I had respect for TextSecure until they actually removed the ability to secure text messages.
Now, rather than "here's a way to secure your existing communication path" it's become a game of "become reliant on having a working data connection, our cloud service and google's push service if you want to communicate".
It's not even as though I can choose to stay on an older version to keep the SMS functionality without forcing all of my friends to never upgrade it either (many of whom already have, if only accidentally).
Colour me exceedingly unimpressed -especially as in the 2 years I've been using TextSecure, I and all the friends I've tried to convert have had nothing but issues with the push. This whole thing has left a bad taste in my mouth and has made me rather angry.
I don't share your view. Encrypted SMS functionality was not ready for the masses with the key exchanges, meta data leakage and was source of many bugs. Now users are never confronted with keys and other scary stuff :) Furthermore, most of my friends have switched from WhatsApp, so they did not use the encrypted SMS functionality in the first place.
I'm very impressed with the apps Whisper Systems have delivered. Please support them to accelerate development for even better encrypted communications!
Are the "masses" and existing users (who have learned to use the existing functions) mutually exclusive? Was there a large maintenance burden to support the existing feature?
It was a large maintenance burden: "It’s holding us back. Dealing with all the corner cases associated with the encrypted SMS/MMS transport prevents us from dedicating focus and attention to make the overall product better." https://whispersystems.org/blog/goodbye-encrypted-sms/
Except that the whole point of me wanting to use TextSecure is the encrypted SMS/MMS transport. How would removing the one feature that actually stands out make for a better product?
Hmm, I've never quite managed to find what all these problematic corner cases actually are.
The bit that jumps out from your link is the fact they now support iOS, and iOS won't let them programatically send/receive SMS. It seems to be a case of "now we support iOS, to keep feature parity, we're stripping out our main feature!" -I insert my own <slowclap /> at this point.
If you do a cursory search on the audit, you will find the discussion here about the second link. Generally, TrueCrypt seems to be trustworthy still. Forks generally seem permissible, but must not use the TrueCrypt name. While forks may not technically be allowed, making any sort of claim against a forked project would require the authors of TrueCrypt to de-anonymize themselves, which seems unlikely.
That being said, this article is about data in transit, and TrueCrypt protects data at rest. I'm sure there is a better place to be having this conversation about TrueCrypt.
Why would you use TrueCrypt rather than a maintained, properly-open-source system? dm-crypt / cryptsetup-luks is maintained, secure, and ordinary GPL, and I believe there's a windows implementation. You probably can't use it for your root disk on windows, but if you're serious about security you're probably not running the millions of lines of closed, potentially-backdoored code that is windows.
Use it. 7.1a has been shown safe. Watch https://truecrypt.ch/ for news about any developments (CipherShed and/or VeraCrypt) as well as being a trusted source for 7.1a.
One thing brought up in the article is that currently French surveillance services are basically working carte blanche, with absolutely no legal checks.
Le Monde had a set of articles about some of this surveillance framework brought to light by the Snowden leaks, but of course the French press didn't talk about it, since the NSA stories were somehow "more relevant to the public".
For all the fingerpointing at the US for the Patriot act and the NSA, France's surveillance state is pretty ominous and there are basically no rules.
That is largely correct.
One way to look at the french state is that it is more worried about maintaining order than serving justice. And historically, the population has largely supported this stance. (unfortunately imo)
At least, there was an effort to implement some controls over intelligence agencies following the Church Committee. It is unfortunate that it turned out to be effective, but at least the intention was there.
The French law only mentions a weak commission with "consultative" powers.
I've been following the debate in France, and the political response to concerns about the new surveillance law has been extraordinarily tone-deaf - the parliament has been very much in a "you're either with us or you're a terrorist" mode from the start. Hopefully, now that ovh and other French vendors have started to be vocal about it, some aspects of the law might be improved. I'm not holding my breath though.
It looks like is a very common argumentation for politicians.
Another one is: "You don't have to care if you don't have anything to hide".
I think both paths are extremely and deeply wrong. We can't put in prison the whole Afghanistan's population because just thousands of individuals embraced terrorism, in the same way we cannot track an entire nation just because 8-9 people are planning a terrorist attack.
> "You don't have to care if you don't have anything to hide"
I never quite understood this argument. We have something to hide, that's the whole point. I don't want somebody to look at my phone messages. I don't want to share with the government every sily joke that I may say at home.
Should I work on secret businesses, I certainly wouldn't want any random agent to read about what I'm working on. We all have something to hide, the whole argument is bogus ...
Neither am I. On the other hand, what does difference will it make in practice? As far as I understand, the law is in a large part about making legal all the currently unlawful telecommunication interception done by the intelligence services, and making sure that nobody is accountable for anything. So in this regard, it does not change the statu quo - intelligence services will more bound by the law than they were before, and there is zero political will to introduce even something as ineffective as the FISA secret courts.
There is a difference in practice: first France will become a digital police state by law, judges will be out of the loop, it may help to dodge the current prosecutions by the human rights league and international federation of human rights and lastly it will introduce a global and permanent surveillance with dpi of the like that France has sold to Myanman, Libya, Syria, Saudi Arabia, Morocco, Kazakhstan and other places. Additionally part of the IT industry will relocate itself outside of France to continue to exist.
As France is in the middle of a multi year process of replacing the copper network with optical fiber, it means that France is on the path for a 50 years additional delay before the digital world changes its society right when France was catching up.
Lastly the practical difference is that this law may push the country to the far right extremist nationalist and racist party Front National at the next elections, which would inherit of those tools and have everything to turn France in a totalitarian state.
On a side note, this law has spawned a reboot France movement which aims at leveraging the Internet and crowndfunding to get change the whole political system to an actual democracy based on the internet: http://rebootlafrance.fr
And this is combined with a nasty habit of judges being highly politicized and justice being used against political oponents. Both sides (conservatives and socialists) are pretty much equally guilty there. In fact we have even seen numerous occasions of judges prosecuting a political party, then resign, and take a high position in the opposite party.
France has a very problematic justice system and giving them more authority is very unwise.
I have quite a different perception, that judges do their job of not mixing law and politics pretty well, whereas politics try very hard and unashamedly to neutralize judges as counter-powers.
Could you expand on what makes you think that French judges are highly politicized?
> There is a difference in practice: first France will become a digital police state by law, judges will be out of the loop, it may help to dodge the current prosecutions by the human rights league and international federation of human rights and lastly it will introduce a global and permanent surveillance with dpi of the like that France has sold to Myanman, Libya, Syria, Saudi Arabia, Morocco, Kazakhstan and other places. Additionally part of the IT industry will relocate itself outside of France to continue to exist.
I am under the impression that the law is about legalizing what the state is already doing. Did I miss something?
As France is in the middle of a multi year process of replacing the copper network with optical fiber, it means that France is on the path for a 50 years additional delay before the digital world changes its society right when France was catching up.
I am not sure what you mean by this.
> Lastly the practical difference is that this law may push the country to the far right extremist nationalist and racist party Front National at the next elections, which would inherit of those tools and have everything to turn France in a totalitarian state.
Don't they already have that?
> On a side note, this law has spawned a reboot France movement which aims at leveraging the Internet and crowndfunding to get change the whole political system to an actual democracy based on the internet: http://rebootlafrance.fr
They certainly have good intentions, but they sound like a small band of young geeks with little knowledge of politics and no funding. I am not convinced the issue will be solved by yet one more tiny political party.
>
This movement reminds me of the French Pirate Party. They have a lot of goodwill but 1/ they do not agree on what shape to take in order to attain the goals they have defined 2/ they have no understanding of how organizations function in real life in regards to hierarchy, decision making or political action and 3/ they do not seem to get that their propositions are only appealing to a niche, meaning there is still a lot of groundwork to be done before acting at a party level.
I don't see it gaining much traction and I think it will go the way the French Pirate Party with its very high turnover rate and its legendary infighting.
I don't understand this argument. If something illegal is going on anyway, how is making it legal the right answer ?
Surveillance being illegal protects us from it being used against us in legal proceedings. Even if we can't prevent spies from spying, at least we don't have to worry about the evidence they collect being used in court.
at least we don't have to worry about the evidence they collect being used in court.
That's a distinctly US concept. In Europe in general all evidence is a priori admissible no matter how it was collected. It is them up to the lawyers and judges to argue that the way this evidence was collected makes it inadmissible in this situation on a case by case basis.
So as long as an argument can be made that the illegality of the method used to collect the evidence didn't affect the reliability of the evidence then it can be used.
> In Europe in general all evidence is a priori admissible no matter how it was collected.
That is not the case in Portugal and, since our laws are mostly inspired by French laws, I'd imagine that is not the case in France. Illegally obtained evidence, or evidence where there is a relevant probability that the chain of custody was compromised, is not admissible in court.
> If something illegal is going on anyway, how is making it legal the right answer ?
Where do I say that? What I am saying is that French intelligence services do not care what the law say, and the government is not interested in having existing laws enforced. As long as there is no independent entity to control their activity, with real power, these laws may as well be printed on toilet paper.
> Even if we can't prevent spies from spying, at least we don't have to worry about the evidence they collect being used in court.
That is a fair point, but if law enforcement agencies like Tracfin are already using this data anyway, it means we are not protected with the current laws.
> Surveillance being illegal protects us from it being used against us in legal proceedings. Even if we can't prevent spies from spying, at least we don't have to worry about the evidence they collect being used in court.
That is an argument to make surveillance legal. If the illegal surveillance is indeed useful in court proceedings to prosecute other illegal actions, then it makes sense to make the surveillance legal so that the true criminals can be brought to justice. The legal principles of appropriate measures should still apply - surveillance should not be used to prove jaywalking but rather be used to combat more serious crimes.
Appropriate use of surveillance should be legal. The problem with illegal surveillance is when it is used to record legal behaviour and control citizens behaving legally but perhaps indecent. Such as recording amoral behaviour of political dissidents or political opposition and later releasing it to the press to gain politically. Gathering evidence of homosexuality of a priest or union leader could be another example, and use this surveillance to stop the union leader from becoming a problem for the political power.
Also, surveillance used today can be used by a future power for nefarious purposes. Imagine that Hitler would have been able to access 10 years of video recordings of synagogues, which may have been originally recorded for the purpose of protecting the synagogues from attacks. The recordings can be used for something else entirely in the future.
Surveillance in general is a very powerful weapon and should be treated like all powerful weapons - with respect and very carefully.
> The problem with illegal surveillance is when it is used to record legal behaviour and control citizens behaving legally but perhaps indecent.
That is not the only problem. If illegal surveillance can be used as evidence, you have the tool of selective prosecution. Totalitarian states were known for using and abusing selective prosecution.
I used OVH services for a long time, very good customer support, best quality/price ratio for Europe and some of their machines are extremely good. It would be a shame for France to lose them.
France is known to be very interested in mass surveillance, but what scares me most, it's that the European Union seems completely ignoring the topic, leaving countries to deal with this topic. I am lucky to live in Europe, but outside the EU, so we don't have to deal with these strange regulations, but I am concerned about the impact that this law can have in a short-mid future with all other countries. I really don't want to see UK, Germany, Italy, Spain, etc... follow the France's example, starting to roll-out laws in the name of security and terrorism fight.
This must be stopped at a higher level (EU), because also other countries are extremely interested on this topic.
I wouldn't say that it is completely outside what the EU is doing. The data retention directive was partially about this. The later annulment by the Court of Justice of the European Union for violating fundamental rights, to me, shows that some people in the EU actually cares about his.
Yes, exactly. The EU has the power to do something on this. Actually, when US was facing the Net-Neutrality case, most media questioned about what EU was doing about the same topic and they all pointed out that, according to many different lawyers, this is a field where the EU can interfere.
