I see the fnords!
Software engineers made pretty egregious reaches. Unless blocked, international surveillance users break, undermine bad internet.
Nice analogy. The biggest flaw, to me, is that the whole world already figured out the NSA was into them - so why would they need to dump that pastebin doc to “reveal” what everybody already suspected?
Now I have a question. Wouldn’t an older version be perfectly secure?
Dude, you’re trying too hard, your fervent and (slightly) pedantic debunking just about makes me really want to believe there’s something to this.
TrueCrypt had numerous security problems brought up before this whole debacle that went unaddressed. Secure is a relative term in this situation.
Dammit. I always aim for SUPER pedantic.
I just looked and you are correct the letters N, S, and A on every single page of the bible.
Clearly the aliens that wrote the bible are telling us something about spying.
That’s life.
me too.
Your example nicely illustrates the limits of google translate.
If you type the Latin in directly into google translate, it gets confused. The Google Translate The Latin -> English translator needs Sermper ubi ubi" to produce to the desired English phrase.
But if you type in the English phrase and ask for the Latin, you indeed get “sermper ubi sub ubi”
At the same time, we should use Occam’s Razor here; the explanation with the fewest new assumptions is most likely the correct one.
We’re looking at two conclusions here. First is the story presented as-is, the Windows XP deprecation has pretty much obsoleted TrueCrypt and the authors don’t want to devote any more of their time making a free product, and in doing so they give a stern warning not to use the product anymore because it is unmaintaned (remember, security is hard and it requires constant updates). The second that the NSA has gone in, infiltrated the developers who try to remain private, threatened them, and they didn’t go public about it, instead posting some silly hidden message about the NSA in their good-bye speech.
The first requires far, far fewer new assumptions than the second. The reason that this broken Latin phrase is there is because it’s not hard to shove a pattern in somewhere post-hoc from any random bit of data. If it weren’t this phrase it’d, be another. If it wasn’t Latin, it’d be Greek or Russian or Polish or some other language. With all the languages to choose from and all the letter combinations on that page and all the other various transmogrifications you can do to the words, I’d be more shocked if you could apply all the bible-code-esqe stuff to it and get nothing out. The human brain is good at picking out patterns and trying to fit meaning to them. That doesn’t mean there’s always meaning to the patterns; we’re very bad at random noise.
Secondly, there’s what the NSA could do or would have done in regards to this specific case. I see a lot of people clamoring saying that now you have to use BitLocker and OMG THAT COULD BE COMPROMISED BY THE NSA. Thing is, if the NSA compromised something in Windows it would make more sense for them to compromise something other than the encryption layer, so they can get at data that is encrypted under other methods too. Basically here, the moral is if you think one aspect of your OS is compromised, you cannot safely assume that the rest isn’t without an audit.
Now, maybe the NSA has gone and done something to TrueCrypt. It feels like jumping to this conclusion doesn’t follow. As far as I know the TrueCrypt authors didn’t accept many (if any) outside contributions and it’s unlikely that this was a method. Maybe NSLs were used? No, legally speaking those are for gathering information, not taking action per se; and it’d be bad news to find the NSA abusing the NSL channel (which get enforced by the FBI, so there’d be some paper trail there) and they wouldn’t want their toys taken away. What about old fashioned thuggery? I’d bet dollars to donuts that the person or people behind TrueCrypt know their rights and would fucking love to expose some NSA thuggery in action. We also don’t have any other evidence to show that they have been thuggy, invasive and overreaching sure, but not flat out thuggy.
To be honest, if this a real actual thing that was put in there, it was likely a thing put in by a quirky developer as an on-the-sly warning that the software no longer (as they have said) can be trusted because they won’t be updating it. Sometimes a cigar is just a cigar.
… Wow. That’s kind of surprising behavior by Google Translate.
(For those who aren’t versed in corny classics jokes, “semper ubi sub ubi” is a bilingual pun–nonsense in Latin but it translates to “always where under where.”)
Why not just say that
I see a lot of people clamoring saying that now you have to use BitLocker and OMG THAT COULD BE COMPROMISED BY THE NSA
Why be so shrill, dismissive and insulting towards those that are suspicious of BitLocker? There’s valid reasons to be suspicious once you combine things like this:
…with things like this:
Now, maybe the NSA has gone and done something to TrueCrypt. It feels like jumping to this conclusion doesn’t follow.
I think the usage of the word “possible” within the post title precludes final conclusion jumping.
Maybe NSLs were used? No, legally speaking those are for gathering information, not taking action per se; and it’d be bad news to find the NSA abusing the NSL channel
You think the NSA won’t abuse NSLs?
Sure they would. I think you’re being rather niave.
I’d bet dollars to donuts that the person or people behind TrueCrypt know their rights and would fucking love to expose some NSA thuggery in action.
Why would you bet anything on what an anonymous person would do while perhaps under threat from an oppressive government?
And before you say that any government threat is unlikely, please educate yourself:
Sometimes a cigar is just a cigar.
That cigar is mere conjecture. The theory that the developer stopped development because the dev stopped using XP is just that… a theory. That’s no cigar.
The cigar is up on smoke as we don’t really know why Truecrypt made such a sudden and hasty departure just as a recent audit was undertaken.
The true crypt developers told us not to use it, they basically said they could not guarantee its security.
That’s it, trying to determine if it was compromised by the NSA is not trivial but, they already killed it. We know its not secure, they said so.
Trying to decipher hidden messages in their note about government involvement in iTs insecurity is a smokescreen, it is giving up on ever having enough transparency to actually know if this is true, its far easier to come up with crazy UNTESTABLE theories (and this is my biggest problem with it) than to actually go and ask those suspected because:
a) There’s no guarantee they’ll tell you the truth
b) There’s now way to know if they’re telling the truth
c) There’s no way to compel them to tell you the truth
Conspiracy theoriy as a way to justify inaction in the redress of grievances.
No assumptions need to be made for this to be true, just an interpretation what what is actually happening.
(Granted your interpretation can vary but the facts are at least not in debate:
The project was closed
Labeled as insecure
govt agency suspected of being involved
No action that I know of to obtain information from said Govt on topic
No way to corroborate the truth if involvement denied)
What I was referring to, when I wrote:
Is that nitpicking flawed arguments gives you flawed nitpicking, so when mcsnee is (jokingly) picking on nsa not being latin then going into an examination of latin that is quite beyond me, I couldn’t help but think:
“Man, you are over analyzing this, maybe there is something to this plausible deniability theory and you’re missing it by trying to be too literal”
I then came back to my senses and thought about it again and thought that, rather than ask if its true, why not ask if it makes sense to even wonder if its true.
And I think not. not if its not going to lead to action anyway.
I don’t care if the NSA decides to poke around my files
By the way, the NSA utilizes private IT contractors and I’ve been a private IT contractor. You don’t mind if I get access to your bank account, do you? I can assure you that you can trust me and I’ll never ruin your life if you piss me off.
Right, plus, it’s not like there have been any high profile private contractors share secret information with the world, right?
Aim to be super pedantic. FTFY
Oh, dear god, latin-master jokes. Such terrible flashbacks…
Best Cowicide picture-response ever.
I think we all know what happens when theres too much coincidence.
Clowns.