As to silent circle: you have no evidence that silent circle is compromised
...and there is no evidence that it is not. Worse, it is impossible for anyone to really check given its closed source nature which leads back to the whole basis for the news story and the evidence presented within. Further, Silent Circle have released select source code samples however journalists covering the company have assumed or been led to believe that their products is full open source peer reviewed - when it has not been - dishonest.
Fear: that you can't trust Schneier... Doubt: maybe Schneier has a hidden agenda
Clearly a a straw man argument there. I never said or implied that you can't trust Schneier or that he has a hidden agenda. What I did imply and question, very clearly, was his recommendation of a questionable product - right after talking about why we can no longer trust these kinds of products, to quote:
As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.
As a widely read and listened to high profile security professional that many people take seriously (including myself) he does have a a heavy responsibility to be forthcoming when he recommends security software to people. Instead of just blurting out that he uses Silent Circle (and so you should too) he could have taken his responsibility more seriously and written something like: "Silent Circle, it is closed source and the news I am writing about todays shows that it falls into the high risk category - but it is the only thing we have got until it is open sourced and reviewed, or another FOSS competitor comes along. Use at your own risk don't use it with a false sense of security.".
Am I asking too much or spreading "FUD" - I don't think so.
Impossible I am not so sure. Less probable might be more accurate for the situation you describe - it might just take longer but the chance of discovering the security flaw is still there. Even if it is not discovered directly all it takes is one compromised system to have everyone jumping on the code to review it. If this news is to be believed, choosing any major US/UK proprietary security product now means that there is no defense or offense - you have lost outright from the start. So I think informed decision makers when it comes to security software concerns will begin to migrate away from closed source now that the cat is out of the bag... only time will tell.
You cannot compile the Silent Circle product from that source code sample (and that is all it is, a sample). Silent Circle tells all journalists that the sample is all the source code (or they incorrectly get that opinion and write about the product as if it is fully open source) - which is not true and creates distrust.
Yes this - it is the only conclusion I can think of as well. However if your a high profile security expert going to start making recommendations to people you really have the utmost responsibility to point this out. Something like: "Silent Circle, it is closed source and the news I am writing about todays shows that we just cannot trust it but it is the only thing we have got until it is open sourced and reviewed, or another FOSS competitor comes along. Use at your own risk don't use it with a false sense of security."
I posted FUD - Please elaborate? I called into question his promotion of Silent Circle - a US based closed source company, that todays news and Schneier himself repeats: all major closed source security software providers are the target of NSA pressure and to insert backdoors, weaken their algorithms, expose their keys etc etc. If I misinterpreted something or posted FUD please feel free to articulate exactly where, thanks.
They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail". Or/and they can just just hire someone to contribute code that has security flaws.
And in the extremely unlikely event that anyone spots the bas code, just replace it with something else 2 days latter.
Yes they could, and probably do. However your leap to the conclusion that it is extremely unlikely that anyone spots code change is not correct. Thousands of people, even millions for the more successful products will update their source code repositories - the exact lines of source code that have changed will be highly visible to many people - and a subset of those will be security professionals and they are _very_ interested in any changes to the base code of their main security tools. You just proposing that we close our eyes download a binary and trust it instead. To reiterate: todays news has told us just how far the NSA has gone to compromise ALL MAJOR proprietary closed source security tools. All of them.
I dispute that these vigilantes should decide what should be "declassified" or what isn't.... I just strongly object to the methods being used by the anti-secrecy crowd, and I don't trust their motivations at all.
That is a fair enough opinion and nobody can argue with it, it is good to have a healthy dose of skepticism about any information that is presented to us via any channel. However what is more difficult to dispute is when a leaked document reveals heinous war crimes - should focusing on the messenger still be more important than a message of that significance? Also remember that Washington leaks information all the time (for example the Bin Laden operation) - why are leaks that expose crimes be worse than leaks that make the president look good? To most people that just reeks of hypocrisy.
The usual reply to this logic is "what war crimes, there were no war crimes exposed - but look over there - Assange is a narcicist and Manning is a traitor!!". However even a basic search and read of the documents they destroyed their lives to bring to us show that this claim is absolutely false:
Revelations from the Afghanistan and Iraq war logs detailed the use of paramilitary death squads, complicity in the torture of Iraqi citizens, the indiscriminate killing of civilians by private military contractors and many other abuses. Meanwhile, the leaked State Department cables brought to light scores of secret drone strikes in countries we are not even at war with, and uncovered the collusion between the U.S. and Yemini governments to lie about American responsibility for the massacre of 41 people in the Al-Majalah region. They also revealed U.S. interference with judicial efforts in Spain to investigate the Bush administration's torture practices. In Tunisia, leaks exposing the opulence and corruption of Ben Ali's government were a catalyst for the revolution that brought down the repressive regime and ignited other pro-democracy movements throughout the Arab world. The list could go on but the point is simple: it would have been a disservice to democracy to withhold this important information.
