Read the Ugly Truth About Online Anonymity and then try to guess who’s an affiliate for Armorware, a proprietary computer security software suite?
That’s right. That Mike Ruppert.
I stopped paying attention to Ruppert after his weird statements in the wake of the Gary Webb murder, which came after his association with Pinnacle Quest International. As Ruppert went on to self destruct, I didn’t know what the hell to make of the guy.
I recently started to wonder where he wound up and what he was doing, after all that drama with his office and going off half cocked to Venezuela. I found that link to Ruppert’s Armorware affiliate page on mikeruppert.blogspot.com. When I checked further, his association with Armorware is old news.
I looked over that Armorware thing and I find it absolutely shocking that Ruppert would be involved with selling such a product, especially since so many people in activist and dissident circles listen to him. Users of that software have ABSOLUTELY NO IDEA what it’s actually doing. It’s proprietary. Trust us.
Is this a simple case of total ignorance on Ruppert’s part? Or is there something else to it?
The software seems to be popular with computer amateurs who think that they’re conducting offshore banking transactions in a private manner.
Since the software requires VPN connections to Armorware servers in Canada, for U.S. users, all of these sessions will explicitly be targeted by NSA. That’s not tinfoil. Foreign communications surveillance is the stated purpose of the NSA. The fact that Armorware’s servers could be acting as a massive honeypot is a different matter entirely, but consider that, for a mere $485, a private Canadian company is going to protect you from the NSA? I couldn’t make it up, but Mike Ruppert is trying to sell you on that one.
On this Armorware page, Mike is quoted:
“Government officials, attorneys and high-ranking officials don’t want to be caught sharing information or sensitive documents, which is why journalists need to protect their sources,” says Ruppert. “It’s a matter of safety and is vital to civil liberties and freedom of the press.
My sources also have a concern for privacy because my writings are largely critical of the US government. They have a strong interest in communicating information securely in order to protect themselves and their families from harassment or retribution.”
At best, this thing shouldn’t be used because there’s no way to know what Armorware’s servers are doing with the data associated with your sessions. At worst, this thing could be some kind of intelligence agency cutout that is harvesting EVERYTHING that people are doing when they THINK that their sessions are secure.
How do we know? We don’t. It’s proprietary.
Just how bad COULD this be?
I’m not saying that their software is doing this, but how would I know that they’re not running keylogging routines that capture my passphrases and a few lines of code that transmits my keystrokes and private crypto keys to their servers? Since they are the man-in-the-middle on the “secure” sessions, they would be in a position to capture my encrypted email as well as my surfing history and everything that I do online. Recover my private keys, and, well, this is the worst nightmare scenario I’ve had to think about in a long time.
In other words, since I don’t know what their closed source binaries are doing, they could potentially be doing things that make decrypting what I think are totally private communications a simple, point-and-click matter.
How would I know that this isn’t the case? Because they tell me it’s a “sterile” and “secure” environment?!
Of course, skilled security analysts could conduct packet analysis on what exactly was passing between the client and Armorware’s servers. Even if that turned out to be clean and legit, how would we determine exactly what was happening on Armorware’s servers? The man in the middle has great powers. How well do you trust him?
Users of Armorware are trusting that thing with their lives. That is absolutely frightening.
Major red flag.
38 Responses to “Remember My Warnings About Closed Source Computer Security Products and Services?”
Leave a Reply
You must be logged in to post a comment.