Espionage > Espionage 3

Backdoor for Secret Agencies

(1/3) > >>

Rose:
Hello everyone

I think my question will not be answered to a satisfactory degree. Nevertheless the NSA and other secret agencies have sparked through the public media recently. I've been always concerned about my data and secured docs.

Now, let me put it simply: do you have a backdoor in your software? This aint no softball question. Since you are a U.S based company, and I assume you are all American citizens living there, you are obliged to U.S laws. Thus you may provide the government either a direct or indirect access.

The whole concept of encryption with Espionage will be nullified, if the government is able or capable to simply use a switch, to have an insight into our encrypted folders. No decryption is required, just an easy path for agencies. This would make literally, absolute no sense in encrypting anything with your software.
As many people already noted, I am as well, very disappointed how Espionage scrapped the full application encryption like we got with E2. The transition, that's how I would call it ^^, was very fishy to me- speaking of Espionage V2 to V3. Even though your official statement might be valid, I still feel a bit unwell in my belly.

Officially key points have been revealed already. Everything that goes to the US is under direct surveillance. If that's not enough entire Emails and traffic of Non-Americans are also under the all seeing eye.
We all have it through: Google, Microsoft, Facebook and what not. All major U.S companies are subjected by LAW to either provide data or access. Lavabit's gone, because the founder did not want to kill the privacy of his users. He simply refused to cooperate and decided to better shut down the servers.

I wonder if there is any clue or piece of information to guarantee us transparency. Can you shed any light to this matter, please?

Thank you



 

greg:
Thanks for the questions Rose!


--- Quote from: Rose on August 16, 2013, 10:31:23 PM ---I think my question will not be answered to a satisfactory degree. Nevertheless the NSA and other secret agencies have sparked through the public media recently. I've been always concerned about my data and secured docs.

Now, let me put it simply: do you have a backdoor in your software? This aint no softball question. Since you are a U.S based company, and I assume you are all American citizens living there, you are obliged to U.S laws. Thus you may provide the government either a direct or indirect access.
--- End quote ---

Our code for Espionage has exactly zero backdoors in it. The actual encryption of data is handled by Apple's encrypted disk images, to which we do not have the source code to.

The security of Apple's disk images was tested by security researchers Jacob Appelbaum and Ralf-Philipp Weinmann in 2006.

They were not able to find any serious problems with the encryption and created a tool to brute force the password. Espionage 3 generates these passwords for you on your behalf, so you don't have to worry about that. They aren't easy to bruteforce because they use a secure random number generator (arc4random_uniform) and are very long. Here's what they look like: h*R&mZtN-9wolWQ^E8W!Odi|m5A4N#tXhJ.


--- Quote ---The whole concept of encryption with Espionage will be nullified, if the government is able or capable to simply use a switch, to have an insight into our encrypted folders. No decryption is required, just an easy path for agencies. This would make literally, absolute no sense in encrypting anything with your software.
--- End quote ---

Of course, no argument there. I wouldn't use it either if that were the case. :P


--- Quote ---As many people already noted, I am as well, very disappointed how Espionage scrapped the full application encryption like we got with E2.
--- End quote ---

We did our best to address this issue without resorting to the use of a kernel extension when we released Espionage 3.5. Now the difference between version 2 and version 3, to open an encrypted app, is just an extra click in version 3.


--- Quote ---The transition, that's how I would call it ^^, was very fishy to me- speaking of Espionage V2 to V3. Even though your official statement might be valid, I still feel a bit unwell in my belly.
--- End quote ---

Does it help to know that Espionage 3 is way more secure than Espionage 2? :) It doesn't rely on OS X's keychain (which uses 3DES) and it protects your disk image passwords with scrypt. Espionage 3 also sports plausible deniability features that no other encryption app on OS X does. Say you're forced to give up your master password either by a gun pointed at your head. Espionage 2 wouldn't protect you there, but version 3 does (if you took the time to make use of its plausible deniability features before someone put a gun to your head).


--- Quote ---Officially key points have been revealed already. Everything that goes to the US is under direct surveillance. If that's not enough entire Emails and traffic of Non-Americans are also under the all seeing eye.
We all have it through: Google, Microsoft, Facebook and what not. All major U.S companies are subjected by LAW to either provide data or access. Lavabit's gone, because the founder did not want to kill the privacy of his users. He simply refused to cooperate and decided to better shut down the servers.
--- End quote ---

We strongly recommend using GPGTools to keep your email encrypted as you send it over the internet, and combine it with Espionage 3 to protect your email locally on your machine, should it get into the wrong hands.

Does that help? If you have any other questions please let us know!

Rose:
Thank you very much for your quick response!  ;D

I'm glad to hear from you guys. One last question: when will you release the next update?

zsolt:
Hello Rose, is there anything you would expect in next release of Espionage or why are you asking about the next release?

Rgds
Zsolt

Rose:
Hello zsolt,

I was just wondering what we could expect in the next version. Furthermore I think you might want to redo your usability. I've been reading through the forums and most of the users, even intermediate ones, have problems using it.

Maybe you could re-introduce app-templates again, similar to version 2
Make it more accessible and quicker to encrypt apps

Regards

Navigation

[0] Message Index

[#] Next page

Go to full version