So, I don't have doubts about the fact that EU has the right and the power to do something.
Net neutrality is (with some imagination - even that was already stretching it) about inter-member state commerce, i.e. the common market. For surveillance that point is much harder to make.
"So, I don't have doubts about the fact that EU has the right and the power to do something."
Based on what knowledge or qualifications? Have you studied the structure and history of the EU? For example, can you say (without looking it up) what the difference is between a regulation and a directive, and what the difference is between the European Council and the Council of Europe? Because if not, frankly, you're not qualified to have a valid opinion on this.
The EU often waits it out and starts infringement proceedings. It gives more time to see how things are playing out in reality and also it's better politics.
I once ordered a server from them, they took my money and then asked me to send a scan of my passport. I told them no and eventually got a refund. Seems weird that they're fighting for privacy now.
I can understand a hosting provider not wanting to host for just anyone (or at least charging a premium for unknown customers), but do people actually send scans of their passports? Seems like asking for identity theft to me.
That's weird. I'm in the US and have never been asked for this kind of detail when buying servers from OVH. Maybe it has something to do with payment method and country of origin?
Never happened here, EU citizen though. It could be that they are required to do so by EU law, rather than because they just love to have your personal details.
They can start selling new servers only in data centers outside France, move the current VPSes and eventually shut down or sell the data center. The transition can last years but it can be done.
By the way, my bet is that France lawmakers don't even know that OVH exists (unless they do some lobbying) and don't know it's the third largest in the world. Now that they know they'll be counting votes gained against votes lost for every option (and money too). Then they'll decide what to do.
> The proposed law is meant to curb terrorism and create the first legal framework for the government to perform surveillance [...]
That's the only real-life achievement of Charlie Hedbo's 2015 attack. This attack allowed the French surveillance state to expand. Oh yes, additionally turned the lives of millions of Muslims throughout Europe a hell overnight.
Given the previous laws during the last years, it's a fair bet that such a law could have been proposed even without the Charlie event. And I don't think it drastically changed anything overnight for the Europeans Muslims, this is a trend going on from a long time.
When citizens of the world are failing to comprehend the idea of electronic surveillance, electronics and software pioneers and developers should take the lead in pushing those ideas to the cliff.
Popquiz: where could OVH move to that wouldn't be subject to heinous government surveillance? There aren't many safe havens left in the world, beyond the 5-eyes/Euro-clan reach ..
There's a lot of places in Europe they could move to that won't be as bad as what France is trying to do, they also have a nice footprint in Canada (obviously this wouldn't really help customers in Europe that want to be close).
The big issue here isn't about NSA style monitoring of "the Internet", it's about black boxes that would be required to be installed in their network to do whatever monitoring they wanted.
You mean legally doing that. They're already illegally doing it in various trenches, and so on, anyway. And that is sort of the point.
I think this is a tiger vs. paperbag issue, personally. The fact is, if companies are serious, they'll start setting up their own encrypted links, actively, and fighting back. Then it won't be an issue where, locality-wise, you set up the servers.
Finland is at least attempting to remain a country without any (official) spying.
Combine that with ample free space for server farms in the form of closed army bases inside mountains and old factories and you have a nice home for a bunch of servers even on a large scale.
But we won't know for sure until this years' elections how the political environment changes wrt to internet spying.
I can't imagine a government finding black sites completely acceptable but balking at global Internet surveillance. As for Germany, it depends on how closely they were cooperating with the NSA and how much they were willing to invade the privacy of EU citizens.
That's a fair point. On the other hand, keep in mind that the corollary of "law on mass surveillance purpose-built to legalize existing practices" is that French citizens are already "benefiting" from secret mass surveillance (emphasis on secret). Unfortunately, it is extremely difficult to prove or disprove the existence of a similar effort in Poland. Whether the population agrees or not is irrelevant if elected officials conspire to keep them in the dark about it because security.
If UMP/UDI tried to do the same, people would be in the streets protesting and "socialist" politicians would be protesting at the parliament, like when HADOPI was voted. But for some reason when "socialists" do it, it's fine. These crooks that call themself "socialists" are even more dangerous than their "right wing" equivalent. They didn't remove HADOPI by the way, it's still there. Anybody who vote right wing might be an idiot, but anybody who vote "socialist" is a greater dumb fuck.
It sucks for the french economy but many startups or businesses like OVH don't need to stay in France anymore. Because who can believe in the future of this country with these assholes in power?
You're missing something here, the "socialist party" is and has long been a right wing party, to the left of the further right ump, itself a bit to the left of the far right front national.
But the point is that wherever the party falls is irrelevant, political parties have been mostly puppets pushing corporatist agendas for quite a while.
I'm not missing anything, that's why I put "socialists" in quotes. These people aren't "socialists" of course they are a fraud.
Frankly I shouldn't even talk about french politics anymore, things are a bit desperate,it's a race to the bottom.But I guess it's happening everywhere. Or it has always been like this and it's just more obvious today, I don't know.
Socialism is awful in the EU. See what is happening to Greece? It's been cornered by virtually every other state in the EU. And no, it's not about broken state economics, that's fairy tales for little kids, it's mostly about not voting what Brussels/Germany wants. They want to set an example to everyone else. The only reason Greece is still in, it's because no one is sure what's gonna happen once it's ousted.
So generally speaking, you either vote for Holande/Sarkozy or you're gonna face the same kind of treatment. And from what I've seen so far, LePen apart, you don't have any other politician is likely to go a head to head with Merkel.
Considering that the former president and current head of the conservative party is being investigated in at least 8 different cases, the scandal part is clearly more of a "big party" problem.
As crazy as it may sound I think their dream (to French administration, politics) is to have what NSA has done in the US, against all common sense they look at it with envy. The only reason it is not there yet is that they don't have the money to fully implement it. Sadly in this day and age my country is more prompt to say to others what they should do than to make what it is required to maintain a real democracy at home. Shameful.
> [...] While the law could only apply to French-based servers, this would unfairly affect OVH against its competitors, as the law allows for governments to install a ‘black box’ that listens to all communication going in and out of the servers, and logs certain pre-ordained types of communication.
This seems so unrealistic on so many levels. And, technical issues/risks aside, I don't know any reasons that would be worth keeping your servers on the french territory, if this law is voted. At best, this is hurting businesses. At worst, well, this is just a back door with root access, nothing to worry about.
Good for them. About time someone stood up to surveillance in a meaningful way - hit the government where it hurts (in the wallet) is a tactic that should be used more.
That doesn't help if there is no good safe heaven. The pressure is increasing for other governments to do the same. And it will get worse when everyone is using secure communication as default.
My take on this: I am against surveillance, but also equally against corporations strong-arming government policy changes/non-changes. So I want the changes to not pass, but I don't want them to not pass because of OVH threatening to take their business elsewhere. Tomorrow it could be tobacco manufacturers doing the same thing.
Corporations aren't inherently bad, especially when they're checking government abuse. If you've followed the situation in Indiana at all then you know that corporations destroyed the core intent of the rfra law in under a week. Corporations may do dirty things to support their own interests, but so do governments. We shouldn't blindly support either.
I have a few servers with them and am happy to see they spoke up. I also have one server with online.net - another FR company. If the law passes I would probably terminate that server.
I'm going to send this article to every client I have (surprisingly many) who are demanding "our data must not be stored in the US and subject to your evil NSA...you have to keep it safely in France!".
Find who to call here : http://www.assemblee-nationale.fr/14/qui/circonscriptions/?h...
And point them to there : https://sous-surveillance.fr/#/
and there : https://wiki.laquadrature.net/Amender_le_PJL_Renseignement
Talk about it online and IRL, and once the law inevitably pass, install Enigmail and TrueCrypt on your relative's computers.