But if you do release all your source then someone can take all you hard work and then undercut you on price in the case of something like silent circle where you are selling a service not a product. Alternative people can take your source and just use it in house to roll their own solution. In both of these cases nobody pays you a penny and you go broke real fast.
Yes and yes. So it is more $$$ Vs more security/customer (and leechers) confidence in your product decision. This latest round of news will galvanize a new round of "If it is not open source it cannot be trusted" thinking so closed and partially closed source companies may now start to sell less sales - the balance is tipping in favor of coming clean, opening up all the source and selling your professional services on the side. Yes less $$$, but I think that is going to happen anyway now that anyone who is paying attention will start to steer clear of closed source security products.
Oh, and the rout many companies seem to take of partially opening their source or showing source to companies who sign NDA's just does not cut it - it does not allow widespread many eyes peer review of the source over a long period so is little better than fully closed source.
I agree that peer review is no panacea and that open-source is at significant risk too. however open peer review is sure better than no open review. Silent Circle could easily continue to sell their services to the US and UK government AND fully open source the code. Why dont they? More $$$ instead of more security, more likely - not a good sign.
Also your logic that they sell their software to the US and UK government so the NSA would not want to backdoor it does not hold up to scrutiny. How do we know that the NSA does not buy 10K worth a licenses - hardly a blip on their budget - just to shelve and never use them. In exchange the Silent Circle product is backed doored through gag orders, threats, coercion and/or covertly subverted (all things we know they now do, regularly). How do we know that the binary we get is not different than the binary the NSA gets - because their sales team told us?
There is no way around it anymore - if your a company providing security products and your not full open source, and that source has not been stable and well reviewed for some time, then your product cannot be trusted no matter how many famous upstanding people are on your board of directors or licenses the US/UK Gov buys from you.
All fair points. Gag orders are gag orders however and they do not care for big famous names. If it does not have peer reviewed source code hanging out there - how can we trust it especially given this latest bombshell of a revelation showing just how far they are willing to go to "undermine the social contract" of the Internet?
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
let me reproduce this informative message posted to the comment section of the article:
I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.
But I am not sure about some of the security mobs he is advocating here.
GPG: OK, clever people can read the source code (though most average Joe programmers can't)
Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.
Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.
OTR: Same as GPG as the source code is available.
Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.
Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.
But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.
I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.
See my post in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
See my post in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
See my post here in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
let me reproduce this message posted to the comment section of the second link you posted.
I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.
But I am not sure about some of the security mobs he is advocating here.
GPG: OK, clever people can read the source code (though most average Joe programmers can't)
Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.
Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.
OTR: Same as GPG as the source code is available.
Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.
Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.
But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.
I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.
Now, how many people have stopped using them [banks] as a result?
Can't hate them that badly, can they?
Perhaps just feeding a troll I know, however just in case thank you for letting me clarify the title of my original post: "Few Alternatives... for now.".
"Few" - as in none existent competition for the big banks
"Alternatives" - to the banking industry... we have to use them as you yourself have noted minus perhaps the irony.
"for now" - Entrepreneurs and/or talented geeks driven by a great need to get some creative destruction going in the financial sector.
The Harris poll asks consumers for their opinions on six key attributes of the 60 ‘most visible’ corporations in the United States. Rating companies’ social responsibility, emotional appeal, products and services, workplace environment, financial performance and vision and leadership, the Harris RQ survey seeks to get a snapshot of corporate America’s reputation among consumers.... Banking and financial services scored terribly.
...
But the banking sector has screamed up the charts, and not counting the always-hated federal government, it was No. 2 with a bullet as of Gallup's most recent poll, taken way back in August 2012. Fifty-three percent of Americans surveyed had a negative view of banks in that poll, up from just 18 percent in 2007, before the crisis. The percentage of people with a positive view of banking has plunged to 25 percent from 50 percent in 2007.
