Articles tagged "lafs"

Least Authority Performs Security Audit For SpiderOak

Our mission at LeastAuthority is to bring verifiable end-to-end security to everyone.

As part of that mission, in addition to operating the S4 simple secure storage service, we also run a security consulting business. We LeastAuthoritarians have extensive experience in security and cryptography, and other companies pay us to analyze the security of their protocols and software.

Almost all of our consulting clients are making Free and Open Source software which protects user freedoms and works against censorship. It is wonderful that in this day and age we can get paid to work on software in the public interest.

One of our clients is SpiderOak, a company who, like LeastAuthority, sells cloud storage with end-to-end encryption. They didn't hire us to evaluate the security of their current storage product (that would be a big job!), but instead to do a limited, two-week long, security audit of their new framework.

It was a fun project because we got to learn some of the details of the design and implementation. We came away with a favorable impression of the professionalism and good engineering practices of the SpiderOak team. is all Free and Open Source software, and it is designed for real, end-to-end security, which is part of why we wanted to take the job.

Today SpiderOak has published the security auditing report. We'd like to thank them for producing, subjecting it to this kind of independent review, and publishing the complete results. That's the right way to do things!

The next security audit that we performed, was for the Cryptocat secure chat app. We expect the report from that to also be published soon. Stay tuned!

LAFS Summit Next Week in San Francisco: Nov 11-13

The next LAFS summit starts next Monday, November 11!

  • Monday 11-Nov-2013 (afternoon only)
  • Tuesday 12-Nov 2013 (all day)
  • Wednesday 13-Nov-2013 (all day)

Where: The Mozilla SF Office, 2 Harrison (at Embarcadero)

Who: at least Brian and Daira, plus everyone else who can make it

We'll have drinks and snacks, wifi, and an online videochat going too. We'll also grab dinner together nearby each night. No RSVP needed; we hope you can join us!

LAFS Featured on EFF Tech Blog

The Electronic Frontier Foundation's tech blog has some lovely things to say about LAFS at S4. Snippet:

Tahoe's protections against third-party snooping and deletion have the kind of strong mathematical guarantees that reassure security experts that Tahoe-LAFS is well-defended against certain kinds of attack. That also means its privacy and resilience are not dependent on the good behaviour or policies of its operators

Read the full blog post for more details.

S4 on

Yesterday featured S4 and LAFS in an article on secure, distributed cloud storage. We had a bit of a quibble with the article's first line, though:

Looking for a solution to give you an edge in the ongoing struggle between you and the authorities over the privacy of your data?

It's important to us to note that S4 and LAFS are not only meant to thwart mass government surveillance. We seek to protect against access by the unauthorized, not merely "the authorities". That means individual crackers, criminal organizations, corporate rivals, or non-PRISM-affiliated foreign governments just as much as the NSA! Least Authority is pro-security across the board.

There is no way that one could build an effective anti-government security system without excluding those other threats as well. Similarly, if law enforcement is authorized to see the data, then hackers also can see the data.

Page 1 / 1