[liberationtech] Crowd steps up to fund 'NSA-proof' app

Brian Conley brianc at smallworldnews.tv
Thu Jul 11 23:54:19 PDT 2013 

+1
On Jul 11, 2013 11:48 PM, "Douglas Lucas" <dal at riseup.net> wrote:

> I can't wait until S̶i̶l̶e̶n̶t̶ ̶C̶i̶r̶c̶l̶e̶ Heml.is is open source!
>
> On 07/12/2013 01:29 AM, phryk wrote:
> > On Thu, 11 Jul 2013 23:09:04 -0700
> > Brian Conley <brianc at smallworldnews.tv> wrote:
> >
> >> If it's not open source we aren't trusting it, so wait and see.
> >
> > My thought exactly. The companies involved in PRISM denied giving the
> > feds access to their data, so why won't some guys I've never even heard
> > of before not do the same?
> >
> > They answer the question if it will be open source on their Blog[1] like
> > this:
> >
> >> We have all intentions of opening up the source as much as possible
> >> for scrutiny and help! What we really want people to understand
> >> however, is that Open Source in itself does not guarantee any privacy
> >> or safety. It sure helps with transparency, but technology by itself
> >> is not enough. The fundamental benefits of Heml.is will be the app
> >> together with our backend infrastructure, which is what really makes
> >> the system interesting and secure.
> >
> > From this I imply 2 things:
> >       - It's not going to be completely open source (bleh!)
> >       - It's not p2p since they have some sort of "backend
> >         infrastructure" (bleh, too!)
> >
> > They also intend to publish the app with a freemium model, something
> > for which I don't really see the need after collecting over 100k$
> > (currently 134,347).
> >
> > Then they come up with some pretty unbelievable claims before the
> > product is even out. Like
> > "Developing the most secure, fun and sexy messenger IN THE UNIVERSE!"
> >
> > They also directly say that you won't be able to run your own server,
> > something which I *always* dislike. Oh, and messages will be stored on
> > their server until delivery, so we already know where the feds will
> > want to listen.
> >
> > The Aljazeera post also hails it as "the first secure mobile messaging
> > system.". Did I miss something there? What about XMPP+OTR? What about
> > Whispers' TextSecure?
> >
> > All in all, this is not something that seems trustworthy to me, and I
> > don't even know anything of use on crypto. My personal evaluation is
> > that donating to other open source crypto solutions would be much more
> > efficient and useful. At best, sponsor many different projects so that
> > when one project is (temporarily) compromised by an 0day or something
> > like that you still have alternatives. With heml.is even the
> > compromisation of one server would completely break it. Once
> > their infrastructure is compromised, the communication of ALL its'
> > users is compromised. This wouldn't even have to do anything with
> > heml.is' security itself but could just be a software update where the
> > default of one small option was changed…
> >
> >
> > Just my 2cents,
> >
> >       phryk
> >
> >
> > [1]
> >
> http://hemlismessenger.wordpress.com/2013/07/10/first-bunch-of-questions-from-our-funders-answered/
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130711/91851188/attachment.html>

More information about the liberationtech mailing list