http://tante.cc/2014/01/16/blackphone-build-hardware-software-broken-promises/

I would add to such great post that they will never have the resources to have control of sw, hw and manufacturing of such a full featured device. It would run into the hundreds of millions of $ or more.

The only way to achieve such levels of assurance with single or double digit millions of $ is through extreme hw and sw minimization, and a very small and thin form factor handheld devices that does not claim to replace the users ordinary smartphone, but complement it and uses it as an hostile environment to get on the net via bluetooth:

User Verified Social Telematics.

…. computing solutions that would make such knowledge useless because they are so simple in sw and hw to afford and allow for extreme verification of all hw and sw involved at all stages,  including manufacturing.

Former NSA chief Alexander, and who knows how many others, can make millions in consulting only because the It industry and experts have not even started working on computing solutions that would make such knowledge useless because they are so extremely simplified in sw and hw, to afford and allow for extreme verification of all hw and sw involved at all stages, including manufacturing and design of any critical components.

Possibly, the main problem is the same that has prevented us to see how far NSA had gone. There is a problem in the dynamics of IT security media and blogs, similar to other sectors, where a range of acceptable opinions are created, out of which all are paranoid.

Experts are still differentiating between mass surveillance and targeted surveillance. Whereas if what the most pessimist day about hardware vulnerabilities is true, than large scale undetectable targeted surveillance may be so low cost to render any encryption tools we are using or improving useless for the masses (or at least for its most active citizenry).

https://www.schneier.com/blog/archives/2014/06/could_keith_ale.html?utm_source=twitterfeed&utm_medium=twitter

http://www.wired.com/2014/06/remote-control-system-phone-surveillance/

The famous Blackphone is about to be http://www.pcworld.com/article/2362060/blackphones-coming-in-three-weeks-will-ship-in-millions-backers-say.html”>launched in 3 weeks:

Zimmermann. “If NSA really, really wants to get into just your phone … they’re going to get into your phone,” he said.

If this is supposed to be the best privacy-enhancing device out there, then “really, really” is terribly generic.

Tell us. How much would it cost them to get in it and what discoverability risk would they (or others) run into?!

Not having any control of manufacturing phase, nor of much prioritization firmware, and not having nearly enough verification on hw and sw components, how can you even assess such cost?!

If you can’t even begin to assess it for your blackphone, then, from what’s emerged with snowden, that cost may very well be so low that NSA may just by default get into each single Blackphone, just because its typical client is likely to have something of value to wrote or say!

http://www.theregister.co.uk/2014/06/12/safe_in_our_hands_security_industry_takes_a_hit_from_snowdens_year/

“The problem isn’t that we know the NSA is doing these things,” added privacy expert Bruce Schneier. “The real problem is that we don’t know what else the NSA is doing. Internet companies – hardware, software, service – simply cannot be trusted anymore.”

Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they’re switching away from the Web entirely. Want to send DRM-protected video to an iPhone? “There’s an app for that.” Native applications on iOS, Android, Windows Phone, and Windows 8 can all implement DRM, with some platforms, such as Android and Windows 8, even offering various APIs and features to assist this.

http://arstechnica.com/business/2013/05/drm-in-html5-is-a-victory-for-the-open-web-not-a-defeat/

In addition, having DRM sw or hw on a device, even with loads free software, just adds to the user one more of very many sw, firmware or hw security holes, and therefore does not noticeably increase  user privacy  levels.
Furthermore DRM, can potentially be deployed in a user verifiable and verified way, except in the US where unauthorized verification in illegal.

http://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours

Despite the fact that I spend hundreds of dollars a year and hours of work to host my own email server, Google has about half of my personal email! Last year, Google delivered 57% of the emails in my inbox that I replied to. They have delivered more than a third of all the email I’ve replied to ever year since 2006 and more than half since 2010.

http://mobile.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency

More than half of the Tor Project’s revenue in 2012, or $1.24 million, came from government grants, including an $876,099 award from the Department of Defense, according to financial statements available on the project’s website.

http://mobile.nytimes.com/2012/10/14/books/review/this-machine-kills-secrets-by-andy-greenberg.html?pagewanted=all

