No intentional backdoors in our products
(Originally from https://e14n.com/evan/note/6TeLvhQPTHu7BQwhoTvZOA
In his "NSA Surveillance: A Guide to Staying Secure", Bruce Schneier describes how NSA and other agencies get access to data:
> Basically, the NSA asks companies to subtly change their products in
> undetectable ways: making the random number generator less
> random, leaking the key somehow, adding a common exponent to a
> public-key exchange protocol, and so on. If the back door is
> discovered, it's explained away as a mistake.
I'd like to state publicly that while we have had security issues in StatusNet and pump.io
in the past, we have never intentionally introduced security errors into any of our software for any reason, including to make government surveillance easier.
When we have received information from researchers, we've done prompt public disclosure including rapid release of a patch, usually in less than 24 hours. We have not left security issues unreported or unfixed for any reason, including to make government surveillance easier.
I'm happy to answer any questions about this in public or via email at email@example.com.