This is safes biggest hurdle. But… It was the same with the www originally most people didnt have a clue. Its all about education. And while in America privacy may not be a high valued commodity it is in Germany, ex soviet countries etc.
Oh, I didn’t mean in bitcoin or cryptocurrencies in general. I don’t know about that. I was referring to security “bugs” that were found, e.g. the debian RNG bug or there was another one I can’t remember atm. This video was good iirc. Unfortunately, I can’t find the one video that was really interesting, where someone at a hacker con held a presentation from the perspective of the NSA, thinking through the easiest, most cost-effective ways to sabotage, cripple or slow down the development of security/privacy software. If I happen to find it, I’ll show you.
Maybe you’re right, but then again, they have the largest budget, it’s unbelievably large (in the states, at least). Maybe they already have easier methods, Idk. If I was in charge of an ABC, I’d be concerned of Maidsafe.
My point was how interested is the NSA in SMALL projects like crypto. Remember that linux project is MASSIVE compared to crypto projects at the moment. SAFE is like a school project to the NSA.
He showed theory. Is it true? how many projects have they done this???
This is the information I am want to get hold of.
It is possible that NSA do any of 100000 things to the world. Which ones of those things do they ACTUALLY and to what extent do they do them. They still have limited resources and they are not almighty so they have to pick and choose what areas the spy/infiltrate.
Remember they still need to keep it secret, so if they did choose to infiltrate software projects, and then the subset of startups (about 10000 of them atm), and then the subset of crypto startups (100s) they would have to use 100s of developers to cover all the ones that might succeed. Now like many government projects the more who are told the secrets means the multiplication of certainty that they will be found out. And being open sourced it is open for ever so many programmers (maybe 10000x the infiltrators) the opportunity for discovery and this is much greater than spy secrets being found out. And how did the spy secrets go?
2 Likes
Yeah haha, true. Some kids playing “SAFE the world” 
[quote=“neo, post:23, topic:11465”]
He showed theory. Is it true? how many projects have they done this???
This is the information I am want to get hold of.
[/quote]
I’d tell you if I knew. Probably needs a cryptocoin-snowden or something. Or Snowden finally releasing all the info he has, not just a tiny fraction.[quote=“neo, post:23, topic:11465”]
And being open sourced it is open for ever so many programmers (maybe 10000x the infiltrators)
[/quote]
Imo, if the Debian RNG bug teaches us anything, it’s that that doesn’t necessarily help all the time.
But yeah, I see what you mean.
1 Like
So did anyone claim responsibility? Did anyone prove it was intentionally programmed in by a spy agency?
1 Like
Sorry, I don’t know.
/edit Maybe I wrote a bit confusingly (?), the point I was trying to make is that it can, under some circumstances, be quite easy to introduce a security flaw or bug into open source projects/libraries, without anyone realising for years. That’s something I would consider if I was trying to make them (in)secure.
1 Like
So while it is possible, we need to ask
Do we give up because we fear the NSA to infiltrate SAFE and insert backdoors?
Or do we realise that the chance is not high, even though its possible and trust the dev team to choose the right staff/contractors. After its live then we have to rely on people to verify the code.
1 Like
There are of course ways of adding intentional exploitable bugs and covering it up to make it look as an honest coding mistake, to make it look totally plausibly deniable, in fact I posted not long ago such contest: http://www.underhanded-c.org/
But considering the extremely early stages of the project, I don’t think it will be in their radar until it is too late for them to do anything about it… also I think @neo has a point, we also have to consider the relatively small core devs in the project, it would be quite an operation to plant a new developer in the team just to sabotage it (or maybe it is the new joint partner lol)
Of course this is a conjecture from my part, so I wonder how many resources do they actually have allocated to monitor decentralized crypto projects.
Cool, I’ll check it out later!
For the most part, it’s not a law thing, but a technology thing: if SAFE works as expected, then no government can do anything, unless they ban encryption per se. United Kingdom, I’m looking at you… 
1 Like
No government can ban encryption. Just laugh at whoever says they can.
I wish. However, it’s not hard to enforce, if they really want to: they can just mandate monitoring of network transactions by ISPs. One could resort to steganography, but then the effective bandwidth drops to near unusable (also, it’s not that impossible to detect.)
It’s somewhat lucky that there would be immediate whining for the loss of e-shopping and e-banking and the like, yet not about the loss privacy, which should be the higher concern; humans are a more superficial species than it likes to believe.
Proof: We still send unencrypted email as SOP, and the fact that much of that is now transferred through encrypted channels is not something most people know or care about. Even better: go on to any porn site, and check how much of it goes through HTTPS; there’s simply no demand for cryptographically hiding even what most would find very embarrassing if found out.
I don’t doubt that people are careless about privacy, but sending unencrypted payment details etc is not something anyone is going to give up. Neither are various personal accounts which need authentication. Neither is the plethora of infrastructure communication channels.
It will never happen.
Unless the government weakens the encryption, overtly or covertly.
The government is ripe with bad ideas.
Even if they tried it, which they won’t, the people they would hope to spy on will encrypt stuff still anyway. Anyone planning on blowing stuff up are hardly going to be put off by a threat of encryption being banned.
Politicians say a lot of stupid things and this was certainly one of them.
1 Like
I am not speculating, I am reporting: it happened
1 Like
This doesn’t have to be black and white.
In the United Kingdom, you can be given a jail sentence of 3 (or 5? I can’t remember) years if you deny handing over your encryption key when asked. The twist is that it’s not about your being otherwise suspected in anything, it’s simply because you didn’t tell what your password was.
It’s not very different from a scenario where the government would demand the private keys for e-commerce sites, banks, and the like, and forbid everyday people from using encryption otherwise (i.e. you’re caught, you’re toast) on the premise that you shouldn’t need it (your can do banking and stuff through the “accepted” providers) and you would need to tell the key anyway when asked, so why not make things simple and criminalize it altogether.
I admit it’s not a very likely scenario, but it was just a few months ago that some government figure in the UK seriously proposed banning encryption altogether. It was a naively idiotic attempt but, given some thought, they could come up with something like what I outlined and tell everybody it’s in their best interest.
Getting SAFE off the ground and making it well known and loved is urgent exactly because once people use it everyday, nobody can do anything without serious backlash. People may not care about their privacy, but they would sure care if their favorite toys were about to be taken away.
2 Likes
Thanks for sharing. Tada.
1 Like