Forgot your password?
Encryption Security Microsoft Open Source

FSF Responds To Microsoft's Privacy and Encryption Announcement 174

Posted by Soulskill
from the no-trust-without-verification dept.
An anonymous reader writes "Microsoft announced yesterday their plans to encrypt customer data to prevent government snooping. Free Software Foundation executive director John Sullivan questions the logic of trusting non-free software, regardless of promises or even intent. He says, 'Microsoft has made renewed security promises before. In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure. A lock on your own house to which you do not have the master key is not a security system, it is a jail. ... If the NSA revelations have taught us anything, it is that journalists, governments, schools, advocacy organizations, companies, and individuals, must be using operating systems whose code can be reviewed and modified without Microsoft or any other third party's blessing. When we don't have that, back doors and privacy violations are inevitable.'"
This discussion has been archived. No new comments can be posted.

FSF Responds To Microsoft's Privacy and Encryption Announcement

Comments Filter:
  • PR Stunt at best (Score:5, Interesting)

    by jbmartin6 (1232050) on Friday December 06, 2013 @09:56AM (#45618001)
    How is encrypting data in motion going to help when they will simply provide the NSA the keys or otherwise provide access to the data. They are just another participant in the 'we never provided direct access' lie, when you simply provide everything on demand they don't need direct access, nor do they need to decrypt data off the wire.
  • Re:Predictable (Score:5, Interesting)

    by JustNiz (692889) on Friday December 06, 2013 @10:45AM (#45618413)

    >> I don't honestly believe that people would actually compile all their tools from source code they've reviewed personally to check for security holes

    We do use some open source in our aviation products. We are required to heavily review literally every line of source code (both ours and open source) in order to get our product certified for aircraft use.

  • by pigsycyberbully (3450203) on Friday December 06, 2013 @10:53AM (#45618481) Homepage
    I was on the Linux desktop KDE, and somebody sent me a link when I clicked on the link the file was a torrent file and KDE torrent file program opened up and with a pop-up message it calls tips it give me a lecture about copyright. I quickly deleted KDE.. I've never had a desktop even a Windows desktop or an apples desktop lecture me about copyright and call it tips. I'm such a stubborn free minded person KDE was obviously never going to work on me I hate social manipulation.
  • by mi (197448) on Friday December 06, 2013 @01:04PM (#45619723) Homepage

    it is much easier to prevent the removal of a back door when the code base is owned by a private organization with identifiable representatives

    Linux (and BSD) committers are just as identifiable. Although the codebase is open to all, very few people go through it. If it follows the documented coding style, compiles, and "works", there is simply no reason to keep reviewing it — for most people. The Debian hole [] I cited earlier remained open from 2006 to 2013 — more years, than Turing spent working on Enigma.

    In the Linux community, being international, such pressure would be more difficult to apply.

    Maybe, but I would not count on it. Which country would you consider unlikely to cooperate with the US on such matter — without itself being an even greater threat to liberty (like China or Cuba)? The entire Western world's spooks cooperate with the US. As does Russia [] — to some extent [], at least. Who would not help their American colleagues in exchange for Americans helping them — a little? Someone like Sweden? Well, they did hit Assange with rape [] charges, when he made himself an overly tiresome nuisance to the Americans...

    Its interesting to note that Microsoft's anti trust settlement was negotiated and overseen by a member of the FISA court. The mandate to open APIs and source probably stopped short of revealing all the built-in back doors.

    In other words, Microsoft, probably, was coerced into it. A similar coercion — or conviction, or fooling — can be applied to an open-source project's participant. Whether it is easier or harder to do, I would not know.

One man's "magic" is another man's engineering. "Supernatural" is a null word. -- Robert Heinlein