Hi Roman, hi Tor fans, On Thu, Jul 13, 2017 at 11:04:19AM +0500, Roman Mamedov wrote: > How can anyone trust this table in anything, when they get most basic facts > such as this wrong? This is the question. I am just an observer of this scam, but maybe I can shed some light on it. A friend of mine who reads the “Cryptography” mailing list forwarded this e-mail to me on July 3 – as a recommendation I should check out: http://www.metzdowd.com/pipermail/cryptography/2017-July/032401.html When she did this, she had not yet read grampamp's response to it: http://www.metzdowd.com/pipermail/cryptography/2017-July/032415.html When I looked at Smoke's Sourceforge site on the same day, the download area for binaries and source code contained no files at all – only empty directories. Today I can see links to GitHub repos. The source code names Alexis Megas as the sole author, e.g. here: https://github.com/textbrowser/smokestack/blob/master/SmokeStack/app/src/main/java/org/purple/smokestack/Cryptography.java Alexis Megas also seems to be associated with the suspicious GoldBug software, as grarpamp found out: https://lists.cpunks.org/pipermail/cypherpunks/2014-October/005633.html https://lists.torproject.org/pipermail/tor-talk/2014-September/034897.html So I do not think it is a coincidence that Smoke and Goldbug score so many points on Smoke's “scorecard” – the evaluation is rigged in their favor. Even those claims on that table that can be checked independently are often false. As Roman mentioned, Telegram's client is open source, and I can add that Conversations does not cost a dime if you download the binary via F-Droid. The reason why I called GoldBug suspicious is that I looked at the “audit” you can still find on GoldBug's website in English and German <https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf> as well as in WikiBooks (which has poor quality control): https://en.wikibooks.org/wiki/Big_Seven_Crypto_Study Grarpamp pointed out that the two people named as authors seem to never have published anything else. I doubt they even exist. I like this diagram: https://en.wikibooks.org/wiki/Big_Seven_Crypto_Study#/media/File:Figure_37_BIG_SEVEN_Open_Source_Crypto-Messenger_Overview.png This is obviously neither a scientific study nor a security audit nor a fair comparison, but somehow, not enough people noticed or complained about it. Too many distractions these days, I guess. Cheers, C: -- Christian Pietsch | volunteering for Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany https://digitalcourage.de | https://bigbrotherawards.de How to avoid Google https://pad.okfn.org/p/google_alternatives
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk