Link

TrueCrypt warrant canary confirmed?

Looking at the sudden new content on the TrueCrypt site, the most plausible explanation for me was that it was an attempt to tip people off that they had been tracked down and sent a National Security Letter, without actually breaking the law. Why else would they advocate using Apple’s disk encryption with no encryption selected? Why else would they advocate use of software from Microsoft, who we know cannot be trusted? It smelled like a warrant canary.

Now it seems that may be confirmed:


Update

Bruce Schneier doesn’t know what’s going on either, and there are some interesting comments on his posting.

silence it up immediately
Creative Commons License Letsdance Tonightaway via Compfight

26 thoughts on “TrueCrypt warrant canary confirmed?

    • vkakkie says:

      @vkaku: The truecrypt team sent out a LOT of different warrent canaries. The files at sourceforge are one of them. The encryption functions have been removed, decryption is still intact.

      DO NOT use version 7.2, grab version 7.1a somewhere else instead. (And check it’s signatures!)

  1. Paul Revere says:

    If an NSL is the reason someone needs to step-up and blow the lid off this unconstitutional activity by the Government. If nobody stands up to a corrupt government you deserve the Hell on Earth about to be unleashed upon the populace by your own apathy.

    • Seegal Galguntijak says:

      Unfortunately, Paul, they can (and likely will) be prosecuted if they blew the lid off it, although it would morally be the right thing to do. Still, if they chose not to suffer this kind of abuse, anyone should understand. What they did was the best thing they could do under these circumstances.

    • Dear Paul Revere: Then YOU get a NSL, YOU fight it, YOU go to jail or get droned. We’re talking multi-year prison sentences for nothing. One cannot expect others to go to jail, Truecrypt did the best for us and themselves: blow the whole shit up.

      • John says:

        I would go to jail for it. Willingly and happily. This is wrong, it is not what our country is supposed to represent, is not what our country is supposed to do. Those who give up liberty for security deserve neither.

        • rewolff says:

          So, john, you’re willing to give up your liberty to be with your friends and family for the greater good of “liberty”.
          It is a choice. One liberty or the other.
          I respect the liberty, freedom-of-choice of others. Apparently they chose for “friends and family” and not for “going to jail for putting up a fight”. That is a liberty they have and which you should respect.

          You know. It’s open source. How about YOU step up as project maintainer, rewind the latest changes, and see what happens? You WILL go to jail for it, after an unfair trial. (they have more/better lawyers, and can claim “National security” as their trump-card). Then what?

          You put up a fight, but accomplished nothing. In a way, making a fuss like might be the best way to attract attention, and cause a change.

        • Christopher says:

          The quote you’re looking for, John, is “They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”, spoken by Benjamin Franklin. It serves to use the quote as stated, since it provides a bit more depth and texture to the conversation. Personally, I decry the use of closed courts as a violation of due process, but there is context within the phrase ‘temporary safety’ that bears examination.

          All of the rules which govern society are limitations on our natural freedoms, designed to empower it constituency to live and prosper. The question becomes ‘What are essential freedoms, and how do you classify temporary security?’ Part of the social contract of a society is to forego some of those natural freedoms in exchange for security. For example, in a lawless society, we would be free to steal, kill, or gasp walk on the grass in violation of a ‘please keep off the grass’ sign, with impunity. We accept the limitation of those freedoms in exchange for the right to be secure in our body and property (and horticulture). So the function of this debate should be to frame the concepts of essential liberty, and temporary security.

          This is not simply an academic argument, however. This is a process by which our country evolves. We must be constantly testing the limits of our constitution, though our action and through our speech. We must hold accountable those that would limit our essential freedoms by speaking with our votes. Democracy is not an easy ride; you need to fight for those freedoms and those rights which in which you believe, and you must be prepared to back up your ideas with cogent, logical arguments, against a sea of apathy. Convince those around you to take up arms (verbal, please) against your elected officials. Stem the tide of ignorance and apathy with every speech you make, and work to bring exposure and involvement to those causes you fight for. Once you’ve done all that, remember, the bureaucracy of our nation is second to none. Even with mass appeal, it will take an eternity to effect the changes you seek.

          Regards,

  2. Cellar says:

    So if you want to provide useful stuff to the world with crypto-anything in it, you can neither be in the USA nor be a citizen of same country. Well, government really, but as long as nobody stands up to this government it really doesn’t make a whit of difference.

  3. Sasparilla says:

    Source code for 7.1a (which was open) along with build instructions here:

    https://github.com/FreeApophis/TrueCrypt

    Might not be bad for folks who can, to download it (from wherever you are) just for future security use – as if the NSA is involved they obviously just wanted to exterminate it.

  4. 13sins says:

    Can’t they move development offshore, preferably to a country that has been affected by US foreign policy (lots) or bombed to the ground by the US (Africa, Middle-East and Asia). Or maybe just Switzerland, they are known to be neutral and don’t give a shit about NSLs. But you need to avoid UK because they rubber stamp deportation orders as soon as they get one from the US.

  5. M.Bak says:

    I’m not sure it’s that simple. I think that there may already be an exploit which the NSA uses, and that TrueCrypt got served with an NSL just so they wouldn’t patch it. Hence the warning that is insecure.

    The most important things to do are (1) continue the TrueCrypt integrity check (is that by a U.S. based firm? They might get NSL’ed too if they are!) and (2) support the swiss folks who have started setting up a fork.

  6. I realized that they removed the encryption portion much later, by seeing the diffs and the size of the 7.2 distro. But, as of now, I have the entire Git repo from FreeApophis to compare with the 7.2 diffs as well. What matters now is to mirror/fork into as many geographical copies as possible.

  7. ryan says:

    And who is “Alyssa Rowan” and why are they in a position to “confirm” this?

  8. xu says:

    Hey there. Imho thinking of Switzerland as a trustworthy environment is not a good idea. In Germany they even talk about the swiss security issues on public tv. Seems like the NSA left some of the “problems” to the BND. For nsaproof software develepmont i maybe would trust Russia or China;-(

  9. Mats Svensson says:

    Couldn’t it just be hosted outside [N|U]SA ?

    Like, for example, here in Sweden?
    You know; land of the free?

    • Alan says:

      Unless you’re publishing torrents. Or publishing leaked documents the US doesn’t like.

  10. I wouldn’t dismiss the possibility of a case of “developer burnout”.

    The iSec audit implied that TC was the work of a single coder. Add the lack op updates over a -what was it?- 2 year period of time and the rumors that the team of anonymous coders was in reality just one single guy seem plausible.

    There’s a lot of reasons why a single guy running a time intensive project like TC could decide to give up; medical issues, other interests (including settling down and starting a family), busy job (one that pays the bills unlike TC),…

    That being said, the way the project as shutdown, does seem unusual to say the very least.

  11. ediblesound says:

    incidentally and naturally apathy ( and inaction or unrelated /ineffective
    action) accomplishes nothing towards OR against the result supposed to be
    the object of such apathy; further more, does apathy necessarily require an
    object of focus? Can apathy merely be the exhibition of diffused vectors
    of emotion, motivation and the consequential factor of directed action? A
    feeble and aimless clarity-lacking meander of various low-intention action?

    A nuisance of negligence potentially affecting others, but I can hardly
    trace the damages of a general hell to the negligent nuisance of who may
    for a variety of reasons drift in apathy I assign as being [towards]
    something I’ve also specified, literally WITHOUT necessarily the
    concurring opinion of they I see as apathetic!

    I see it that in the 300 years of advance and decline, People naturally
    generally continue on the course of greatest practicality: based on the
    variety of formative information including impression and belief and bias
    and opinion—and this is the product of the associated inertial and
    momentive effects there from the actual propensitive reaction and
    determinative willfullness and culminat
    ​ed
    intent that all the variety of the effective propensity balances /cancels
    out to the net course of!

    Maybe I say this because I do not believe the only effective instigation
    and inspiration of people together as systems to be acute shock severity
    displacing comfort bubbles in an extreme (Even painful) way; moreso even,
    rapid shocks or insidious encroachments to the discomfortable increasing-
    these I think readily, viewed historically for most but few special cases
    having extra special other characteristics of greater consequentiality, merely present unenduring spikes of various reaction of low related-organization with respect to such acute societal (··…personal, fluid, particulate— across thescales of organized intelligence… ) and there is little constructive lasting
    change from such extremes.

    I think it is clearly the moderate, temperate, exercis-ive sharp small
    shock, rapid distinctive stable responsive
    ​as
    a
    ​ ​
    climitazation
    ​ ​
    thereto, in a stepped flexing capacitation slinking slurging breathing
    tidelike incremental pushing and strengthening wave pump action that by far
    predominately could be associated with or thought to be correlative and
    sustainitive and reinforcing of the most major (non annihilistic)
    significant change.

    *

    ~=\=~​​

    *

    ‧・‧•‧•‧・‧

    Perhaps it may be worthwhile for any at any time encountering this in whole
    or any intelligible part to consider the possibility, even the very
    likelihood that:

    Content from this address does not necessarily constitute or consist of
    anything actionable; and the expressions which may be conveyed by the content
    from this address do not necessarily represent the views of anyone
    identifiable and most likely are from another point in time and therefore
    are limited to a possibly but not necessarily continuing instance of
    likeness to the continuing instance of expressing possibly expressed in
    this particular content.

  12. ediblesound says:

    Also I was thinking that generally, this snoden ordeal really strikes humanity in a magna carta precipitous sort of way, the considerations of such a level of magnanimous importance, eh?

    Also- the beauty of open source criticality represents to me a most natural exhibition of the principle beneath and driving the idea I have of the magna carta: and there’s a level of politics and reality here and an emergence of response thereof that is “patently” striking to me here observing the scruffle of development and evolution in thought and action here around these events and considerations.

    Over all- mankind at these moments amazes me- and I think at this stage of the integration of such fantastic technological capacity, with social and individual application, we are at a key point like that of the magna carta roughly, prior to and thereafter… just as a quick thought, perhaps there are better analogies, but the point is of the criticality of the moment at least as viewed at large by the public.

    Perhaps more critical were the moments and decisions made over the last thirty or so years about the underlying mechanics: how computers are designed and how the internet is designed.

    And the bulk adaptation built upon those systems, and we have so much “trust” built in to so much work and decision made by others; it’s a fascinating topic and generally I suppose I can suggest people familiarize themselves with the concepts of negative law, and the natural law, and proceed accordingly to such considerations, for it is upon such which we build the world we I assume seek to enjoy…

  13. bobcov says:

    I think you should praise and respect the man for being willing to fall on a grenade for something he believes in. Too many of us in this country value comfort and convenience over all else, which is why we are in the position we’re in and why it will only get worse.

Comments are closed.