someone pointed me to the SourceForge page of Truecrypt that says it's out of business. I found the message weird, but now there's an explanation: Truecrypt has received a letter from the NSA." Anyone with a firmer source (or who can debunk the claim), please chime in below; considering the fate of LavaBit, it sure sounds plausible. PCWorld lists some alternative software, for Windows users in particular, but do you believe that Microsoft's BitLocker is more secure?

58 of 475 comments (clear)

  1. That's not proof! by Threni · · Score: 5, Insightful

    You're taking twitter posts too seriously. That's just speculation based on what appeared on their site the other day, followed by:

    "Alyssa Rowan @AlyssaRowan
    @munin @0xabad1dea @puellavulnerata I can confirm presence of TrueCrypt duress canary as per 2004 conversation"

    Sorry, who the fuck are you?

    1. Re:That's not proof! by arglebargle_xiv · · Score: 5, Interesting

      Could you clarify? Who is Alyssa Rowan to TrueCrypt? Sorry for my ignorance, I tried Googling a bit and just got links to this article.

      It's someone who has been active in the crypto/security community for awhile now. Personal details are pretty scarce (i.e. it could be a front for the NSA for all anyone knows), but the persona has been active in crypto. If you want something to Google on try "alyssa rowan cryptography".

    2. Re:That's not proof! by fnj · · Score: 3, Informative

      very sorry to hear that TrueCrypt may be going away

      Ya think? Really? You are hereby awarded the prize for most spectacular understatement of the obvious. Sorry, I do not intend to be mean; it just hit my funny bone; peace, man. It's somewhat akin to stating that the US "may be entering a period of decline" or saying in 2004 the space shuttle program "may be winding down".

      OTOH, seriously, the project may have gone deader than a doornail overnight, but use of 7.1a is still just as viable as it was before the stunning suicide note. It has passed the independent stage 1 security audit with thumbs up, and if you don't already have a copy it's not hard to find out there. Pretty sure in the long run somebody will pick up the pieces and carry on. The HQ for the next project will clearly have to be located some place other than the inheritor of the Nazi Germany/Soviet Russia mantle of most despicable police state.

      LUKS is very good, but until someone works out a way to do hidden containers, it's not even close to a replacement for the most critical feature of TrueCrypt.

    3. Re:That's not proof! by Threni · · Score: 4, Informative

      Already there, dude.

      http://truecrypt.ch/

      Switzerland!

    4. Re:That's not proof! by philip.paradis · · Score: 3, Informative

      LUKS is very good, but until someone works out a way to do hidden containers, it's not even close to a replacement for the most critical feature of TrueCrypt.

      Hidden containers are less useful than you might imagine in practice for a variety of reasons. Some of these points are relevant. I don't have any use for hidden containers, although I do use LUKS on a large number of systems.

      --
      Write failed: Broken pipe
    5. Re:That's not proof! by fnj · · Score: 3, Insightful

      It's a good step, no doubt about it, although given recent caving of Swiss entities to US bullying I do not feel as ebullient as I want to.

  2. Speculation by borcharc · · Score: 5, Insightful

    There is no concrete information that the NSA or a national security letter was involved. When did we start linking to random blogs for speculation presented as fact? May as well just posted a link to reddit thread about this.

    1. Re:Speculation by Anonymous Coward · · Score: 5, Insightful

      We do not need concrete information.
      When a major encryption project like this closes shop, without any explanation, duress should be assumed.
      The current climate requires it.

    2. Re:Speculation by aaaaaaargh! · · Score: 5, Funny

      That's exactly what I thought first. But then it came to my mind that Bitlocker is much more secure than Truecrypt, because it has been developed and carefully audited by a corporation with a proven track record in cyber security. That fact makes it practically 100% certain that the developers of Truecrypt just thought "nah, fuck it, we now have Bitlocker, which uses military-grade encryption against all kinds of criminals and cyber-threads, and there are minor to medium potential problems with our code, so we just throw the towel and give up all the work on Truecrypt."

      That's obvious, right?

    3. Re: Speculation by Anonymous Coward · · Score: 3, Insightful

      It's not necessarily the NSA you always want to protect things from. What if your laptop gets stolen, would you want the thieves to be able to look through the contents?

    4. Re:Speculation by Aighearach · · Score: 4, Interesting

      Not really, when the project used an incompatible license all along and while marginally "open source," they were clearly taking a hostile stance towards other FLOSS projects, as nobody could integrate their work with anything else.