The sheer amount of hate that banks, financial services and operators like Paypal have generated in the population at large is amazing. Exorbitant fees, slow transfers, arrogant customer service, publicly funded bailouts for amounts that almost defy imagination, systematic fraud reaching to the the highest levels of most governments of the world, few to no prosecutions of financial crime - the world of finance and banking it is a stagnated corrupt market that needs some serious competition, a bright light and a clean sweep.
Bitcoin is a tiny flicker of a spark in the dark rotten world of finance - not even in its infancy. Sure like any currency it can be stolen or used and abused to perpetrate fraud. Sure it is damn inconvenient to use or exchange, hardly anybody accepts it - but despite all this there is an army of people and entrepreneurs, early adopters with more joining every day that are willing to bend over backwards and work through the teething problems simply because it could almost possibly eventually bring much needed change to the almighty financial sector to which our economies now serve (as apposed to the other way around).
If you think mass media can drum up a propaganda campaign so the Military Industrial Complex can have their profitable wars, wait till you see how far and loud the corporate media "journalists" will willing to go when the financial sector stands to lose absolute monopoly over our currency for online global payments.
First they ignore you, then they laugh at you, then they fight you, then you win.
That was the official story from 1964 until the start of this century when...
This account, however, has come into sharp dispute with an internal NSA historical study[7] which stated on page 17:
At 1500G, Captain Herrick (commander of the Maddox) ordered Ogier's gun crews to open fire if the boats approached within ten thousand yards. At about 1505G, the Maddox fired three rounds to warn off the communist boats. This initial action was never reported by the Johnson administration, which insisted that the Vietnamese boats fired first.[7]
The Maddox when confronted, was approaching Hòn Mê Island, three to four miles (6 km) inside the twelve-mile (19 km) limit claimed by North Vietnam. This territorial limit was unrecognized by the United States. After the skirmish, President Johnson ordered the Maddox and Turner Joy to stage daylight runs into North Vietnamese waters, testing the twelve-mile (19 km) limit and North Vietnamese resolve. These runs into North Vietnamese territorial waters coincided with South Vietnamese coastal raids and were interpreted as coordinated operations by the North, which officially acknowledged the engagements of 2 August 1964.[22]
So please, if you have issues with the historical account as it currently stands, take it up with the professional historians - plenty of them standing by on wikipedia and elsewhere to rip your blatant fact manipulation to shreds. Also lets not get into the long list of other false flag operations that have been used to start wars - not like it is anything new.
From the link I posted: "President Johnson ordered the Maddox and Turner Joy to stage daylight runs into North Vietnamese waters, testing the twelve-mile (19 km) limit and North Vietnamese resolve.". If that is not provoking an attack with the aim of starting a war, Id like to know what is. So yes thank you - the first "attack" also supports the case.
For someone accusing others of misleading, your sure going out of your way to mislead people yourself.
Probably because of this, right at the top of the link:
In 2005, an internal National Security Agency historical study was declassified; it concluded[7] that the Maddox had engaged the North Vietnamese Navy on August 2, but that there were no North Vietnamese Naval vessels present during the incident of August 4. The report stated regarding August 2:
At 1505G, Captain Herrick ordered Ogier's gun crews to open fire if the boats approached within ten thousand yards. At about 1505G, the Maddox fired three rounds to warn off the communist boats. This initial action was never reported by the Johnson administration, which insisted that the Vietnamese boats fired first.[7]
Yeah I agree the hacked email story does not look very credible.
The risk to president Obama that would come from giving the rebels chemical weapons is through the roof. The benefit is at best tiny. Just not in the cards folks.
Same logic could apply to Syria's leadership. What strategic military importance was there to using chemical weapons on a remote village full of civilians Vs the enormous risk of UN invasion by using them. I suspect the most likely suspects behind the attack are third parties that stand to gain by an invasion (i.e. not US, not current Syrian regime either).
Intimidate? More like trying to provoke an attack - better to claim the moral high ground over blatantly starting what will be a very bloody high civilian casualty war. "We were just running an innocent missile test, and they attacked us...". Echo's of the Gulf of Tonkin Incident...
Slashdot Mirror
Uncertainty: you can't trust closed source software
Schneier is talking about and responding to a news story is exactly about this - with examples right from the mouth of the NSA.
As to silent circle: you have no evidence that silent circle is compromised
...and there is no evidence that it is not. Worse, it is impossible for anyone to really check given its closed source nature which leads back to the whole basis for the news story and the evidence presented within. Further, Silent Circle have released select source code samples however journalists covering the company have assumed or been led to believe that their products is full open source peer reviewed - when it has not been - dishonest.
