[Freedombox-discuss] BitTorrent Sync

Jonathan Wilkes jancsika at yahoo.com
Wed Jan 30 22:37:52 UTC 2013





----- Original Message -----
> From: Elena ``of Valhalla'' <elena.valhalla at gmail.com>
> To: freedombox-discuss at lists.alioth.debian.org
> Cc: 
> Sent: Wednesday, January 30, 2013 4:10 PM
> Subject: Re: [Freedombox-discuss] BitTorrent Sync
> 
> On 2013-01-30 at 09:28:14 -0800, 
> FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net wrote:
>>  Doesn't that assume the devices are never the subject of a search 
> warrant?
> 
> in some countries in that case simple encryption isn't enough to protect
> you, since you are also forced to reveal your password by law.
> 
> In other countries the same applies, not because you are forced 
> by the law, but because the police have no incentive not to 
> use unlawful methods to force you to reveal your password.

So because _some_ countries will use the rubber hose technique,
it's a waste of time trying to design the software to use encryption
by default, in a way that is as simple for _every_ user as "start using
this software and you are already using encryption because we
believe in security by design".

> 
> In either cases, a solution that works at the filesystem layer is 
> probably going to work better, expecially for the hiding part.

Why is it essentially useless in one domain (above) and useful in the other?

Also, please note that plausible deniability by default brings up way
more issues than encryption by default-- at least for software which doesn't
try to do both.  If someone is after my hidden partition which they believe holds
files x & y, and I give them the password that reveals a partition with file x, how
do I prove to them that I don't have file y?  On the other hand, if they're after my
synced data for software that doesn't implement deniable hiding, giving
them the encryption key clearly gives them access to that data.  It'd be even
better if the authors designed the software the _right_ way from square one--
clicking a button that just so happens to do encryption as a core part of the program
_way_ less suspicious an activity than having gone in manually and set a
flag somewhere in a config file to encrypt stuff.  "I just use this to share Anime
with my friend" is more convincing that "I just use this to share Anime with my
friend and read several pages on a wiki, learned about PGP/GPG, fired up a text
editor, changed some config files, did some troubleshooting on Google and finally
got encryption-- which I don't really need because of course I have nothing to hide."

If you're syncing with devices that can be anywhere, it makes sense to design the
system as if it's always syncing across the most hostile connection over which the
software is designed to carry data.  For free software that would deliver robust
solutions that have standard features-- which helps dissidents, as well as increase
usability-- which helps dissidents and non-technical users.  Everybody wins,
no?

-Jonathan

> 
> -- 
> Elena ``of Valhalla''
> 
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
> 



More information about the Freedombox-discuss mailing list