[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] GoldBug SF projects [was: Bittorrent Bleep]
On Mon, Sep 22, 2014 at 2:55 AM, grarpamp <grarpamp@xxxxxxxxx> wrote:
>> https://cpunks.org//pipermail/cypherpunks/2014-September/005507.html
>
> Reply in thread please.
>
>> the point was that I would not use bleep messenger from bittorrent, as
>> it is not open source.
>
> The point in this particular thread is... that since day one you
> and your project developers are ignoring real concerns being raised
> about your apparent cluster of projects.
>
>> Others like the one you did a research on might
>> be worth for further testings, either by the binaries
>
>> Why don' t you test the binaries?
>
>> 7) Ask a friend [...] to use the binaries: exchange keys,
>> and chat. Done. All is encrypted and you never need to exchange keys.
>
> Your repeated classic dodge... suggesting that people run blobs
> instead of answering the question.
>
> The 'research' was posted to throw up red flags about these projects
> for anyone searching so the can see and form their own opinion.
>
> The world does not need more closed source.
> And it does not need more non-reproducible binaries.
> ESPECIALLY from software projects claiming to protect users privacy
> through encryption, and further enticing the masses to run them by
> putting cute little doggies on the tin.
>
>> The source and the binaries might not be machting from hash,
>> because if you know source projects, the source might be corrected
>> on one or two files even when the binaries have been build.
>
> Fix your code then. Reproducible builds are a MUST for any
> security/privacy project like yours.
>
>> So better build the software from source and use your own binaries.
>> I would suggest to build the crypto core first, which is spot-on.
>
>> I cannot help you with compile firefloo messenger on linux or
>> windows, as I have not done this yet.
>
> I'm not going to waste time attempting to build stuff that apparently
> no one but you and or your devs have been able to build. And I'm
> not going to waste time disassembling the binaries either.
>
> Post your SHA-256 reproducible build instructions on the wiki's for
> your projects. Then ask for build confirmation/review from the
> community.
>
>
> Until you either ...
>
> A) Quit distributing binaries
> or
> B) Tell people in a COMPILING doc included in the sources how to
> make binaries that SHA-256 match the ones you distribute
>
>
> and then
>
> C) Answer why you claimed to be announced/partnered with EFF/CCC
> (which they have both denied [1]), why you are continuing to mimic
> the Tor homepage/TBB, why you're directly spamming people with
> invites, why you are dodging these and other questions, and generally
> appearing and acting very unusual for an opensource privacy suite
>
> ... no one is going to believe these projects are anything but
> untrustworthy snake oil.
>
> Help us help you.
>
> In my opinion at this time, these (your) projects have serious trust
> issues and I wouldn't recommend them until resolved.
>
> And while this list isn't perfect or comprehensive, those needing
> privacy solutions have other options to choose from here...
> https://www.prism-break.org/
>
>
> License issues...
> http://www.gossamer-threads.com/lists/gnupg/users/62118
>
> An example of a decent model announcement and request for review,
> that your seeming sockpuppet then replied to with a lure...
> https://lists.torproject.org/pipermail/tor-talk/2014-March/032498.html
>
> Old stuff... (RetroShare?)
> http://nabble.documentfoundation.org/Instant-Messenger-for-Libre-Office-serverle
> ss-and-open-source-td2595287.html
> http://comments.gmane.org/gmane.os.haiku.devel/18674
>
> Can anyone provide an overall interpretation in English of posts?
> http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundrechte
> /AKV-mailarchiv-2009-201310/author.html
> http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundrechte
> /AKV-mailarchiv-2009-201310/26906.html
>
>
> Ps: To date, none of the people potentially related to these projects
> that I previously CC'd seeking comment from have replied either.
>
> [1] Official Comments
> EFF:
> https://lists.torproject.org/pipermail/tor-talk/2013-July/029129.html
> CCC:
> Subject: [rt.ccc.de #40481] False press using EFF / CCC? goldbug.sf.net
Inserting to 'many cc' auto moderated list via self reply.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk