MyDataAngel ends KickStarter and then feigns being a victim

We’ve previously covered this campaign in several entries before, but with some level of elation, we’re happy to report that the individuals behind the MyDataAngel /DataGateKeeper KickStarter campaign have cancelled their project just a few hours before it was expected to fail.

However, it appears that they won’t go out without kicking and screaming and have thus issued a rebuttal directed at those of us who tweeted and blogged about them in a manner that was to their displeasure.

“It is not a field of a few acres of ground, but a cause, that we are defending, and whether we defeat the enemy in one battle, or by degrees, the consequences will be the same.” Thomas Paine, 1777

Dear DataGateKeeper Software Backers,

No truer words were ever spoken. As true in 1777, as it is nearly 240 years later.

You are true Data Angels; your foresight in the face of aggressive and salacious attacks from the fringe is a testament to your fortitude and an inspiration to us. You will have your DataGateKeeper. Our resolve to deliver to you the DataGateKeeper Total Data Protection Software™ and SafeDataZone™ has never been greater.

We are finalizing the release of the DataGateKeeper on the Windows platform, and the development and stress testing of the Android and Apple platforms.

We launched our Kickstarter campaign to test both our message and the market. Unfortunately, we did not gain perspective on either issue. A key driver for success on any crowdfunding platform is getting the word out on social media. On this matter, we failed you, as we elected to cancel all of our promotional efforts, nearly immediately. Why?

We felt this action was the most responsible avenue to take once the fringe quasi-InfoSec wannabe community began attacking you, our DataGateKeeper Backers. We have never seen anything like that and likely, no campaign has ever had Backers personally attacked for making a Pledge.

These miscreants did not Pledge for any Rewards, however, they used a loophole, in this platform to disrupt and gain access to you, our Backers, which is reprehensible. The twittidiots and their ilk even attacked our employees and supporters – all anonymously. We apologize to our DataGateKeeper Backers and Team for any offense or verbal attacks you sustained.

In addition, we had several “journalists” contact us to do a “story” for their “readers”. We also elected not to engage them for several reasons; the well had been poisoned, our message had been diluted, and their intentions and loss of objectivity had been made clear by their online social media activity.

During the campaign, we engaged these crypto-crazies in an effort to understand their boggle. As is typical of any engagement with flakes that hide behind anonymity, the 80/20 Rule was in full force. 80% of the twittidiots could not conjugate a response, while 20%, who did not hide behind their twitter account, proved to be helpful, and we had productive conversations. We thank them here.

What Did We Learn?

  • Controlling the message is important, however, controlling the environment for that message is critical. Today we will move to control both the message and the environment. We believe in the first amendment, however not at the expense of decorum, respect for others’ opinion and dignity.
  • Given the plethora of crowdfunding sites available in the market, the Kickstarter platform is likely not the best platform for software, absent a techie gadget connection or video game. Software clearly underperforms on this platform.

What are We Prepared to do for Our DataGateKeeper Software Backers?

  • We are going to complete our DataGateKeeper Total Data Security Software and make it available to you first for the price you Pledged and for the Reward you Backed. We are currently arranging to do this very thing.

DataGateKeeper Backers, you have our private email address, we look forward to continued communications. Please contact your Data Angel Team if you have any further questions.

It’s interesting that they quoted from Thomas Paine’s American Crisis, which is a series of pamphlets meant to encourage American colonists to support a war against Great Britain using deistic preference suggesting that they’ll win against the Crown. In the case of Raymond Talarico and his crew, the request for accountability is the real tyranny, and thus is definitely worth fighting a war against.

As one person put it to me: MyDataAngel believes that they’re the “founding fathers” of truly-secure encryption. If you have a problem with this, then you must hate America. Well, MyDataAngel, I guess that since I am Canadian and thus a subject of the Crown, I really am hellbent on this idea.

Why you actually failed

You waged a fierce and determined campaign against any kind of investigation or scrutiny. You made outrageous claims about your software’s functionality. You refused to answer any of the technical questions asked of you in earnest. You complained bitterly when, in the absence of technical content, we instead analyzed your staff’s backgrounds for plausible competence in the field of information security.  Information security is not a field that has much patience for secrecy, and you’re exactly why.

You claim that 20% of the respondents on Twitter were “helpful”. Of course, this can’t be backed up with data, because you because you’ve gone and made your account private. Fortunately, I am still following you, and can read a random sampling of these tweets–none of them seem to indicate that they were “helpful” at all.  They really are just calling you out on your nonsense.

You complain about the unwashed masses of anonymous “crypto-crazies”, nameless “twittidiots” (shouldn’t it be “twidiots”?), or unspecified members of the “fringe quasi-InfoSec wannabe community” attacking you via social media.  In my case, this is demonstrably untrue; I first wrote about MyDataAngel on my own personal blog, with my full real name in the page header and the URL.  I also wrote to you with my personal e-mail address, as I’ll discuss later.

You, meanwhile, really don’t like being identified. We’ve reached out to a number of your former business partners and none of them returned our e-mails. All we can find are community forum posts from people who work at a single-person company or press releases making wild claims about your product and a supposed partnership with another seemingly single-person company. One is left to wonder why a multi-billion dollar company hasn’t snatched your product up.

After being called out on your claims of “512 KB” encryption strength, you edited them to reflect something more plausible, yet made no attempt to explain why this change was made–going from claiming “512 KB” encryption back to just “512” without mentioning the word “bit”.  This calls into question whether you know what the number 512 is meant to measure, in this context.

There are other reasons to suspect that you don’t know anything about cryptography.  Here’s a tweet where you try to coyly hint at what encryption algorithm you’re using:

mda_crypto

Truly bizarre to suggest that Huffman coding, a 1952 equation (which is almost a half-century before AES was ratified and supposedly “too old” by your standards) is encryption when in fact it’s compression, used as a basis for PKZIP, JPEG, GZIP, and MP3 file formats to name a few.

In a similar vein, before you took down your website, it was providing explanations about cryptography concepts plagiarized from various books and Wikipedia:

page8page7

Whether or not you know what you’re doing with cryptography, you’ve clearly already gone ahead and built the Windows version of your encryption software. A demonstration copy was supposedly made available when it was still known as Centuri Cryptor. We can see in this YouTube video from when it was known as FileWarden that it was already working.

sleuth1

Since you clearly have a functional product already, it’s only natural that I’d want to test it!  As mentioned above, I reached out to you regarding a demonstration of your application. Here’s the e-mail exchange:

From: Colin Keigher
Sent: Friday, May 13, 2016 11:56 AM
To: HackMeIfYouCan@MyDataAngel.com
Subject: Interested in a demo

Hi there,

I’d like a copy of your software to demo and test. Please let me know how I can review this.

Thanks,
Colin

Subject: RE: Interested in a demo
Date: Friday, May 13, 2016 11:59 AM
From: “Hack Me If You Can” <HackMeIfYouCan@MyDataAngel.com>
To: “‘Colin Keigher'”, <HackMeIfYouCan@MyDataAngel.com>

Outstanding.

We respect anonymity so we won’t ask you for any identifying information
about who you are.

Having said that — We have two questions?

1. Would you please tell us a little about yourself.

2. Or recommend someone you think would take on this Challenge. We want to choose someone the community respects and trusts.

Back to all qualified entrants on May 16.

Your Data Angel Team

From: Colin Keigher
Sent: Friday, May 13, 2016 12:14 PM
To: Hack Me If You Can <HackMeIfYouCan@mydataangel.com>
Subject: RE: Interested in a demo

Hi there,

Thanks for getting back to me. I have some follow up questions.

1. What are you looking for here? I am a security engineer who runs his own company.
2. In what sense do you mean “someone the community respects and trusts”? What are your qualifiers?

Thanks,
Colin

Subject: RE: Interested in a demo
Date: Friday, May 13, 2016 1:08 PM
From: “HackMeIfYouCan” <HackMeIfYouCan@MyDataAngel.com>
To: “‘Colin Keigher'”
Copy: “‘Hack Me If You Can'” <HackMeIfYouCan@mydataangel.com>

Hi Colin,

We’ll do our due diligence, and, following, chose those parties whom represents the largest demo vis-a’-vis followers, trust and respect.

We believe this plan is likely the best practice for achieving our goal.

We are open to suggestions as to criteria, and welcome yours and the communities opinion on our selection criteria.

You Data Angel Team

Your last response suggests that you’ll be choosing yourself the parties you “trust” and “respect”. Concealing your encryption algorithm isn’t going to make it any more secure, and really is just going to attract more suspicion. If you want to have some level of credibility, you’re going to have to allow people to test your algorithm without being able to vet them, because you don’t get to vet the real attackers when they’re after your real customers’ data. If you had the confidence in your software that your advertising copy suggests, you’d gladly let me or anyone else publicly test it out with no restrictions beyond not sharing the software with others.

The information security community takes claims like yours seriously, which is why we have been so ardent in criticizing you. Documenting charlatans and bad organizations is a time-worn hobby for this community. You cannot expect to pull a fast one on us, because the tricks you’re attempting to pull are far from new.

We think the real reason why you insist on going for the crowd-funding model is that you know your claims given are nonsense and that nobody well-informed about your product would choose to spend money on it, much less trust it with important secrets. This is why you set the kickstarter goal at a piddly $20,000 USD to fund a team of nine people, and it’s why you would then pad out your total with a few high-dollar-value backers–because it lets you turn to potential investors and claim that there’s consumer interest in your product.

You close off stating that KickStarter was not the place to launch your project and that you’re going to look at other options; we’ll close off by suggesting that you do not.