On Oct 9, 2013, at 7:41 PM, Thinker Rix <[email protected]> wrote:
> We all know that the governments currently force on a daily base one company > after the other to comply to their New World > Order-Orwellian-global-surveillance phantasies and make them compromise their > software or service. So I find it absolutely NECESSARY to clear out if > pfSense has fallen (already) to them, or not. Network security is THE major > reason for using pfSense. So it should be the most important question for all > of us, isn't it? > > By my comprehension, everyone who says that this is a silly question or that > it is some unimportant thought no one should further bother thinking about in > detail, is either confused, or trying to conceal something. You just want to have a discussion. Perhaps it makes you feel important, I don’t know. Your Alex Jonesian “New World Odor” rhetoric is tiring. Your NECESSARY discussion is not, because in the end analysis the discussion you want to have is orthogonal to the subject. You should instead only depend on you and your tools to ensure your security. Asking me (or Chris, or Jamie) to answer the question puts everyone in a position where nothing can be learned, so it is useless, rather than NECESSARY. Until you understand and accept this, your messages are mere platitudes. Look, The integrity and bravery Ladar Levison has shown in his fight is impressive. He has definitely earned enough "cred" to restart his business outside the US and be very successful, but my hope is that he does not. We should celebrate Ladar for making the decision to put himself at risk in order to protect his users, but I think we should be careful not to forget that Ladar was forced to make that decision because the security of Lavabit was all a complete and total hand wave. There are already technologies such as PGP, S/MIME, smart cards, and the dozens of other ways we can have secure email without relying on a trusted third party such as Lavabit. Lavabit could respond to a demand for plaintext, if Ladar were willing to do so (and in the end, he was, for a particular user); on the other hand, Google cannot give anyone access to the plaintexts of S/MIME encrypted messages that I send through their servers because of technical barriers. That is the point of doing your encryption locally, and that is why security and privacy are not, and never will be, a service.(*) This wasn't untested water, either. The exact same thing happened to Hushmail in 2007 for the exact same reason, and should have been evidence enough that the model isn't viable, even for a non-US company. http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ So again, I think we should definitely support Ladar as a person, but we also need to be careful not to confuse that with supporting Lavabit, (the company) which was a very real danger that should never be repeated again (again). How you interpret this and subsequently apply it to ESF and/or pfSense is up to you. Jim (*) if you think about it for very long, it also shows that Snowden is not the Ür-hacker than the press wants to make him. His communications via Lavabit only gave the appearance of security, and he wasn’t smart enough to understand same. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