Fear: that you can't trust Schneier ... Doubt: maybe Schneier has a hidden agenda
Clearly a a straw man argument there. I never said or implied that you can't trust Schneier or that he has a hidden agenda. What I did imply and question, very clearly, was his recommendation of a questionable product - right after talking about why we can no longer trust these kinds of products, to quote:
As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.
As a widely read and listened to high profile security professional that many people take seriously (including myself) he does have a a heavy responsibility to be forthcoming when he recommends security software to people. Instead of just blurting out that he uses Silent Circle (and so you should too) he could have taken his responsibility more seriously and written something like: "Silent Circle, it is closed source and the news I am writing about todays shows that it falls into the high risk category - but it is the only thing we have got until it is open sourced and reviewed, or another FOSS competitor comes along. Use at your own risk don't use it with a false sense of security.".
Am I asking too much or spreading "FUD" - I don't think so.
Impossible I am not so sure. Less probable might be more accurate for the situation you describe - it might just take longer but the chance of discovering the security flaw is still there. Even if it is not discovered directly all it takes is one compromised system to have everyone jumping on the code to review it. If this news is to be believed, choosing any major US/UK proprietary security product now means that there is no defense or offense - you have lost outright from the start. So I think informed decision makers when it comes to security software concerns will begin to migrate away from closed source now that the cat is out of the bag... only time will tell.
You cannot compile the Silent Circle product from that source code sample (and that is all it is, a sample). Silent Circle tells all journalists that the sample is all the source code (or they incorrectly get that opinion and write about the product as if it is fully open source) - which is not true and creates distrust.
Yes this - it is the only conclusion I can think of as well. However if your a high profile security expert going to start making recommendations to people you really have the utmost responsibility to point this out. Something like: "Silent Circle, it is closed source and the news I am writing about todays shows that we just cannot trust it but it is the only thing we have got until it is open sourced and reviewed, or another FOSS competitor comes along. Use at your own risk don't use it with a false sense of security."
I posted FUD - Please elaborate? I called into question his promotion of Silent Circle - a US based closed source company, that todays news and Schneier himself repeats: all major closed source security software providers are the target of NSA pressure and to insert backdoors, weaken their algorithms, expose their keys etc etc. If I misinterpreted something or posted FUD please feel free to articulate exactly where, thanks.
They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail". Or/and they can just just hire someone to contribute code that has security flaws.
And in the extremely unlikely event that anyone spots the bas code, just replace it with something else 2 days latter.
Yes they could, and probably do. However your leap to the conclusion that it is extremely unlikely that anyone spots code change is not correct. Thousands of people, even millions for the more successful products will update their source code repositories - the exact lines of source code that have changed will be highly visible to many people - and a subset of those will be security professionals and they are _very_ interested in any changes to the base code of their main security tools. You just proposing that we close our eyes download a binary and trust it instead. To reiterate: todays news has told us just how far the NSA has gone to compromise ALL MAJOR proprietary closed source security tools. All of them.
I dispute that these vigilantes should decide what should be "declassified" or what isn't.... I just strongly object to the methods being used by the anti-secrecy crowd, and I don't trust their motivations at all.
That is a fair enough opinion and nobody can argue with it, it is good to have a healthy dose of skepticism about any information that is presented to us via any channel. However what is more difficult to dispute is when a leaked document reveals heinous war crimes - should focusing on the messenger still be more important than a message of that significance? Also remember that Washington leaks information all the time (for example the Bin Laden operation) - why are leaks that expose crimes be worse than leaks that make the president look good? To most people that just reeks of hypocrisy.
The usual reply to this logic is "what war crimes, there were no war crimes exposed - but look over there - Assange is a narcicist and Manning is a traitor!!". However even a basic search and read of the documents they destroyed their lives to bring to us show that this claim is absolutely false:
Revelations from the Afghanistan and Iraq war logs detailed the use of paramilitary death squads, complicity in the torture of Iraqi citizens, the indiscriminate killing of civilians by private military contractors and many other abuses. Meanwhile, the leaked State Department cables brought to light scores of secret drone strikes in countries we are not even at war with, and uncovered the collusion between the U.S. and Yemini governments to lie about American responsibility for the massacre of 41 people in the Al-Majalah region. They also revealed U.S. interference with judicial efforts in Spain to investigate the Bush administration's torture practices. In Tunisia, leaks exposing the opulence and corruption of Ben Ali's government were a catalyst for the revolution that brought down the repressive regime and ignited other pro-democracy movements throughout the Arab world. The list could go on but the point is simple: it would have been a disservice to democracy to withhold this important information.
