TeamSec: cryptostorm's approach to team & project security

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!

TeamSec: cryptostorm's approach to team & project security

Post by cryptostorm_team » Tue Dec 02, 2014 1:57 pm

{direct link:}

Since early in cryptostorm's history, we've had a policy of neither confirming nor denying the identity of members of our core team. This policy, published on our main site, includes the following section:
No comment will be offered with respect to the individual members of the cryptostorm team, neither to confirm membership nor to deny assumptions of membership. We ask that members of the media respect our request to attribute comments either to given pseudonyms, or simply to "cryptostorm" when quoting our work.

We have nothing to hide, and yet must hide ourselves due to the work we do in providing structurally anonymous network privacy service. This is the world in which we live. It is a damned shame - not even Orwell himself foresaw such necessary circumlocutions. As a team, we genuinely look forward to a future in which such decisions are no longer necessary.
From time to time, questions arise in public discussions about cryptostorm and connections are made - or suggested - to individuals in various capacities. We rarely comment directly on such matters, instead referencing the "about us" page linked to above. This policy pays real dividends in terms of improved project security and resilience against common, effective attacks on organizations and teams. It also leaves us open to criticism - some legitimate, some less so - via inference.

Our policy of refusing to deny team membership if questioned isn't mere stubbornness. In fact, if we were to offer such official denials, someone seeking to confirm team identities would simply have to keep asking if people were on our team until we refused to answer; such a refusal, rather than a reply of "not a team member," would be informationally equivalent to answering "yes" affirmatively. Which would, course, break our policy and security model.

Apart from core team membership, a wide range of individuals have contributed to cryptostorm's development - some to a great degree, some in small parts. All has been constructive, and without this deep community support our project wouldn't be where it is today. Beyond that, we seek technical inspiration, operational best practices, and specific tactical knowledge across a vast range of institutions, people, and ideologies. We consider this to be crucial in creating and expanding secure tools that are robust, flexible, and durable.

When it comes to such "project contributors," we have never exercised an ideological or political "litmus test" on them prior to accepting their contributions - if such contributions prove useful, clean, and effective. It's not clear how we would go about implementing such a test were that our goal; many of these one-step-removed contributors are known to us only as nicknames, bitmessage addresses, or other identity-decoupled markers. We simply aren't in the business of vetting the non-relevant elements of project contributors.

This, also, is different from conventional practice, and opens us up to criticism in a guilt-by-association model: because we don't deny accepting tactical assistance from one or another people, it's inferred that we must have accepted. Further, if we did in fact accept some limited assistance, an ideological link is then inferred. We do not feel this reflects accurately the way our project has progressed through its early phases, nor how it operates today.

- - -

As a team, we've drafted this note to clarify the items discussed above. We'd also like to say something a little bit more personal, and direct: this project attracts and inspires a vast range people - some of this is visible publicly, in our twitter feed or here on the forum. Much isn't visible, and comes to us in channels across the spectrum. Some of these interactions are mystifying, some deeply enlightening, some fascinating, and some terrifying. In sum, cryptostorm is vastly stronger for our willingness to accept these contributions, value-agnostic, as they present themselves to us. It's not always easy, but overall it's good.

We understand that some people who make such contributions are going to have political enemies, ideological opponents, and all manner of adversaries. It is in the nature of "interesting" people to carry such baggage; that's what we see. We generally refer to ourselves as "Switzerland" in such matters - we're neutral, we do not take sides in choosing who to "allow" to provide assistance to the project. Despite that, we do find ourselves pulled into these conflicts occasionally, and it's always disappointing to see that our neutrality - itself deeply rooted in who we are, as a team - can so easily be ignored.

We have a simple request for people involved in all "sides" of such conflagrations: if you have problems with each other, take up those problems directly with each other! This isn't so much to ask, is it? Targeting us because of our "associations" (and you'd likely be amused at how many directly-contradictory "associations" are assumed about us - with each side of some conflicts sure that we are aligned, improbably, with their "enemy") is neither helpful in such conflicts - we just take the fire and carry on - nor does it do a service to the world at large. It's wasted time and effort, misdirected and misconceived.

On a regular basis, this project sees a huge range of odd, eccentric, interesting, complex, maddening, scary, and occasionally execrable people float by, ask us questions, make use of our educational resources, or "recommend" us to colleagues or the world at large. They span the gamut from black-block anarchists to staunch political conservatives, from radical students through wealthy tech industry oligarchs, and from anti-establishment street activists through associates of "no-initial" governmental black-budget agencies that don't print business cards. And everything in between. Some are public and visible for one reason or another - they leave breadcrumbs, perhaps by accident or perhaps as part of some larger "great game" of which we're totally unaware. Some (many, in fact) come and go without a trace being left. Except our memories.

(we'd point out that anyone - literally anyone - can make a public connection to "cryptostorm" if they want, and there's nothing we could do to stop that if we tried; some such connections might reflect real facts, some might be pure fantasy... some might be intentional disinformation designed to draw down attackers on our project)

Yes, you can attack us because of these associations - real or imagined, current or past, substantive or ephemeral, hesitant or enthusiastic. But please think twice about this. It might feel good to take your anger or frustration out on us, as a team and a project: we're publicly visible here, we generally interact with the community, we're not in hiding. That's really not fair, doubly so if the target is easy to see and confront directly if you so choose. Why attack us, in that case? It just doesn't make sense, even after years of such things happening in a huge range of circumstances.

We offer data security tools to anyone who chooses to use them. Culturally, it is ingrained in us to avoid "playing sides" - even if personally we do choose one side or another. We'd be a piss-poor security tool if we selectively chose who could make use of what we do; that would prove we're not "content agnostic" and trusting us would make no sense. We don't do that; we haven't for all the years we've worked on this as a team, and we're not going to start now.

It's a rough world out there, we see it every day just like everyone else. Sometimes we get kicked around because we won't "fight back" and we are averse to handing out team or contributor information (as explained above). For those who engage in such activities, we'd ask only one question: why? Why are we a legitimate target, when our job involves standing aside from these things and neutrally enabling secure communications?

There's so much hate in the world, everywhere. We try hard not to be part of that. That might make us look like an easy target for those who want to hurt someone. If you have to do that, we really can't stop you. But we can - and do - ask you to consider whether it's the right thing to do.

Thank you,