[liberationtech] issilentcircleopensourceyet.com
Ali-Reza Anghaie
ali at packetknife.com
Tue Nov 6 13:26:50 PST 2012
The full response in the FAQ is: "Yes it is. Silent Phone uses
Device-to-Device encryption technology so that only the users have the keys
exchanged on their device for each call peer-to-peer….the keys are not held
on a server. Silent Phone uses TLS and the ZRTP protocols to encrypt the
packets of the phone call across the internet. Silent Phone uses our secure
Silent Network to facilitate our service and provide for complete security."
Also they have a whole section for what they do and don't -
https://silentcircle.com/web/what-we-do-dont-do/ ..
That's leaps and bounds beyond what most people will ever see or even
attempt to look for elsewhere. Most people click a few times, create
entropy, type in a password, and that's it. End of it.
If they said just "Yes it is" and didn't go through some extra steps (like
even their setup step pointing the end-user to the more usable vs more
secure options) - then I'd be WTF all over the place.
Anyhow - I agree with your last sentiment. Some ecosystems make it much
easier to sleep at night than others. -Ali
On Tue, Nov 6, 2012 at 4:14 PM, Roger Dingledine <arma at mit.edu> wrote:
> On Tue, Nov 06, 2012 at 02:28:36PM -0500, Nadim Kobeissi wrote:
> > I believe that releasing closed-source, unreviewed and centralized crypto
> > software and then marketing it as secure to be malpractice. That is
> simply
> > my point.
>
> I stopped looking at SilentCircle when I was looking through their
> FAQ: https://silentcircle.com/web/faq/
> and clicked on the question "Is Silent Phone secure?" expecting an answer
> like "well, it depends what you mean by secure, but here's what it does
> and doesn't do for you" and instead got the answer "Yes it is."
>
> I'm sure we can have a debate about the relative merits of misleading
> your users for their own good ("if we didn't say that, they'd go use
> an even worse system that does say it"), but it's times like this that
> I'm glad I work for a non-profit that doesn't have to make a business
> tradeoff to decide how much to lie to its users.
>
> --Roger
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121106/8eeccf5d/attachment.html>
More information about the liberationtech
mailing list