Sorry your right I mixed up his article links. Here is the one I was quoting: "How to remain secure against NSA surveillance"
But if you do release all your source then someone can take all you hard work and then undercut you on price in the case of something like silent circle where you are selling a service not a product. Alternative people can take your source and just use it in house to roll their own solution. In both of these cases nobody pays you a penny and you go broke real fast.
Yes and yes. So it is more $$$ Vs more security/customer (and leechers) confidence in your product decision. This latest round of news will galvanize a new round of "If it is not open source it cannot be trusted" thinking so closed and partially closed source companies may now start to sell less sales - the balance is tipping in favor of coming clean, opening up all the source and selling your professional services on the side. Yes less $$$, but I think that is going to happen anyway now that anyone who is paying attention will start to steer clear of closed source security products.
Oh, and the rout many companies seem to take of partially opening their source or showing source to companies who sign NDA's just does not cut it - it does not allow widespread many eyes peer review of the source over a long period so is little better than fully closed source.
I agree that peer review is no panacea and that open-source is at significant risk too. however open peer review is sure better than no open review. Silent Circle could easily continue to sell their services to the US and UK government AND fully open source the code. Why dont they? More $$$ instead of more security, more likely - not a good sign.
Also your logic that they sell their software to the US and UK government so the NSA would not want to backdoor it does not hold up to scrutiny. How do we know that the NSA does not buy 10K worth a licenses - hardly a blip on their budget - just to shelve and never use them. In exchange the Silent Circle product is backed doored through gag orders, threats, coercion and/or covertly subverted (all things we know they now do, regularly). How do we know that the binary we get is not different than the binary the NSA gets - because their sales team told us?
There is no way around it anymore - if your a company providing security products and your not full open source, and that source has not been stable and well reviewed for some time, then your product cannot be trusted no matter how many famous upstanding people are on your board of directors or licenses the US/UK Gov buys from you.
All fair points. Gag orders are gag orders however and they do not care for big famous names. If it does not have peer reviewed source code hanging out there - how can we trust it especially given this latest bombshell of a revelation showing just how far they are willing to go to "undermine the social contract" of the Internet?
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
let me reproduce this informative message posted to the comment section of the article:
I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.
But I am not sure about some of the security mobs he is advocating here.
GPG: OK, clever people can read the source code (though most average Joe programmers can't)
Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.
Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.
OTR: Same as GPG as the source code is available.
Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.
Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.
But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.
I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.
See my post in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
See my post in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
See my post here in this thread.. I don't understand how Bruce Schneier can recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???
let me reproduce this message posted to the comment section of the second link you posted.
I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.
But I am not sure about some of the security mobs he is advocating here.
GPG: OK, clever people can read the source code (though most average Joe programmers can't)
Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.
Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.
OTR: Same as GPG as the source code is available.
Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.
Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.
But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.
I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.
Now, how many people have stopped using them [banks] as a result?
Can't hate them that badly, can they?
Perhaps just feeding a troll I know, however just in case thank you for letting me clarify the title of my original post: "Few Alternatives... for now.".
"Few" - as in none existent competition for the big banks
"Alternatives" - to the banking industry... we have to use them as you yourself have noted minus perhaps the irony.
"for now" - Entrepreneurs and/or talented geeks driven by a great need to get some creative destruction going in the financial sector.
Don't confuse your little corner of the internet with the real world. In the real world, you're a tempest in a teacup, son.
Right [1], back [2], at ya [3], son.
[1] The 2012 Harris Poll Annual Public Summary Report (PDF)
[2] Banking Stinks Like Cigarettes and Politics: Survey Shows Contempt for Industry
[3] Banking Sector Is Slowly Replacing Big Oil As The Most Hated Industry
The Harris poll asks consumers for their opinions on six key attributes of the 60 ‘most visible’ corporations in the United States. Rating companies’ social responsibility, emotional appeal, products and services, workplace environment, financial performance and vision and leadership, the Harris RQ survey seeks to get a snapshot of corporate America’s reputation among consumers.... Banking and financial services scored terribly.
...
But the banking sector has screamed up the charts, and not counting the always-hated federal government, it was No. 2 with a bullet as of Gallup's most recent poll, taken way back in August 2012. Fifty-three percent of Americans surveyed had a negative view of banks in that poll, up from just 18 percent in 2007, before the crisis. The percentage of people with a positive view of banking has plunged to 25 percent from 50 percent in 2007.
