This a response to "Yes They Can! ..." (a comment on ) by J.S. Shaari et al. . We show that the claims in the comment do not hold up and that all the conclusions obtained in  are correct. In particular, the two considered kinds of two-way communication protocols (ping-pong and LM05) under a quantum-man-in-the-middle (QMM) attack have neither a critical disturbance (D), nor a valid privacy amplification (PA) procedure, nor an unconditional security proof. However, we point out that there is another two-way protocol which does have a critical D and a valid PA and which is resistant to a QMM attack.