Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden: What Happened In 2013 Couldn't Have Happened Without Free Software (networkworld.com)

Posted by msmash on from the affinity-for-foss dept.

An anonymous reader writes from a NetworkWorld article: NSA whistleblower Edward Snowden spoke at Free Software Foundation's LibrePlanet 2016 on free software, privacy, and security. He credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects. "What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian. "I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure."

6 of 120 comments (clear)

  1. See Snowden's talk and understand nonfreedom by jbn-o · · Score: 5, Informative

    You can see Edward Snowden's talk for yourself.

    There are no configuration changes you can make, programs you can install, or other changes you can make to make proprietary (user-subjugating, nonfree) software trustworthy. It won't matter what the "privacy" settings say you can do; the proprietor has the upper hand and can easily write software to rat you out. Software freedom is a prerequisite for computer privacy and security and all of the other things that go into treating computer users ethically. All computer users deserve software freedom.

    --
    Digital Citizen
  2. Note for whiplash by Okian+Warrior · · Score: 4, Interesting

    Note the following:

    [...] citing projects like Tor, Tails (a highly secure Linux distribution) and Debian.

    "Tor" and "Debian" are well known and probably don't need explanation, while "Tails" is more obscure and has a quick explanatory note.

    This is how you do it, this is a good method. (It's in the original article.)

    Looking through the past 3 pages of Slashdot I couldn't find any examples of obscurity, but I found lots of examples of references that had a hint of help for the reader - a word of context or a placing phrase or something that illuminates the subject for the reader.

    It looks like things are getting better. Keep up the good work.

  3. Re: "Couldn't be sure" by ShanghaiBill · · Score: 5, Insightful

    With OSS you still need to trust people, but you need to trust fewer people, you know who those people are, and you can see who else trusts them. With proprietary code, there is a chain of trust that is only as strong as its weakest link. With OSS, there is a web of trust. I can look at the git log and see who wrote a particular algorithm, and I can often see what other code they have written. I can see the changes that were made later, and who made them. For many OSS projects, I can see who reviewed/audited the code. None of this is magic, and there is never a 100% assurance, but OSS has come clear advantages.

  4. Re: "Couldn't be sure" by allo · · Score: 4, Informative

    Think the other way round: try to sneak in a backdoor in opensource.

    1) You're never sure, who reads the source and finds it. And when this will happen
    2) It can probably be attributed to you in some way
    3) The big security does not come from the source alone, but from the open development process. Go, read the Linux source and look for security holes. Much work? Indeed! But now go and look at the commits from today. Read the summary, read the code, check if it seems to match, watch out for possible security hole. This can be done and this is done by many people.

    On the closed source side: You get from time to time one big update, no code at all. If you want to make yourself some work, you can try to disassamble the binary. People do so and people find security bugs and backdoors, but it's a lot more efford.

    And the third thing: If you already suspect something, you can go and read the corresponding code of the misbehaving part, while you are still without source when using closed source.

    So yeah, nobody has a guarantee for no backdoors, but it's harder to sneak one in.

  5. Re: "Couldn't be sure" by gweihir · · Score: 4, Informative

    Which is a good example how and why OSS works: It was found, documented, traced back (no sign of foul play) and fixed. What do you think would have happened in a commercial, closed library?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Re: "Couldn't be sure" by Type44Q · · Score: 4, Interesting

    There's a disinfo unit out of Fort Meade that uses low-grade nerds in uniform to overwhelm people in chatrooms when certain subjects come up; the government has openly solicited bids for software to allow these clowns to "handle multiple simultaneous chatbots and user accounts."