The sheer amount of hate that banks, financial services and operators like Paypal have generated in the population at large is amazing. Exorbitant fees, slow transfers, arrogant customer service, publicly funded bailouts for amounts that almost defy imagination, systematic fraud reaching to the the highest levels of most governments of the world, few to no prosecutions of financial crime - the world of finance and banking it is a stagnated corrupt market that needs some serious competition, a bright light and a clean sweep.
Bitcoin is a tiny flicker of a spark in the dark rotten world of finance - not even in its infancy. Sure like any currency it can be stolen or used and abused to perpetrate fraud. Sure it is damn inconvenient to use or exchange, hardly anybody accepts it - but despite all this there is an army of people and entrepreneurs, early adopters with more joining every day that are willing to bend over backwards and work through the teething problems simply because it could almost possibly eventually bring much needed change to the almighty financial sector to which our economies now serve (as apposed to the other way around).
If you think mass media can drum up a propaganda campaign so the Military Industrial Complex can have their profitable wars, wait till you see how far and loud the corporate media "journalists" will willing to go when the financial sector stands to lose absolute monopoly over our currency for online global payments.
First they ignore you, then they laugh at you, then they fight you, then you win.
Who is al Qaida to you? ...Who do you think they are? Friend? Enemy? No idea? Don't want to take sides?
You should take that question to Obama, congress. As this post above, so graciously points out:
"Al Qaeda" is a term of convenience. The Libyan "rebels" were 70+ % Jihadi "Al Qaeda".
The Syrian "opposition" is 80+ % "Al Qaeda" - funded by Qatar and Saudi, for the same regional purposes, with a generous assist from these CIA heroes, that you rush to defend.
http://syriareport.net/fsa-al-qaeda-fighting-under-the-one-flag/
http://www.cfr.org/syria/al-qaedas-specter-syria/p28782
http://rt.com/news/qaeda-militants-kill-fsa-commander-979/ [rt.com]
They laugh at your ignorance, and they count on it.
This account, however, has come into sharp dispute with an internal NSA historical study[7] which stated on page 17:
At 1500G, Captain Herrick (commander of the Maddox) ordered Ogier's gun crews to open fire if the boats approached within ten thousand yards. At about 1505G, the Maddox fired three rounds to warn off the communist boats. This initial action was never reported by the Johnson administration, which insisted that the Vietnamese boats fired first.[7]
The Maddox when confronted, was approaching Hòn Mê Island, three to four miles (6 km) inside the twelve-mile (19 km) limit claimed by North Vietnam. This territorial limit was unrecognized by the United States. After the skirmish, President Johnson ordered the Maddox and Turner Joy to stage daylight runs into North Vietnamese waters, testing the twelve-mile (19 km) limit and North Vietnamese resolve. These runs into North Vietnamese territorial waters coincided with South Vietnamese coastal raids and were interpreted as coordinated operations by the North, which officially acknowledged the engagements of 2 August 1964.[22]
So please, if you have issues with the historical account as it currently stands, take it up with the professional historians - plenty of them standing by on wikipedia and elsewhere to rip your blatant fact manipulation to shreds. Also lets not get into the long list of other false flag operations that have been used to start wars - not like it is anything new.
For someone accusing others of misleading, your sure going out of your way to mislead people yourself.
Probably because of this, right at the top of the link:
In 2005, an internal National Security Agency historical study was declassified; it concluded[7] that the Maddox had engaged the North Vietnamese Navy on August 2, but that there were no North Vietnamese Naval vessels present during the incident of August 4. The report stated regarding August 2:
At 1505G, Captain Herrick ordered Ogier's gun crews to open fire if the boats approached within ten thousand yards. At about 1505G, the Maddox fired three rounds to warn off the communist boats. This initial action was never reported by the Johnson administration, which insisted that the Vietnamese boats fired first.[7]
Who is trying to mislead, then?
The risk to president Obama that would come from giving the rebels chemical weapons is through the roof. The benefit is at best tiny. Just not in the cards folks.
Same logic could apply to Syria's leadership. What strategic military importance was there to using chemical weapons on a remote village full of civilians Vs the enormous risk of UN invasion by using them. I suspect the most likely suspects behind the attack are third parties that stand to gain by an invasion (i.e. not US, not current Syrian regime either).
Intimidate? More like trying to provoke an attack - better to claim the moral high ground over blatantly starting what will be a very bloody high civilian casualty war. "We were just running an innocent missile test, and they attacked us...". Echo's of the Gulf of Tonkin Incident...