      In that context their explanation makes perfect sense; they didn't do it for love of FLOSS, they did it because there was no other portable options that included support for all windows versions. Without XP, that ceases being true.

      As a supporter of Free Software that reasoning might sound lame to me, but it is very consistent. And if their whole point was to provide an option for windows users, then recommending bitlocker is actually consistent. Having different values doesn't imply he's lying about his.

      As far as canaries go, you have to have the live bird before going into the mine, and then have the dead bird. In this case there was no live bird in advance, and there is dead bird afterwards. Not only have we not been warned by a canary, nobody actually even claims to have seen one, dead or alive.

      The name of the person who registered a non-profit and for-profit for TrueCrypt in the US was David Morgan. That person has already verified the posted information from an email address @truecrypt, so this other person not known to be associated with TrueCrypt should be ignored.

    5. Re:Speculation by sysrammer · · Score: 4, Insightful

      It must be sad living in a world of such heightened paranoia.

      ...sez the AC.

      --
      His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
    6. Re:Speculation by lsllll · · Score: 5, Funny

      Amen brother! I switched to Bitlocker a while ago and never even looked back at LUKS or TrueCrypt. The problem I had, though, was that I run only Linux on my machine. No worries. I installed VirtualBox, created a VM and installed Windows on it. That way I could make /home/lsllll as a private share available in the VM and have Bitlocker go at it. That is the ONLY reason why I run Windows. God praise the Bitlocker developers. They saved me from the NSA.

      --
      Is that a roll of dimes in your pocket or are you happy to see me?
    7. Re:Speculation by dcollins117 · · Score: 4, Insightful

      What are you doing with your computer that BitLocker doesn't count as safe?

      That's none of your concern. That being said, you're kinda missing the point of privacy. The use of encryption in no way implies that you are doing anything wrong. Just the opposite - you've taken steps to insure your data is not accessed by an unauthorized person. So in fact, you're doing something right.

    8. Re: Speculation by jelIomizer · · Score: 3, Insightful

      Secret plans? About what? If you have secret plans that the government should be interested in, then I want them to find out about it - because unless you are planning terrorist activity, there is no reason to fear so much.

      Wow. Did you seriously just use "Nothing to hide, nothing to fear"... seriously? Are you retarded, or do I have to point out that hundreds of millions of people were abused and/or murdered by governments--including the US government--throughout history? If you knew, then why do you seem so confident that people who wants to keep their plans secret must be doing something immoral? History just isn't on your side, fool.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    9. Re: Speculation by Euler · · Score: 4, Insightful

      Ah, yes... "If you aren't doing anything wrong, then what do you have to worry about"
      Except there are plenty of cases of persecution if you happen to be:
        - Gay,
        - A former member of the communist party,
        - Union organizer,
        - Whistle blower,
        - Protester, objector, not in line with corporate America,
        - Catholic, Jewish, Japanese, or anything else not favorable at the time...
      None of these people are terrorists, but clearly lost their liberties, reputation, or assets when they were "outed"

  3. tc-play is a reimplementation of Truecrypt by Anonymous Coward · · Score: 5, Informative

    Fyi Truecrypt, with its dubious code provenance, has been suspect for a long time anyway, regardless of these developments. S there already is a re-implementation of Truecrypt from the ground up for Linux and BSD by non-anonymous(?) developers: https://github.com/bwalex/tc-play

    Also, cryptsetup-LUKS (recent versions only) can mount truecrypt containers under Linux.

    1. Re:tc-play is a reimplementation of Truecrypt by ysth · · Score: 4, Informative

      You are behind the times.

      The binary build was duplicated from the source.
      The source has been audited.

    2. Re:tc-play is a reimplementation of Truecrypt by davydagger · · Score: 4, Insightful

      There is actually a code audit underway, and so far they've found nothing.

      the concept of anonymitty means nothing, because we live in an age where reputation can be bought.

      all that matters is if the source code can be inspected, and if the source code matches the binaries.

      who actually makes it does not matter as long as its audited properly.

      stop with the FUD.

    3. Re:tc-play is a reimplementation of Truecrypt by ysth · · Score: 3, Informative

      The audit of the source is complete. The next phase of the audit is cryptanalysis.

