[jitsi-users] Re: Three questions


#1

Hey there,

Thanks for your reply.

I'm wondering though, how can we be sure that big brother doesn't have

any part in making Jitsi?

Anyone's free to contribute. However, anyone's code contributions would
have to survive the scrutiny of the community. People can't just commit
code without anyone noticing.

Maybe he is trying to lure those who "have something to hide" to this

software and get them to use it? This worries me, because, even if Jitsi is
open-source, are all its components (such as ZRTP and others) open source?

Yes, they are all open source. Every last one of them.

And how many developers have actually checked the code?

Well, quite certainly there are more external developers that have gone
through our code than those who have checked the code for Skype, Windows
Live Messenger, and their likes.

As a user, I don't have enough expertise to double-check the code...

If you are not a developer, then you have to either put some trust into
someone, or simply stop using software at all. If you decide to risk it,
then open source is certainly your safest bet.

Emil

--sent from my mobile

···

On Apr 5, 2012 3:42 AM, "Disqus User" <disqususer@live.com> wrote:


#2

It's amazing how many people don't 'get this'.

Do people really think something like Internet Explorer is 'safer' than
Chrome or Mozilla Firefox because it is written by one company only?

More eyes on code = safer/better. Exploits/errors are discovered and
patched faster if they ever exist at all.

Mike

···

On Thu, Apr 5, 2012 at 2:00 AM, Emil Ivov <emcho@jitsi.org> wrote:

Hey there,

On Apr 5, 2012 3:42 AM, "Disqus User" <disqususer@live.com> wrote:
>
>
> Thanks for your reply.
>
> I'm wondering though, how can we be sure that big brother doesn't have
any part in making Jitsi?

Anyone's free to contribute. However, anyone's code contributions would
have to survive the scrutiny of the community. People can't just commit
code without anyone noticing.

> Maybe he is trying to lure those who "have something to hide" to this
software and get them to use it? This worries me, because, even if Jitsi is
open-source, are all its components (such as ZRTP and others) open source?

Yes, they are all open source. Every last one of them.

> And how many developers have actually checked the code?

Well, quite certainly there are more external developers that have gone
through our code than those who have checked the code for Skype, Windows
Live Messenger, and their likes.

> As a user, I don't have enough expertise to double-check the code...

If you are not a developer, then you have to either put some trust into
someone, or simply stop using software at all. If you decide to risk it,
then open source is certainly your safest bet.

Emil

--sent from my mobile

--
There are 10 kinds of people in this world, those who understand binary and
those who don't.

mpicher@gmail.com
blog: http://www.sipxecs.info
call: sip:mpicher@sipxecs.info


#3

Not to mention it is usually really fast patched, sometimes less
than 3 Hrs after the exploit disclosure a fixed version is ready
to download.

However, there are also some black sheeps, remember the nsa/fbi
introduced weaknesses into to openbsd IPSEC stack.

···

On Thu, 5 Apr 2012 05:05:44 -0400 Michael Picher <mpicher@gmail.com> wrote:

More eyes on code = safer/better. Exploits/errors are discovered and
patched faster if they ever exist at all.

--
No snowflake in an avalanche ever feels responsible.


#4

However, there are also some black sheeps, remember the nsa/fbi
introduced weaknesses into to openbsd IPSEC stack.

I'm curious about the fact that jitsi has it's own encryption built in. Won't that make it 'interesting' to those who monitor communications?

I agree with Mike that more eyes on code equals safer. The open source community can generally patch problems faster than big corporations but on the other hand, big corporations have the resources to get it done fast too. I guess it depends on how serious the problem is and if it's embarrassing enough or not.

As for nsa, I read somewhere just days ago that years back, they discovered ways of cracking most current encryption schemes.
Whether that's true or not, if you are trying to hide something, that's when you become interesting. If you just go about your daily business, about your only problem might be some day, if you get into trouble, they will have lot's of information on hand to turn it into what ever they want.

With the amount of data being scrutinized of our daily lives thanks to the Internet, it does make you wonder if the Minority Report has some substance :).


#5

I'm curious about the fact that jitsi has it's own encryption built in.
Won't that make it >'interesting' to those who monitor communications?

Surely, but only when it'll trespass a certain line (qty).

As for nsa, I read somewhere just days ago that years back, they>
discovered ways of cracking most current encryption schemes.

This is standard propaganda, here in france, some months ago, the
dcri speaker told they were able to crack all bank encryption.
(well, that might be 1/4 true, because banks protect their assets,
not ours, and often don't upgrade softwares or use the bad one).

Whether that's true or not, if you are trying to hide something,
that's when you become interesting. If you just go about your
daily business, about your only problem might be some day, if
you get into trouble, they will have lot's of information on
hand to turn it into what ever they want.

This raise 2 things: the "if you don't do anything illegal
you have nothing to fear" moto; which is totally wrong: on this
behalf they pretend to spy everybody 24/7 even if they're not
"on the list", and the legal stuffs about intercepting normal
citizen communications without a warrant.

And as nobody could decently trust any gov nor agency,
strong encryption is a pretty good passive answer.

With the amount of data being scrutinized of our daily lives
thanks to the Internet, it does make you wonder if the Minority
Report has some substance :).

Well, you almost leave traces that you want to leave: if you're on
facebook or use gogol tools or leave you cellphone on while
talking "seriously", then don't complain everything goes "public";
these are things that minor-E.T.s should be taught early :wink:

···

On Thu, 5 Apr 2012 17:05:10 -0500 "mike@grounded.net" <mike@grounded.net> wrote:

--
"Let's show this prehistoric bitch how we do things downtown!"
    -- The Ghostbusters


#6

I'm curious about the fact that jitsi has it's own encryption built in.
Won't that make it >'interesting' to those who monitor communications?

Surely, but only when it'll trespass a certain line (qty).

Doesn't that imply that your communications are being watched then.
Either way, it's just a fact of life now because the public has allowed their government to get to this point. No turning back.


#7

That is why strong crypto is one of the best way to tell them that
the bucks stops here :slight_smile:

···

On Fri, 6 Apr 2012 11:45:13 -0500 "lists@grounded.net" <lists@grounded.net> wrote:

Either way, it's just a fact of life now because the public has
allowed their government to get to this point. No turning back.

--
BOFH excuse #141:
disks spinning backwards - toggle the hemisphere jumper.