Even with regards to the leakers, however, the situation is far more complex than Greenberg lets on. He draws elaborate comparisons between the cases of Bradley Manning and Daniel Ellsberg, arguing that digital technologies have expanded the scale and the speed of leaking and made it easier to cover the tracks. But have we entered a truly new era, in which technology provides a robust infrastructure for leaking — a common techno-­optimistic view advanced in many books about WikiLeaks? Or is the whole Cablegate episode just a blip in the long institutional march toward even greater secrecy — perhaps an instanceof governments and corporations not taking their network security seriously but hardly a guarantee that they won’t adapt in due time?

http://open.salon.com/blog/david_brin/2013/12/04/the_ongoing_privacy_problem_other_voices

In an article, Privacy is Dead; Long Live Transparency, Kevin Drum writes, “I call this the ‘David Brin question,” after the science fiction writer who argued in 1996 that the issue isn’t whether surveillance will become ubiquitous — given technological advances, it will — but how we choose to live with it. Sure, he argued, we may pass laws to protect our privacy, but they’ll do little except ensure that surveillance is hidden ever more deep and is available only to governments and powerful corporations. Instead, Brin suggests, we should all tolerate less privacy, but insist on less of it for everyone. With the exception of a small sphere within our homes, we should accept that our neighbors will know pretty much everything about us and vice versa. And we should demand that all surveillance data be public, with none restricted to governments or data brokers. Give everyone access to the NSA’s records. Give everyone access to all the video cameras that dot our cities. Give everyone access to corporate databases.”

http://mobile.tgcom24.it/politica/2014/notizia/garante-privacy-poca-democrazia-in-rete-giganti-hanno-troppo-potere-_2050307.shtml

The Russian underground market is consolidating the model of sale known as malware-as-a-service, a growing number of illicit products and hacking activities are available for rent. Like every market, also Russian underground has its own specialty, the sale of TDSs and traffic direction and PPI services.

This model allows many more entities to have access to a given vulnerability without the risk of the vulnerability becoming known and therefore potentially fixed in the near term.

https://brendaneich.com/2014/01/trust-but-verify/

" Every major browser today is distributed by an organization within reach of surveillance laws. As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users. We have no information that any browser vendor has ever received such a directive. However, if that were to happen, the public would likely not find out due to gag orders."

Most plausible explanation of what happened with TrueCrypt:https://news.ycombinator.com/item?id=7814725

The whole message on the site makes no sense and I think that’s on purpose. What likely happened is the US gov found the TC authors, then used their weight to try and get them to back door the binaries. Authors didn’t want to, but couldn’t publicize the letters without going to jail, so they made up the most ridiculous story for why they were giving up on the project, the best possible outcome so that they wouldn’t go to jail and wouldn’t subject users to the required back door.

Great comments in Schneier blog:

d. Another line of thought goes like this: If the NSA really really really wants to know WHAT Snowden had access to, and wanted to say, use a tempest solution to grab that information, one way to to that would be to spook someone known to have received those info using psy_ops to persuade that someone to decrypt the entire data from whatever air-gapped machine is on into some other machine. Which is a simply way to suggest that Bruce, Greenwald, et al. ought to review personal security and NOT be spooked into spinning up the NSA archives and trying to migrate that data. Put those laptops under lock and key and don’t use them a few days. Don’t run off an mass migrate those archives just yet.

—

There is a ticket to remove truecrypt from tails dated at the latest May 19th.
https://tails.boum.org/blueprint/replace_truecrypt/
Considering Jacob Applebaum has 1) worked on the Snowden files and 2) is involved in tails and 3) tor and 4) tails seems to have had advanced warning I am putting my hands down that this is connected.

—

bae24d3fff • May 29, 2014 9:06 AM
I just want to mention that this has wiped out the TrueCrypt forum too.
There were hundreds of users at the TC forum (myself included), which contained a goldmine of information, not just about TrueCrypt itself but also crypto and computer security in general.
Many people put in many hours of work in the forum, and it would seem that that repository of knowledge is gone at a stroke.