Bonum Certa Men Certa

Truecrypt Cannot be Audited Because It's Proprietary Software

Truecrypt



Summary: Why nobody should trust Truecrypt (or any other piece of proprietary software for that matter), even if it claims to have been "audited"

THE other day we alluded to Truecrypt in this post, not quite mentioning the holes in the argument that Truecrypt can be "audited" [1-3]. Unless everyone can view the code and compile it independently (or rely on others to do so independently), we must assume that Truecrypt is not secure and that it might contain back doors (either unidentified or deliberately planted). This whole Internet 'debate' about Truecrypt "audit" should remind us that Free software is vital for dodging surveillance.

The NSA has used corporations to facilitate snooping and it may not be alone [4]. This is happening at many levels [5-7] based on new leaks and revelations, so rather than look for evidence of insecurity (e.g. back door) we should pursue real assurance of security. You know what the spies like to tell us: if you have nothing to fear, you have nothing to hide, right? So come on, Truecrypt, share your source code. What have you got to hide?



Related/contextual items from the news:



  1. Should Truecrypt be audited?
    Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs).


  2. New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks


  3. Can you trust 'NSA-proof' TrueCrypt? Cough up some dough and find out
    The source code for the Windows, Linux and Mac OS X utility is publicly available for people to inspect and verify, but this has not been enough to convince every cryptography guru that it's entirely secure.


  4. After Snowden’s leaks, China’s Huawei calls for more transparency in the tech industry
    With all of the recent revelations about the US National Security Agency’s surveillance programs, it must be hard for the Chinese telecom equipment manufacturer Huawei not to gloat a little bit.

    After all, the leaks from former contractor Edward Snowden showed that the NSA enlisted US technology companies to enable its snooping on global telecommunications networks—which is exactly what US intelligence officials have accused Huawei of doing on behalf of the Chinese government.


  5. Europe Moves to Shield Citizens’ Data
    Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.


  6. Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes


    One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it.


  7. NSA Harvesting Contact Lists
    A new Snowden document shows that the NSA is harvesting contact lists -- e-mail address books, IM buddy lists, etc. -- from Google, Yahoo, Microsoft, Facebook, and others.


Recent Techrights' Posts

Halloween, All Saints Day & Swiss citizenship
Reprinted with permission from Daniel Pocock
Saving the Planet With Honesty, Transparency, and Sharing (Not Only of Computer Code)
GAFAM is destroying the only habitat humans and other animals have and it'll only get worse
Shout-out to Christine From FOSSForce
Who noticed our short story
Apple's MacOS Shows Us the Vision of Computing That GAFAM Has for Us (Digital Prisons)
Freedom means "we the people" should be in control, not people being controlled by corporations (contemporary slaveowners)
GNU/Linux Users Are Not Cheaters
The bottom line is, most cheaters use Windows
 
