Re: [Tails-dev] Integrate GoldBug - Secure Instant Messenger…

Delete this message

Reply to this message
Author: Daniel Kahn Gillmor
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Integrate GoldBug - Secure Instant Messenger. Secure P2P Instant Messaging
On 07/10/2014 11:14 PM, darkd0@??? wrote:
> Hi Tails Dev team please integrate GoldBug - Secure Instant Messenger.
> Secure P2P Instant Messaging Chat from Friend to Friend without relying
> on a central server.


I have not reviewed GoldBug myself (the only source tarball i could find
in 5 minutes of searching was 57MiB, and it wasn't clear how to check it
out from revision control), and other people have already answered you
about what it would take to get goldbug included in Tails.

But i'd like to point out that the way i learned about GoldBug initially
has left me deeply skeptical of the project. Perhaps this is unfair,
but here it is:

I first learned about GoldBug via a message crossposted to OTR-users [0]
and Gnupg-users [1] and possibly other lists on 2013-07-27 from
"Randolph D." <rdohm321@???>, which asked the question:

>> Does anyone know, if this tool is really secure?


And then forwarded a goldbug press release.

In subsequent discussion [2] it appears that "Randolph D" was actually
somehow involved with the project. It is disingenuous to announce a
project this way. Subsequent discussion had the same user proposing
goldbug as a "solution", again without acknowledging their involvement
in the project, and then actually altering the cited text(!) of another
user in subsequent mailing list discussion.

This kind of disingenuous behavior is not something that makes me warm
to any project, much less a project that needs to be aboveboard and
trust-worthy, as computer security projects need to be.

There are lots of possible charitable explanations for these
communications mistakes, but they don't leave me feeling inclined to put
any time into further investigating the project, or advocating for its
inclusion in Tails.

    --dkg


[0] https://lists.cypherpunks.ca/pipermail/otr-users/2013-July/002232.html
[1] http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047137.html
[2] http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047150.html