Well this one’s rather eponysterical, isn’t it! Thanks for this; lots of bus commute reading to queue up.
posted by eirias at 2:26 PM on March 5, 2019 [3 favorites]

Reply All podcast about La Roux:
https://www.gimletmedia.com/reply-all/the-founder
posted by team lowkey at 2:35 PM on March 5, 2019 [13 favorites]

I guess a life of never being able to go outside (or near a window) without fear is better than a life in prison, but probably not by much. Enjoy looking over your shoulder forever bro.
posted by East14thTaco at 3:25 PM on March 5, 2019 [1 favorite]

I wonder if this means True Crypt has some secret backdoor way in for this guy to get at anything he wants.
posted by GoblinHoney at 3:36 PM on March 5, 2019 [2 favorites]

I wonder if this means True Crypt has some secret backdoor way in for this guy to get at anything he wants.

It’s there to give the government anything it wants.
posted by overeducated_alligator at 4:09 PM on March 5, 2019 [3 favorites]

Metafilter's own Paul Ford and Rich Ziade interview Evan Ratliff on the Postlight podcast Track Changes.
posted by Jahaza at 4:15 PM on March 5, 2019 [2 favorites]

Yeah there’s literally no way TrueCrypt isn’t a honeypot, right?
posted by schadenfrau at 4:18 PM on March 5, 2019 [2 favorites]

I recall wondering what the urgent deal was when TrueCrypt suddenly ended all support. I still am not sure, but yeah it sure makes me feel insecure about the TrueCrypt volumes (then VeraCrypt) volumes I used for work for a long time.
posted by abulafa at 4:29 PM on March 5, 2019 [1 favorite]

Pretty much everyone moved over to VeraCrypt.
posted by Foci for Analysis at 5:01 PM on March 5, 2019 [1 favorite]

It is getting harder and harder to Pollyanna anymore. This guy almost makes the Donald look mainstream. Duterte didn't look hard enough for this one. It is fascinating the brass on this fellow, it makes the film noir industry believable. And no one was watching him, just his investors. The profit figures seem low...
posted by Oyéah at 5:13 PM on March 5, 2019

Wasn't TrueCrypt open source? It's certainly possible for an open-source encryption project to have an obfuscated back door, but it can't be easy to make one that stands up to the pressure of so many motivated eyeballs.
posted by Joe in Australia at 6:19 PM on March 5, 2019 [1 favorite]

Reading this right now!
posted by jcruelty at 7:31 PM on March 5, 2019

TrueCrypt was "source available" for review, but hard to get and compile, instrument, and otherwise bulletproof. Things like libssl exploits, heartbleed, and others show that open source is far from immune to either error or malicious intent but TrueCrypt didn't even fall into that category.
posted by abulafa at 7:42 PM on March 5, 2019

The source for TrueCrypt was public, which is why there are forks now. I'm not sure that most people using it were compiling it from source themselves, though. And there have been vulnerabilities that went undetected in open source software for some time. On the other hand there was at least one audit of TrueCrypt that didn't turn up anything.
posted by atoxyl at 7:59 PM on March 5, 2019 [1 favorite]

Every program contains at least one unnecessary line of code and a bug. (So, by induction, every program can be reduced to a single line of code with a bug in it.)
posted by kaibutsu at 8:46 PM on March 5, 2019 [4 favorites]

Surely you mean that any program can be reduced to zero lines, but nevertheless it will somehow still be buggy, which means that bugs are actually the default state of the universe.

Idea: Infinitely-recursive compression by gradual elimination of text that has been represented as program statements and error codes, BRB.
posted by Joe in Australia at 9:14 PM on March 5, 2019

Moments ago I was reading a discussion about Apple encryption and of course someone said "why don't you use Veracrypt?" and I thought, like I always do, what makes people trust random software from the internet more than from big companies?
posted by bongo_x at 12:09 AM on March 6, 2019 [2 favorites]

People's distrust of big companies?
posted by Dysk at 3:09 AM on March 6, 2019 [3 favorites]

TrueCrypt was indeed audited by reputable security researchers. They found some issues (no backdoors) which have been addressed in VeraCrypt. You could do worse.

Really, if you're a criminal working on an encryption project to protect yourself, you want it to be as good and widely-available as possible, so that it doesn't look incriminating when somebody finds it on your laptop. Possession of, say, Al Qaeda's home-grown security junk is practically a confession.
posted by zjacreman at 5:35 AM on March 6, 2019 [5 favorites]

This post is a lot bigger than the (fascinating!) TrueCrypt corner, but I want to point out that exactly this hand-wringing over the provenance and security of TrueCrypt played out on MeFi before, when the cancellation announcement was made a few years ago.

There's no particular reason to suspect, even now, that circa-2012 TrueCrypt is insecure. But VeraCrypt is actively maintained, is cross-platform, and is compatible with TrueCrypt's encrypted volume format, so that's nice.
posted by Western Infidels at 6:20 AM on March 6, 2019 [4 favorites]

Really, if you're a criminal working on an encryption project to protect yourself, you want it to be as good and widely-available as possible

this is true - see also arguments about why the State Department funds Tor - but I think people are more asking about whether Le Roux could have been forced to include a backdoor after he started cooperating with authorities
posted by atoxyl at 1:05 PM on March 6, 2019