Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To use the vernacular, this story doesn't 'scan'.

The comment "It’s an open source encrypted, private alternative to other services such as Facebook chat." and then the comment from an alleged interrogator, “The interrogator (who claimed 22 years of computer experience) asked me which algorithms Cryptocat used and about its censorship resistance.” really set off some bells.

If it's open source, then git/svn/cvs pull a copy of the repo and read the code. No need to interrogate the guy. And second the DHS doesn't have any history of going after folks simply because they write some open source software.

Now could the guy be detained for other reasons? Sure. But this feels more like a troll to generate buzz for his app which seems to be on a few warez sites. My quick look at Github and Sourceforge didn't find it there.



I agree that some elements of the story don't make sense. How many DHS/Immigration employees even know what a cryptographic algorithm is? Did the guy just happen to be sitting around when this guy attempted to cross the border? If the US was up to something, why would they randomly interview a person like this? Why not pull whatever they need to know from their massive surveillance databases - surely that would be more accurate than whatever this guy would say under duress.


If it's open source, then git/svn/cvs pull a copy of the repo and read the code. No need to interrogate the guy.

While I understand what you're saying here, I can't help but think of how many times my co-workers asked me something they could have easily looked up via Google. I can easily extrapolate that to a border guard, especially if there's an added benefit of harassing a guy you don't like.


Oh I definitely get that. I've got a friend whose french daughter is often harassed coming into the US by immigration thinking she is an undercover nanny or something. I have no love whatsoever for the TSA (and the DHS for that matter)

My BS detector was pinging though that they even knew this guy had an open source project. If they were hassling him because of that, they had pre-knowledge of it and would know the answer to that question. If on the other hand they just pulled him out of the line and started giving him the 3rd degree because he 'looked like the type' and then got this 'crypto thing' and then tried to exploit that for some other reason, well that would be more like typical TSA protocol.


Even if they do have this knowledge, and even if they could just as easily find it through Google or some other publicly available mechanism, they are most likely just seeing if you'll incriminate yourself. Why do they ask me what I'm doing when entering a country or where I'm staying when I've already given this information to the airline before boarding the plane?

There's a whole line of reasoning behind their questioning tactics that extends beyond getting to the facts. That's why the best legal advice is simply to not say anything, because they are not in any way shape or form on "a quest for the truth".


interrogators will routinely ask questions to which they already know answers so that they can establish a baseline for "truthfulness" (sort of a human lie detector).

they also need to engage the subject in a conversation and may ask most banal/unrelated questions, as well as keep asking the same question in a different way.

also, http://lmgtfy.com/?q=cryptocat


https://github.com/kaepora/cryptocat

That's the second Google search result for Cryptocat.


Wow, I went back in my browsing history here to figure out what I did and I had typed 'CryptocHat' rather than 'Cryptocat' (guess my eyes/fingers are just installing the H without my approval).


It IS a chat program, so no blame there.


> who claimed 22 years of computer experience

Whatever that means, it could just as well be 22 years including VB, Fortran, C, in areas unrelated to crypto, or for what it's worth, Solitaire and Excel. If he's an old-timer he may not even have heard of version control or that opensource means that code is public for anyone to read.


The interrogator can claim whatever he wants, he may as well have 22 years of computer experience and be absolutely incompetent.

From cryptocat front page: "Messages are encrypted inside your own browser using AES-256"

Link to source on top right: https://project.crypto.cat/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: