[cryptography] LeastAuthority.com announces PRISM-proof storage service
nikosft at gmail.com
Thu Aug 29 08:09:41 EDT 2013
A naive comment.
In his first email Zooko states:
"S4 offers “*verifiable* end-to-end security” because all of the source
code that makes up the Simple Secure Storage Service is published for
everyone to see"
A suspicious user may wonder, how can he be sure that the service
indeed uses the provided source code. IMHO, end-to-end security can be
really verifiable--from the user perspective--if it can be attested by
examining only the source code of the applications running on the user
On Sat, Aug 17, 2013 at 11:52 AM, ianG <iang at iang.org> wrote:
> On 16/08/13 22:11 PM, zooko wrote:
>> On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
>>> Nothing really gets anyone past the enormous supply of zero-day vulns in
>>> their complete stacks. In the end I assume there's no technological PRISM
>> I agree that compromise of the client is relevant. My current belief is
>> nobody is doing this on a mass scale, pwning entire populations at once,
>> that if they do, we will find out about it.
>> My goal with the S4 product is not primarily to help people who are being
>> targeted by their enemies, but to increase the cost of indiscriminately
>> surveilling entire populations.
>> Now maybe it was a mistake to label it as "PRISM-Proof" in our press
>> and media interviews! I said that because to me "PRISM" means mass
>> of innocents. Perhaps to other people it doesn't mean that. Oops!
> My understanding of PRISM is that it is a voluntary & secret arrangement
> between the supplier and the collector (NSA) to provide direct access to all
> By 'voluntary' I mean that the supplier hands over the access, it isn't
> taken in an espionage or hacker sense, or leaked by an insider. I include
> in this various techniques of court-inspired voluntarianism as suggested by
> recent FISA theories .
> I suspect it is fair to say that something is PRISM-proof if:
> a) the system lacks the capability to provide access
> b) the operator lacks the capacity to enter into the voluntary
> arrangement, or
> c) the operator lacks the capacity to keep the arrangement (b) secret
> The principle here seems to be that if the information is encrypted on the
> server side without the keys being held or accessible by the supplier, then
> (a) is met .
> Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and
> Silent Circle. Therefore I think it is reasonable in a marketing sense to
> claim it is PRISM-proof, as long as that claim is explained in more detail
> for those who wish to research.
> In this context, one must market ones product, and one must use simple
> labels to achieve this. Otherwise the product doesn't get out there, and
> nobody is benefited.
>  E.g., the lavabit supplier can be considered to have not volunteered the
> info, and google can be considered to have not volunteered to the Chinese
>  In contrast, if an operator is offshore it would meet (b) and if an
> operator was some sort of open source distributed org where everyone saw
> where the traffic headed, it would lack (c).
>> cryptography mailing list
>> cryptography at randombit.net
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography