EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.18.13

Truecrypt Cannot be Audited Because It’s Proprietary Software

Posted in Free/Libre Software, Security at 8:37 am by Dr. Roy Schestowitz

Truecrypt

Summary: Why nobody should trust Truecrypt (or any other piece of proprietary software for that matter), even if it claims to have been “audited”

THE other day we alluded to Truecrypt in this post, not quite mentioning the holes in the argument that Truecrypt can be “audited” [1-3]. Unless everyone can view the code and compile it independently (or rely on others to do so independently), we must assume that Truecrypt is not secure and that it might contain back doors (either unidentified or deliberately planted). This whole Internet ‘debate’ about Truecrypt “audit” should remind us that Free software is vital for dodging surveillance.

The NSA has used corporations to facilitate snooping and it may not be alone [4]. This is happening at many levels [5-7] based on new leaks and revelations, so rather than look for evidence of insecurity (e.g. back door) we should pursue real assurance of security. You know what the spies like to tell us: if you have nothing to fear, you have nothing to hide, right? So come on, Truecrypt, share your source code. What have you got to hide?

Related/contextual items from the news:

  1. Should Truecrypt be audited?

    Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs).

  2. New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks
  3. Can you trust ‘NSA-proof’ TrueCrypt? Cough up some dough and find out

    The source code for the Windows, Linux and Mac OS X utility is publicly available for people to inspect and verify, but this has not been enough to convince every cryptography guru that it’s entirely secure.

  4. After Snowden’s leaks, China’s Huawei calls for more transparency in the tech industry

    With all of the recent revelations about the US National Security Agency’s surveillance programs, it must be hard for the Chinese telecom equipment manufacturer Huawei not to gloat a little bit.

    After all, the leaks from former contractor Edward Snowden showed that the NSA enlisted US technology companies to enable its snooping on global telecommunications networks—which is exactly what US intelligence officials have accused Huawei of doing on behalf of the Chinese government.

  5. Europe Moves to Shield Citizens’ Data

    Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.

  6. Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes

    One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it.

  7. NSA Harvesting Contact Lists

    A new Snowden document shows that the NSA is harvesting contact lists — e-mail address books, IM buddy lists, etc. — from Google, Yahoo, Microsoft, Facebook, and others.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Today's Example of Microsoft's Faked 'Love'

    “On 7 September 2017, users began noticing a message that stated “Skype for Business is now Microsoft Teams”. This was confirmed on 25 September 2017, at Microsoft’s annual Ignite conference,” according to Wikipedia



  2. Links 10/12/2019: Kubernetes 1.17, Debian Init Systems GR

    Links for the day



  3. 'Cancel Culture' as 'Thoughtpolice' Creep

    Richard Stallman spoke about an important aspect of censorship more than 2 decades ago (before “Open Source” even existed); it was published in Datamation (“Censoring My Software”) 23 years before a campaign of defamation on the Internet was used to remove him from MIT and FSF (censoring or ‘canceling’ Stallman himself)



  4. Microsoft Still Hates GNU/Linux and Mark Shuttleworth Knows It (But He is Desperate for Money)

    We're supposed to believe that a PR or image management (reputation laundering) campaign alone can turn Microsoft from GNU/Linux foe into friend/ally



  5. Actions Against EPO Corruption and Unitary Patent (UPC) Injustice/Lobbying

    The EPO is apparently going on strike again and an action against the UPC is scheduled for later this week (protest in Brussels)



  6. “The Fifth Freedom as a Meme”

    The issue with systemd (or SystemD) has provoked or at least stimulated discussions about the limits of the famous Four Freedoms



  7. IRC Proceedings: Monday, December 09, 2019

    IRC logs for Monday, December 09, 2019



  8. Demonstration Against Unitary Software Patents, Thursday 12 Dec in Brussels

    FFII's call to demonstrate against the UPC



  9. Links 9/12/2019: China on GNU/Linux, Canonical Wants Help to Improve Ubuntu

    Links for the day



  10. Links 9/12/2019: Linux 5.5 RC1, EasyOS Buster 2.1.9

    Links for the day



  11. IRC Proceedings: Sunday, December 08, 2019

    IRC logs for Sunday, December 08, 2019



  12. Mandatory Education for Those Who Use and Misuse Buzzwords Would Go a Long Way

    In an age of substitution — where marketing terms replace meaningful words and concepts — it has gotten more difficult to have honest debates, for example about the scope of patents



  13. Once Upon a Time Banter Was Allowed on Mailing Lists

    Hours ago Torvalds announced RC1 of the next Linux (kernel) release; it has been a while since he last said something ‘controversial’ (following his month at the penalty box); free speech deficit can make us weaker, not stronger (advantage to those who work in the dark)



  14. Links 8/12/2019: Debian Init Systems GR, NomadBSD 1.3

    Links for the day



  15. Can We Quit Celebrating DRM in GNU/Linux?

    Over the past couple of days various news sites and "Linux" sites expressed great satisfaction [1-5] over the passive embrace of Disney's DRM ploy (Disney+), even when Disney itself rejects DRM, seeing the harms practically caused by it [6,7]



  16. You Know WSL is Bad for GNU/Linux Because Anti-Linux People, Microsoft and Its Propagandists, Want People to Use That

    Microsoft and its boosters (and media partners) haven’t grown tired of spreading falsehoods to stigmatise and take control of GNU/Linux by creating their own versions and traps for it



  17. IRC Proceedings: Saturday, December 07, 2019

    IRC logs for Saturday, December 07, 2019



  18. 5 Years Ago the Linux Foundation Turned Linux.com Into a Non-Linux Site

    One can leverage the Internet Archive’s Wayback Machine to better understand how, over time, the Foundation called “Linux” deviated or diverged away from its mission statement for the sole purpose of raising corporate funds and selling influence to corporations (passing the community’s hard work to them — a form of tacit privatisation)



  19. Microsoft Redefining Ownership and Identity of GNU/Linux

    The idea that “Microsoft loves Linux” is as insane as it gets; but the lie which is “Microsoft loves Linux” is a powerful enabler of Microsoft entryism, e.g. if Greg steps down, does a Microsoft employee become the deputy of Linus Torvalds?



  20. Things That Cannot Be Said

    The limits on what we can say are mostly defined by what sources permit us to say publicly (for the sake of source protection)



  21. Fake European Patents (on Algorithms) Leading to Fake Embargoes

    Law firms have gotten their way in Germany; instead of supporting the productive workers the patent system is nowadays promoting the litigation 'industry' and it ought to be corrected



  22. From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

    What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse



  23. Dangerous Thinker

    Society oughtn't be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people



  24. Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

    It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as "news sites" latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)



  25. IRC Proceedings: Friday, December 06, 2019

    IRC logs for Friday, December 06, 2019



  26. Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

    Links for the day



  27. Links 6/12/2019: DRM in GNU/Linux and Sparky Bonsai

    Links for the day



  28. The EPO Rejects Innovation

    The EPO ceased caring about the needs of scientists whose work involves invention; instead, EPO management crafts increasingly lenient guidelines that yield illegal European Patents (not compatible with the EPC) that heavily-besieged EPO judges are unable to stop



  29. Startpage CEO Robert Beens in 'Damage Control' Mode, Trying to Get Startpage Relisted After Selling to a Massive Surveillance Company

    PrivacytoolsIO is being lobbied by the CEO of Startpage to relist Startpage, based on no actual refutations at all



  30. IRC Proceedings: Thursday, December 05, 2019

    IRC logs for Thursday, December 05, 2019


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts