Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden: What Happened In 2013 Couldn't Have Happened Without Free Software (networkworld.com)

Posted by msmash on from the affinity-for-foss dept.

An anonymous reader writes from a NetworkWorld article: NSA whistleblower Edward Snowden spoke at Free Software Foundation's LibrePlanet 2016 on free software, privacy, and security. He credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects. "What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian. "I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure."

14 of 120 comments (clear)

  1. Re: "Couldn't be sure" by Type44Q · · Score: 2

    No but other people have. Your strawman not withstanding, the biggest problem is backdoored hardware, proprietary binary blobs and cellular sideband processors...

  2. Soon... War on Open Source by r0kk3rz · · Score: 3, Insightful

    Thanks Snowden for pointing this out, now we will see a movement against open source software because it aids terrorists, just like unlockable iphones or other means of secure communications.

  3. See Snowden's talk and understand nonfreedom by jbn-o · · Score: 5, Informative

    You can see Edward Snowden's talk for yourself.

    There are no configuration changes you can make, programs you can install, or other changes you can make to make proprietary (user-subjugating, nonfree) software trustworthy. It won't matter what the "privacy" settings say you can do; the proprietor has the upper hand and can easily write software to rat you out. Software freedom is a prerequisite for computer privacy and security and all of the other things that go into treating computer users ethically. All computer users deserve software freedom.

    --
    Digital Citizen
  4. Note for whiplash by Okian+Warrior · · Score: 4, Interesting

    Note the following:

    [...] citing projects like Tor, Tails (a highly secure Linux distribution) and Debian.

    "Tor" and "Debian" are well known and probably don't need explanation, while "Tails" is more obscure and has a quick explanatory note.

    This is how you do it, this is a good method. (It's in the original article.)

    Looking through the past 3 pages of Slashdot I couldn't find any examples of obscurity, but I found lots of examples of references that had a hint of help for the reader - a word of context or a placing phrase or something that illuminates the subject for the reader.

    It looks like things are getting better. Keep up the good work.

  5. Re: "Couldn't be sure" by ShanghaiBill · · Score: 5, Insightful

    With OSS you still need to trust people, but you need to trust fewer people, you know who those people are, and you can see who else trusts them. With proprietary code, there is a chain of trust that is only as strong as its weakest link. With OSS, there is a web of trust. I can look at the git log and see who wrote a particular algorithm, and I can often see what other code they have written. I can see the changes that were made later, and who made them. For many OSS projects, I can see who reviewed/audited the code. None of this is magic, and there is never a 100% assurance, but OSS has come clear advantages.

  6. Re: "Couldn't be sure" by im_thatoneguy · · Score: 2, Insightful

    And yet.. Heartbleed.

  7. Re: "Couldn't be sure" by allo · · Score: 4, Informative

    Think the other way round: try to sneak in a backdoor in opensource.

    1) You're never sure, who reads the source and finds it. And when this will happen
    2) It can probably be attributed to you in some way
    3) The big security does not come from the source alone, but from the open development process. Go, read the Linux source and look for security holes. Much work? Indeed! But now go and look at the commits from today. Read the summary, read the code, check if it seems to match, watch out for possible security hole. This can be done and this is done by many people.

    On the closed source side: You get from time to time one big update, no code at all. If you want to make yourself some work, you can try to disassamble the binary. People do so and people find security bugs and backdoors, but it's a lot more efford.

    And the third thing: If you already suspect something, you can go and read the corresponding code of the misbehaving part, while you are still without source when using closed source.

    So yeah, nobody has a guarantee for no backdoors, but it's harder to sneak one in.

  8. Re: "Couldn't be sure" by gweihir · · Score: 4, Informative

    Which is a good example how and why OSS works: It was found, documented, traced back (no sign of foul play) and fixed. What do you think would have happened in a commercial, closed library?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  9. Re: "Couldn't be sure" by ShanghaiBill · · Score: 2

    But that proves my point that having the source code helps to find bugs

    They don't want the source code to "find bugs". They want the source code so they can modify the source, insert backdoors, and install/distribute the compromised binaries ... like they did with Cisco switches and Xerox printers.

  10. Re: "Couldn't be sure" by ShanghaiBill · · Score: 3, Insightful

    In commercial software it would be found, documented, traced back, and fixed.

    Only if the company made it a priority and budgeted for it. Then it would be rolled into the next release, which may not come for months, or even years. Oh, and the next release will only be installed by users that can afford the upgrade fee.

  11. Make A Bet by JimSadler · · Score: 3, Informative

    I would be shocked if the government did not have all kinds of stuff planted in Microsoft products. And that can lead to very dangerous actions. Suppose, as an example that the government becomes informed of a very dangerous criminal due to bugs planted in an OS or browser. But it is obvious that making an arrest would reveal the existence of that bug. People could be made to vanish and never be heard from again. The problem is it could be someone else that used your computer. With no open trials taht could be a very real problem.

  12. Re: "Couldn't be sure" by Type44Q · · Score: 4, Interesting

    There's a disinfo unit out of Fort Meade that uses low-grade nerds in uniform to overwhelm people in chatrooms when certain subjects come up; the government has openly solicited bids for software to allow these clowns to "handle multiple simultaneous chatbots and user accounts."

  13. Re:links? by Pseudonym · · Score: 2

    Sure! It's secure-free-software-here.totally-not-the-nsa.gov.sorry-i-mean.org

    --
    sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  14. Re: "Couldn't be sure" by cold+fjord · · Score: 2

    It looks to me like "Type44Q" is confused about this program that has been previously discussed on Slashdot IIRC:

    U.S. Central Command 'friending' the enemy in psychological war

    Not really what is implied by him.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell