Possible hidden Latin warning about NSA in Truecrypt's suicide note

My point is that there is no reason to suspect a government agency to be involved. The TrueCrypt project is now obsolete by every OS that is currently supported that consumers use having their own FDE implementations. The project was closed and it was labeled as insecure because no one was looking at the code who had the legal ability to modify it (TrueCrypt’s code is under a bizarre non-open-source license). Effectively it’s insecure because there might be bugs, not that there are bugs.

We also don’t have any real evidence besides people being conspiratorial that the NSA was involved in any of this. Sure, I hate the NSA too, I want them to be examined with a public fine-toothed comb and then dismantled and a new, smaller program for what we actually need to be put in place; but this isn’t part of that fight. We have no evidence of it being so, and charging that it is without evidence is just going to hurt fights against the NSA.

This is why people of sound mind should rail against conspiracy theories, and work with the facts on hand and real evidence. These conspiracies distract from real issues and getting real advancement done in bringing about change.

There is nothing new to me there.

In that first link you show that the FBI was trying to get access to BitLocker, but unsuccessfully. No surprise there. Usually the engineers on these products are not the kind of people who would want backdoors in their products, so this is totally unsurprising. It’s only, though, evidence that the FBI tried and failed once, not that they have succeeded or continued to fail.

The next three links (I discount IB Times because they are a linkbait rag), yes, this again is stuff I already know and people, again, are throwing out the actual explanation because it’s the “official explanation” just because it is that. What’s been going on here is that the SV companies were decrypting data upon getting various levels of notices from the NSA and FBI, whether these are a request, an NSL, a FISA request or a real warrant. This stuff actually happens quite often in lots of criminal investigations. Is this good? Probably not. We know that there is an overreaching of the NSA and FBI lately and this has to get more exposure, and the people who’ve made criminal acts should be brought to justice.

I’m also aware of lavabit and the NSA using NSLs to get information in an overreaching and often out-of-scope (legally speaking) information, but again they only used them to get information. They didn’t use them to bully people into modifying information or code. Doing so, especially to people who are already against them just damages the NSA more, just like in the lavabit case. They exposed how the NSLs were being used and shut down a business and source of income to do so. I know if I were the author of TrueCrypt and the NSA tried to bully me, I’d fucking relish in exposing them.

Finally, the TrueCrypt website says that they terminated support after the termination of support for Windows XP. It is not a far leap to say they aren’t supporting it now because XP is unsupported, which was the last major OS in consumer hands that doesn’t support FDE.

To quoth their website:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

Okay, sure it’s a cigarillo, but that’s damn close enough to a cigar and not a white elephant.

Four months from the time a public disclosure is made that a technology provided by a legit company was used in a security leak till the feds go through the proper channels and the company folds. That sounds plausible.

When the technology is an open-source project and weirdly licensed by an anonymous person it takes an extra 5 months to find him/her and put sufficient squeeze on him/her? Reasonable.

[citations]

1. Snowden had extensive access to the number of communication channels the NSA had compromised.

2. Snowden was a user of lavabit. I’d suspect he picked that channel because he thought he could be safe there because it wasn’t fully compromised yet per (1).

3. June, 2013. Snowden seeks asylum in Hong Kong.

4. Oct 2013, lavabit folds under NSA pressure.

5. Aug 2013, reports begin that Snowden used Truecrypt. Again, presumably because he thought it wasn’t yet fully compromised (1).

6. May 2014, TrueCrypt folds.

7. because, reasons?

Your citations are not evidence here, it’s just leaping to conclusions. It does not follow that the NSA has done something to it. In fact none of those individual events you link are significantly connected. We know Snowden trusted lavabit, and we have no evidence that they were ever compromised.

Lavabit folded because it would not serve NSLs, not because of NSA pressure. They chose to close up shop because they couldn’t fight them in court and didn’t want to capitulate. Saying they folded under NSA pressure is dubious at best, and in my eyes disingenuine. It wasn’t even the NSA asking for keys, it was the FBI.

What the TrueCrypt website says is that they are no longer developing it and there may be undiscovered problems. They are just providing a perfectly valid caveat about a program that is no longer going to be updated in a never-ending game of Squash That Bug.

Just following timelines like this without looking into further context of why events happen leads to wrong thinking on things and causes people to get distracted instead of taking actions that are at hand. (This is why I rail against conspiratorial thinking.)

So, no, it does not follow that the NSA is doing this. Not until some evidence is unveiled. If you are dead-set on it, file FOIA requests and start drumming up some interest at the Guardian or other news agencies that are willing to investigate these sort of things. You’re frankly coming up with a conclusion before investigating which is not how it works.

We’re not going to agree because if I were a privacy/security advocate that spent my free time developing an encryption system to help protect people’s privacy and I got the biggest endorsement in the world I wouldn’t view the upkeep as a neverending game of “Squash That Bug.”

I’d see upkeep as a neverending game of “Save The World.”

You are assuming a lot of the Truecrypt developers intentions when the reality is every single one of them (if there are indeed more than one) are anonymous and do not accept outside patches/criticism/anything.

They could just as easily have been government operators for all we know. We do not know their motives for starting Truecrypt, and we do not know their motives for stopping it.

I agree, that’s a more likely hypothesis than “squash the bug.”

But arguing for a strawman at “everything is compromised” end of the continuum is opposite to my point about dismissing any governmental involvement (NSA, FBI, CIA, whatever).

What’s been going on here is that the SV companies were decrypting data upon getting various levels of notices from the NSA and FBI, w

No, what’s going on here is cooperation between major tech companies and the NSA, etc. – And, what’s also going on is there’s more cooperation than the tech companies admit and Microsoft (BitLocker) is one of the worst.

We know that there is an overreaching of the NSA and FBI lately

And, that’s my point. Also, you still haven’t answered why you feel justified in being shrill, dismissive and insulting towards those that are suspicious of BitLocker.

If anything, you’ve only proven yourself to be as naive as you are insulting.

I’m also aware of lavabit and the NSA using NSLs to get information in an overreaching and often out-of-scope (legally speaking) information, but again they only used them to get information. They didn’t use them to bully people into modifying information or code.

Um, what? You have a vastly different (and naive) perspective on the Lavabit situation. You keep saying you know everything, but I think you still seriously need to educate yourself on these matters:

This is (Ladar Levison) Lavabit’s OWN WORDS: (emphasis mine)

“I don’t know if I’m off my rocker, but 10 years ago, I think it would have been unheard of for the government to demand source code or to make a change to your source code or to demand your SSL key,” Levison told Ars. “What I’ve learned recently makes me think that’s not as crazy an assumption as I thought.”

Finally, the TrueCrypt website says that they terminated support after the termination of support for Windows XP. It is not a far leap to say …

It’s still a leap nonetheless and it’s something we can’t confirm since no one can completely corroborate with the anonymous developer.

Kalib, fair warning, this won’t get answered. It’ll be marked too broad.You need to request specific things, by bullet points possibly, and try to be as bland as possible. Blanket searches for FOIA’d information are not done because they are too costly. Remember the people doing the FOIA request handling are NOT the people at the NSA, they do not have the computing power and man power to go through everything looking for a vague set of requests.

I actually read wonderful book by a Dr something-or-other, PhD, proving that the pyramids had been made by aliens.

The thesis was that the three major pyramids line up like the stars in Orion’s Belt. Now, your average sheep-cheologist might think this was because the Egyptians could see the stars, but no: look at the stars in Orion’s Belt. Just look at them. The three stars are so perfectly lined up that they must have been lined up that way by an incredibly-advanced civilization that has the power to move stars!

But not just that! Look at them closer! They aren’t perfectly aligned! The one on the left is out of alignment! That’s because the civilization is signaling to us that the one on the left is the actual home world! It makes sense!

… I wish I were joking.

This, honestly, is the worst part of the theory.

Even if the developers never intended to warn anyone about the NSA at all, the fact that we completely made-up a message is a “mission accomplished” for the developers.

http://upload.wikimedia.org/wikipedia/en/f/ff/Bush_mission_accomplished.jpg

Your point is my point too

Semper., not Sermper.

I don’t know where you got the idea that they don’t work together on some stuff. That seems pretty naive.

Sermper Fredrelis, my friend. From the hralls of Mrontrozuma to the shrores of Triporee.

[quote=“SamSam, post:52, topic:34620”]
I actually read wonderful book by a Dr something-or-other, PhD, proving that the pyramids had been made by aliens.[/quote]

“PhD”? Well we can’t argue with his logic then.

Well, you could argue with that logic, you just might end up running in circles.

En-ay Es-ay A-ay ight-may e-bay istening-lay.

This topic was automatically closed after 5 days. New replies are no longer allowed.