  4. TC developer used hidden message!!! by Anonymous Coward · · Score: 4, Interesting

    "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

    1. Re:TC developer used hidden message!!! by Jane+Q.+Public · · Score: 5, Insightful

      WARNING: Using TrueCrypt is notsecure as it may contain unfixed security issues

      But this raises many questions.

      (1) If Truecrypt were secure in the first place, a National Security Letter would have been of no use: the developers would be no more help de-crypting something than anyone else. So in the usual context, a NSL has no point whatever.

      (2) A demand for other records, say about the developers, would also not invalidate the CODE of Truecrypt in any way.

      So that only leaves a couple of possibilities as legitimate reason for a canary: (3) Possible coercion by the government to somehow weaken their crypto.

      (4) Discovery of some prior "backdoor" that had somehow been inserted in the past.

      (5) Maybe some of the developers wanted to remain strictly anonymous and so any overtures made by the government at all created panic.

      Since the people doing the security audit have announced that it will continue, if it turned out to be (4) it will be discovered soon. Which it seems to me leaves only (3) and (5) as any kind of government "threats" that make any sense.

      Any other ideas?

    2. Re:TC developer used hidden message!!! by Shawndeisi · · Score: 5, Insightful

      I would guess that they were NSL'd for their signing keys; that would make it less secure in the future so the correct option is to burn the brand now. Reports said that both signing keys signed the new (crippled/canaried) executable, and that the keys had been re-uploaded with the same content on sourceforge. Their legit URL points to their sourceforge site. Instances of "U.S." in their source code were replaced with "United States".

      It looks to me like they went through a lot of trouble to burn the brand down before any damage could be done with the NSA's new-found signing keys. It's a very, very bad sign that this happened to TrueCrypt. Good on them for being brave enough to inform us, despite the real risks they faced in doing so. If this project is forked, we can only hope the new maintainers are brave enough to do the same when the NSA goes after them. It also raises the question: how much other infrastructure has been compromised while the maintainers have stood silently by?

    3. Re:TC developer used hidden message!!! by Jason+Levine · · Score: 4, Interesting

      Let's assume that the government would be breaking the law by NSLing the signing keys. (As opposed to the law being so mucked up that such an action is entirely legal.)

      1) What lawyer is going to be able to fight this battle against the US Government and win? Let me narrow that list down a bit. What lawyer that the TrueCrypt developers would hire would be able to fight this battle against the US Government and win?

      2) Would the TrueCrypt developers even be allowed to see a trial or would they be arrested on "unrelated" charges and sent to prison? Or worse. (There is plenty that a power hungry governmental agency can do to someone that says "no" to them that makes "being arrested on unrelated charges" preferable.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    4. Re:TC developer used hidden message!!! by ray-auch · · Score: 3, Insightful

      Frankly, useless crypto kits backdoored entire time are.

      FTFY
       

  5. still speculation by tero · · Score: 4, Informative

    According to this page - someone e-mailed a dev contact and claims they called it quits due to lack of interest

    https://www.grc.com/misc/truec...

    (Scroll to the bottom, the green box).

    The only real "confirmation" we have is the info on the TrueCrypt page. It's over (no matter what the reason is), best to move on.

    1. Re:still speculation by tero · · Score: 5, Interesting

      Two guys - working working over a decade without funding etc.

      Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.

      Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.

      They started it as a Windows project, when Windows was...a completely different beast than it is today.

      It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.

      It's certainly a very interesting way to exit stage.

    2. Re:still speculation by AmiMoJo · · Score: 5, Insightful

      TrueCrypt never claimed to protect you from a compromised system. The point of it was offline security. Once unmounted the contents of an encrypted container are inaccessible to anyone without the key.

      Once you understand what TrueCrypt is for you can see why it is so valuable.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. I Voted This Submission Down by NotSanguine · · Score: 5, Interesting

    No evidence is presented. The reference to a "canary" is suspect, as it isn't discussed what that canary was.

    Some semi-random tweeter is reposted on some random blog? I don't think so.

    It's possible that this is accurate, but without evidence, why bother? As I asked in the original discussion about the shuttering of TrueCrypt, who stands to benefit?

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    1. Re:I Voted This Submission Down by NotSanguine · · Score: 3, Insightful

      The reference to a "canary" is suspect, as it isn't discussed what that canary was.

      The canary is the fact that the "explanation" of the EOL of XP is inconsistent with the stated goals and roadmap for the product as of recently.

      If they'd wanted people to believe they'd gotten tired of the product, they'd have said "We're tired of working on this, we've changed our licensing terms, and releasing the code to everyone for future development."

