Flutterby™! : Open Whisper Systems

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Open Whisper Systems

2013-06-07 23:49:33.433269+00 by Dan Lyke 3 comments

The people who seem to be associated with Open Whisper Systems are names that I have good security vibes about, and the fact that their code is open source bodes well.

I have not audited their code.

This doesn't mask the metadata, but does claim to encrypt the contents, on Android phones, available both for voice and data calls.

[ related topics: Free Software Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2013-06-08 11:30:59.516933+00 by: meuon

My real need for security is sharing URL's, configurations and credentials with our customers that should not be public. I've seen Skype poll/troll URL's so that's out, our main company email is gmail based. Sometimes we'll send passwords or keys as a text message, with the rest of the info via email. At least all the infomration is not in the same place.

I'd send encrypted emails, but our customers can barely open a password protected PDF or ZIP file (easily broken), let alone a truly encrypted message (PGP).

As our customers are all in other counttries, my question is: Do we increase our likelihood of being "sniffed" by using encrypted coms, or should we stay lost in the noise of clueless plain text, easily eavesdropped common traffic.

Time to retool for encrypted email and coms anyway, maybe I can call/email the few techncially cluefull people out there. My PGP keys have all expired, hadn't had anyone to talk to with them.

#Comment Re: made: 2013-06-08 17:41:07.693579+00 by: Dan Lyke

Yeah, and initial key exchange is still an issue, though confirming fingerprints via voice should solve some of that.

And the NSA thing isn't (so far) snooping on content as much as that the conversations were had, and where from. Crypto alone doesn't hide that.

#Comment Re: made: 2013-06-08 18:17:06.433445+00 by: meuon [edit history]

Because I'm not doing anything questionable, and I have no shame about the things I do, I don't care that the world knows I was talk to Gustavo and Renata in Brazil, Sandro in Philippines or Cyrille in W. Africa, or even what most of the communications are. But some parts of them are not (or should not be) public. Most of our real "business" gets published in newspapers, board meetings, etc. Most of the technical details and project management are boring at best. Some things should be kept as better secrets. VPN configs, keys, passwords, URL's, interfaces details, capabilities. Obfuscation IS the first step in security. Good encryption is second.

Personally, while I (and Nancy) will publicly share all kinds of personal things, most of the other parties involved aren't quite so public and sometimes the specific subject matter is not something I am willing to share. I want the ability to talk to someone in private, electronically, without that activity (of communicating privately) being illegal and subject to scrutiny.

I fondly remember a shallow blackmail attempt against me at a public meeting in Chattanooga, where my response was "Somewhere on the internet are video's of my dancing naked at Burning Man, do your best..." knowing that was the kind of thing that person found shocking and personal. What I choose to keep personal, stays that way. You should be able to make similar choices with reasonable effort.

End rant..