Against Outsourcing of Sites and E-mail
Software Freedom is great, but it is not enough if you let someone else do it 'for you'
Techrights Has a Long History of Fighting to Expose 'Team Mono' or Microsofters Inside GNOME
Never downplay the malice of Microsoft and its operatives
Gemini Links 05/11/2024: Halloween Over, Intention and Implementation, Bookmark Syncing
Links for the day
Microsoft Lost Nearly Half of Its 'Cash Reserves' This Past Year
Is Microsoft (MSFT) the next Intel (INTC)?
The Year Isn't Over Yet, There Will be More Waves of Microsoft Layoffs
Nowadays Microsoft just tries to conflate/equate its energy waste with "value"
The Corporate Media Blasted Bitcoin for Destroying the Planet and Must Do the Same to Incite the Public Against the 'Great Rigging of Wall Street' (Under the Guise of "AI", the Latest Gold Rush)
"AI" is the next "metaverse" (trailing by a few months)
[Video] Richard Stallman is Back to Halo and Gown (in Peru) With 2+ Hours of a Public Talk
The globetrotting Richard Stallman gave many talks at the end of last month
Going Strong Against the Wind
the abuse serves to emphasise or affirm the importance of what we do
Links 04/11/2024: Squashing More Software Patents and Taiwan at Risk
Links for the day
Gemini Links 04/11/2024: Typing vs Writing and a Smol (Net) Pub
Links for the day
Links 04/11/2024: LibreOffice Had Adopted PeerTube, "Hey Hi" Hype is a Threat to the Energy Grids (Worse Than Fake-Coins)
Links for the day
[Meme] Social Control Telescreens With Microphone
Nineteen Eighty-Four
Not Boycotting Apple (Yet)?
"Apple Forces The Signing Of Applications In MacOS Sequoia 15.1"
statCounter This Month: Android Has Nearly Become Twice as Big as Windows
If it happened, it would be an unprecedented milestone
Why Technical Sites Need Not Make Political Recommendations or Endorsements
Except perhaps when it's for some purely technical role, e.g. FCC chief
[Meme] Apple Freedom
Freedom is... the ability to purchase as many 'i' things as you want
"Active" as in One URL, One Emoji, and 4 Words in One Week
Diversity community in Fedora
Apple Vision Pro Has Failed, Just Like "Metaverse"
Vision Pro lacks software
Things That Can Improve Election Integrity
the first two relate to "tech"
Rigging Elections is Difficult, Cheating a Little is Not
Avoid social control media, it is the biggest rigger of all
"People who live in glass houses shouldn't throw stones"
On throwing stones in a glass house
Our Stance on Electronic (or Digital) Voting Machines
The simple activity of voting and counting ballots does not require thousands of complex machines with hundreds of millions of transistors and hundreds of millions of lines of code
Microsoft and "Retrospective Re-writing of History..."
in YouTube anyone can make stuff up (as one goes along)
This Coming Week
Go exercise your right to vote
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 03, 2024
IRC logs for Sunday, November 03, 2024
Reddit is (Still) Lying and Faking
Don't fall for this phony idea that the above sites are grassroots or edgy; they're not
Links 04/11/2024: FCC, Broadband Industry Spar Over Net Neutrality; Software Patent Squashed
Links for the day
Gemini Links 03/11/2024: Official MyGemini.Space Announcement
Links for the day
Gemini Links 03/11/2024: Election Thoughts, Plagiarism, and LLM Slop
Links for the day
Links 03/11/2024: Deere 'Right to Repair' (RoR) and "Threads Bans Anyone For Mentioning Hitler"
Links for the day
[Video] "El Movimiento del Software Libre y el Sistema Operativo GNU" by Richard M. Stallman
The footage is a bit jittery (taken with a phone apparently, and there's no tripod available), but the sound is OK and the words (in Spanish) are comprehensible
Android at New Highs (47%), Windows at New Lows (24%), Suggests Latest Data From statCounter
So the market share of Android is about double that of Windows
[Video] Richard Stallman's Talk in Spanish (in Peru Last Week)
Alternative URLs too
The Media Focuses on the Wrong Scandal
The real scandal at MIT was Gates
Gemini Links 03/11/2024: Fantasy Life Day and Worship
Links for the day
[Meme] Write Us Drivers and GTFO!
When you realise sanctioning BRICS devs goes against the community
Decommissioning Copper Lines Makes Us Less Safe
We've essentially degraded the robustness or reliability of critical systems
Life of an Addicted Lolicon Who Can Also Code
Personal blog as an open diary
[Meme] Reporting Crime is Not a Crime
Obviously!
Manchester Party for Techrights
If you choose to come, of course we'll cover the cost of the food and treats (but not travel)
Privacy is Not a Crime (in Places Where It is a Crime the Regime is Typically Very Rogue)
Also, criminals lack "privacy rights" to hide their crimes from the public
GNU/Linux "Market Share" in Lebanon More Than Doubled in a Few Months
Maybe it's a reaction to something? Assassination in Haret Hreik was in July.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 02, 2024
IRC logs for Saturday, November 02, 2024
Nearly 40 Years Without Security Incidents
People who use Windows have come to sort of "accept" that security incidents are part of life or "normal"
[Meme] The Streisand Effect
Simon says, don't bother trying to suppress facts
Streisand Effect at IBM?
Trying to silence your workers isn't the best approach. It only makes colleagues even more curious.
Microsoft is a Gift That Keeps Giving (Future Stories to Techrights)
Microsoft has been trying to silence me using dirty tricks for nearly 20 years
Elon Musk Has Trashed Twitter for Ideological Reasons (and Propping Up Trump in Exchange for Financial and Political Favours Once in Public Office)
In case you didn't leave Twitter already, consider the fact that Twitter's (or "X"... whatever!) future is uncertain
Wall Street Has Demoted Intel, Seeing There May be No Future to Intel
Intel's loss isn't a loss to us
Free Software Licence Compliance is About Security Too
Linux as de facto proprietary off-the-shelf platform