      If you can't say why you're taking the product down, you have two alternatives: either say nothing, fueling suspicion, or lie so poorly that everyone's suspicions are raised even higher.

      The government can compel you to neither confirm nor deny any secret orders from any secret courts. (This also ought to be intolerable in a free society, but we're well past that tipping point.) What it cannot do is require that you be a sufficiently good liar that anyone believes your explanation. They can't charge you for not mentioning the secret court's secret letter because to do so would expose said letter's existence, which is precisely what the government wants hidden in the first place. Warrant canaries are a legal catch-22 of the government's own making.

      Yes, it's suspicious. Yes, the suggestions make little or no sense to anyone with technical knowledge.

      As I said, the report might be accurate.

      However, extraordinary claims require extraordinary evidence. I see no evidence. At all. It's all supposition and guesswork. Present me with actual evidence, and I can be convinced. Until then, it's all noise and hand waving, IMHO.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
  7. AC in last thread mentioned a warranty canary by Anonymous Coward · · Score: 5, Informative

    An anonymous coward in the last thread said that a known warrant canary was seen:

    http://it.slashdot.org/comments.pl?sid=5212985&cid=47117051

  8. Speculation by Anonymous Coward · · Score: 3, Insightful

    This is Slashdot. No one cares whether something is true or not as long as it is negative towards the government. Sad really, since it diminishes any sort of real discussion about actual concerns about the government rather than made up fantasy.

  9. Re: people ruin everything by Noah+Haders · · Score: 5, Interesting

    this is actually a link to an interesting article, not goatse. it's an editorial about how the most recent full version of true crypt (7.1a) is still as secure as it was last week, and there's no reason to stop using it. It also says they (who?) are working on an open license fork that will be released on a future date.

    still doesn't answer the question on if it's like lava bit. true crypt may be just as secure as it was last week, but maybe it's also been owned by NSA from day one.

  10. Ars Scholae Palatinae by westlake · · Score: 5, Informative
    There is nothing I think worth adding to "Marlor's" post to Ars:

    I can't comprehend the conspiracy theories flying around about this.

    [TrueCyrpt] is a barely-maintained Open Source project (no updates in the past two years), with an outdated, messy code-base, serious build dependency problems, and lacking in full support for the newest Windows release. It likely only has a small development team - perhaps only one or two people.

    The developers are absurdly secretive, and when they do come out of hiding to make a statement, they are confrontational (take, for example, their response to Fedora's queries over the clause in their license that reserves the right to sue for copyright infringement).

    If this was any other project, we'd all just assume the developers had decided to call it a day. However, because of the nature of the software, everyone assumes security agencies or reptilians are involved.

    Maybe the developer was a security researcher who has decided to retire to a tropical island. Or maybe there were two developers, and they have had a dispute. Maybe the primary developer took a job offer at a security firm, with a clause prohibiting him from working on external projects. There are an almost infinite range of possibilities... assuming that the cause was the devious acts of state-sponsored actors is leaping to a pretty big conclusion.

    If I developed a piece of security software, and wanted to cease development, I'd make a similar statement.

    "Don't use this anymore. It's not maintained, and should therefore be considered insecure".

    Otherwise, if a vulnerability is discovered, everyone will scream: "Fix it now! Nobody told us to stop using it!"

    ''TrueCrypt is not secure,'' official SourceForge page abruptly warns

    [Ars stats for Marlor: 1279 posts > registered Oct 3, 2003 > 0.01% of all posts > 0.33 posts per day]

  11. TC developer used hidden message!!! by Anonymous Coward · · Score: 5, Funny

    Haha. Frankly, usable crypto kits need security audits.

  12. Re:people ruin everything by tmosley · · Score: 5, Insightful

    No, I think people are fine. It's governments and their poorly organized systems that cause things like this. Suggest you read "The Lucifer Effect". It's not just about prison guards. That same mentality has infiltrated the NSA and most other government offices.

  13. Re:What else? by rahvin112 · · Score: 5, Informative

    The simplest explanation is that the developers simply got tired of the project and decided to abandon it. It's been years since any update and it's certainly plausible that those developers remaining simply decided it wasn't worth it to keep the project alive when no one was maintaining it. .

  14. More speculation by Lost+Race · · Score: 3, Interesting

    There's nothing in TFA that hasn't been speculated in great detail already.

    No explanation totally makes sense. Here's my working model of what happened (all speculation of course):

    The project has been gradually disintegrating over the last few years -- developers leaving and not being replaced, remaining developers having less time to spend on the project for whatever reason, and the perceived reward for fixing increasingly difficult bugs is not enough to keep people interested. It's just not fun any more.

    The to-do list has some really nasty bugs that are difficult to fix and could potentially compromise all TC containers. The remaining developers in the project have been grinding away at these bugs, but haven't made much progress for reasons outlined above. They realized that the project was going to fizzle out before they got anything fixed. A cursory look at the 7.2 code suggests that they had committed to some major rewriting of the code, and bit off more than they could chew.

    At this point, what can they do? Reporting the vulnerabilities would be irresponsible since no fixes are forthcoming. Lives depend on some of the secrets their software keeps. Best to push people gently away from TC until the problems can be fixed, if ever, while keeping the details of the vulnerabilities as secret as possible, and giving people realistic expectations about the future of TC development (i.e. none).

    They probably had a plan for creating a migration plan that actually made sense, but ran out of resources before finishing, and decided to go with what they had on hand. At this point they were probably down to one very part-time developer and maybe a few unreliable volunteers. ("Hey Jim, where's that page you were writing about Linux FDE? Jim? Hello? Anybody there?")

    There was really no good way forward with the resources remaining, so they did the best they could.

    Why didn't they find someone else to take over the project? I guess they tried, but couldn't find anyone in their immediate circle of trust who was willing and able. Perhaps they felt that expanding their circle of trust would jeopardize their anonymity.

    On the other hand....

    "WARNING: Using TrueCrypt is *not *secure *as ..."

  15. Where is the Kickstarter to re-implement it? by swb · · Score: 3, Interesting

    I'm surprised there hasn't been a Kickstarter setup to re-implement TrueCrypt from the ground up.

    What would be the dollar cost to hire a team of developers to do it?

    1. Re:Where is the Kickstarter to re-implement it? by swb · · Score: 4, Interesting

      I think it would be great for the EFF and the ACLU to sponsor it. It would immediately cause problems for someone to get ham-handed about it.

  16. Re: people ruin everything by Anonymous Coward · · Score: 5, Informative

    Link because why in the world do people use URL shorteners?

  17. Re: people ruin everything by jopsen · · Score: 5, Insightful

    Your arrogance is your assumption that you have anything to say worth recording, let alone even listening to you. What makes your personal life so relevant?

    So because my private life is utterly uninteresting, you suggest that I shouldn't care about giving up my human rights?

    The right to privacy is a human right...

    One might as well ask, why you should care about fair trails or torture, if you're not a criminal then why should you care? After all why should anybody want to torture a confession out of you?
    This is not about being personally targeted or affected, it's about basic human rights.

  18. Re:people ruin everything by Fjandr · · Score: 3, Informative

    Governments are made up of people. People are always the problem.

  19. Steve Gibson by Anonymous Coward · · Score: 4, Insightful

    Because nobody on Slashdot would intentionally visit a link to grc.com. If you want us to visit the land of raw sockets and falling skies, you're going to have to mask the destination.

    1. Re: Steve Gibson by bill_mcgonigle · · Score: 4, Funny

      If you ever tried listening to one of his podcasts you could make some informed comments. I dare you to go listen to the two recent ones on certificate revocation protocols and not come away better informed. But an informed commenter on Slashdot? My goodness that would be like the bad old days.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re: Steve Gibson by MouseTheLuckyDog · · Score: 3, Funny

      Yep. THey are right up thjere with Lucy's podcasts on how to kick a football.

    3. Re:Steve Gibson by duke_cheetah2003 · · Score: 4, Interesting

      Steve has made some mistakes in the past and over-hyped some things, but all in the all, the man means well and is genuinely interested in the welfare of computer users. If you write him off just because he's made a few poor judgments in the past, well, that's your loss. He does have generally useful information and it's presented in a non-nerdy fashion so any bonehead can make sense of it. Usually.

  20. Old code still available by mysidia · · Score: 4, Informative

    It appears grc has created page where the last final version of TrueCrypt and all source code could be downloaded.

    My hope would be that someone will fork the project and continue development for Linux, and Windows XP/2003, at least, AND preferably work on new Version of Windows.

    Bitlocker is REALLY not good enough, for most users won't have access to it -- since it is only in the ENTERPRISE version of Windows 7; in particular... Windows 7 Standard and Professional do not have the feature.

  21. Re:What else? by dcollins117 · · Score: 3, Insightful

    The simplest explanation is that the developers simply got tired of the project and decided to abandon it. It's been years since any update and it's certainly plausible that those developers remaining simply decided it wasn't worth it to keep the project alive when no one was maintaining it.

    Fine. The simplest way to do that is to put a clear and unambiguous message on their webpage staing that development is frozen at version 7.1a, and the project will no longer be maintained. Instead they gave no explanations, but very bizzare set of statements that raise more questions than they answer.

    This has the flavor of a practical joke or an unstable mind. Certainly not someone you would trust to protect your data.

    It's a shame. I really liked the application.

  22. Re: people ruin everything by symbolset · · Score: 4, Interesting

    The former CEO of USWest was sent to prison based on secret NSA data that could not be independently confirmed - or even discussed. That this happened shortly after he refused to cooperate with illegal NSA data collection is completely coincidental.

    --
    Help stamp out iliturcy.
  23. Re:Nonsence by fnj · · Score: 3, Insightful

    Mod parent up. Grandparent AC is a moron. It's the signing keys, not some nonexistant master decrypt key.

    If the thugs have the signing keys, they could have a couple of months from now themselves brought out a new "improved" (but completely compromised) 7.3 masquerading as an improved, updated, security patched TrueCrypt.

  24. Interesting... by Kythe · · Score: 3, Insightful

    ...that everyone seems to assume the Truecrypt developer(s) were in the U.S.

    --

    Kythe
  25. Re: people ruin everything by bmo · · Score: 4, Informative

    My point wasn't that privacy is not important. My point is that YOU are not important...and I'm right. You're not.

    Which is entirely beside the point.

    You are irrelevant to The Man until you become a "problem" and all this data gathering is for instant dossiers on people who become a "problem." To nail the head that sticks up.

    Privacy is a human right because without it people are unable to effect change - they remain powerless. There is nobody on the planet without a skeleton in the closet, and exposing that skeleton is what this is all really about. It's national-level Borking, to remove any kind of power from people who would oppose a police-state.

    That's why.

    You, sir, are a short-sighted douchebag and, through your apathy, an enemy to everyone on this planet.

    Ta Ta.

    --
    BMO

  26. Re: people ruin everything by Xolvix · · Score: 5, Insightful

    Not only that, but the trolling poster also made the assumption that you're not important, which is bullshit for the simple reason that we're ALL important to the people who love and care about us. We're important to someone - I'm important to my wife for example, and soon I'll be important to my newborn. Just because I'm not a politician or celebrity and hence known to thousands/millions of people doesn't mean I'm not important. It's all about spheres of influence - some are larger than others, but they still all matter.

    If the trolling poster honestly believes with such passion that you aren't important, it stands to reason they probably don't feel they are important either. If they can't find at least one person in their life who considers them important in some way... then I find that truly sad for the AC.

  27. Truecrypt - Based in the US? by Zelucifer · · Score: 3, Interesting

    Is there any proof that the contributors are even in the US and thus subject to a NSL? At least one of them seems to be from the Czech Republic (David Tesaík).

    --
    The corner of a round room
  28. Is the truth even possible? by duke_cheetah2003 · · Score: 3, Interesting

    Given the anonymous nature of the TrueCrypt developers, would we even believe someone who claimed to be a dev and gave us an explanation?

    Not sure I would. I've read a lot of different articles and comments about this ordeal and I'm frankly not sure what to believe. I'm not sure if I'd believe someone if they said they were a dev.

    I know we'd all laugh if the NSA came out publicly and said "we had nothing to do with it."

  29. Re: people ruin everything by Tom · · Score: 3, Insightful

    It's 2014, not 1914.

    If you want to fight your government - the government that spends more money on the military then everyone else in the top 5 military spending countries combined, you don't need guns. You need stealth fighters, tanks and ICBMs.

    Good luck with your "honest people defending the country against the government" fantasy.

    --
    Assorted stuff I do sometimes: Lemuria.org
  30. Re: people ruin everything by Gavagai80 · · Score: 3, Insightful

    In fact, sufficiently large non-violent protests would bring down the government -- if it can work in non-democracies like Egypt and Tunisia, it would certainly work in the USA. Guns would just provide the government with an excuse for terrorism charges.

    --
    This space intentionally left blank