dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
846

goalieskates
Premium Member
join:2004-09-12
land of big

2 recommendations

goalieskates

Premium Member

The Threat of Silence

Slate
quote:
Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds.

Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button.
Thoughts?

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Providing he doesn't supply any backdoors to the 3 letter boys, I imagine this will indeed freak them out. That'll keep the crypto folks busy for a long while.

That is, if they don't make it illegal, or find a way to block those packet transmissions...
Expand your moderator at work

Wildcatboy
Invisible
Mod
join:2000-10-30
Toronto, ON

1 edit

1 recommendation

Wildcatboy to goalieskates

Mod

to goalieskates

Re: The Threat of Silence


Well, a bit pricey but since Phil Zimmermann is behind it, I'm pretty sure there won't be a backdoor and I have a feeling at some point some free product might come out of this project.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to goalieskates

Premium Member

to goalieskates
Frankly, I wish ALL traffic on the Internet moved in such a way... securely encrypted from all eyes except the sender and receiver, at all times. True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve

said by Blackbird:

True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.

How would you propose, even in broad strokes, for this to happen?

Encryption is trivial, it's key management that's the hard part.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to Wildcatboy

MVM

to Wildcatboy
said by Wildcatboy:

Well, a bit pricey.

It has to be. They need to have a team of lawyers on retainer to deal with the governments of the world. I personally think $20 a month is a bit steep, but if it catches on I'm sure the price will come down.

Just wait until the government spins starts. Encryption is evil, they are for terrorists and child porn. Law enforcement can't do their job without being able to read all of your e-mail.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to Steve

Premium Member

to Steve
said by Steve:

said by Blackbird:

True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.

How would you propose, even in broad strokes, for this to happen?

Encryption is trivial, it's key management that's the hard part.

Given what the Internet has grown up to be, it certainly wouldn't be as easy now as it might have been at inception. As a minimum, all traffic should have something akin to SSL protection, though the security made more robust. Add to that, redundant public-key depositories (along the lines of current DNS servers and certificates) for all traffic other than simple, passive web-page browsing, and a framework might just begin taking shape. The cost of true traffic security is invariably a certain loss of anonymity in order to verify key-holder ownership, at least to some degree... but one might also make "insecure" mode the option instead of the default as it is today, so that if one does not want the traceability of key-handling, they would be free to do without... assuming, of course they could find someone on the other end of their traffic willing to participate.

I'm under no illusions. A public network can never be made as secure as a well-designed and operated private network. Security on the 'public' Internet has always been an after-thought, laid upon an architecture intentionally designed for accessibility and survivability. The problem today is that the traffic security has become increasingly important, but it's still being conceptually treated largely from a band-aid and opt-in mentality... and that's visibly not working out well.

chachazz
Premium Member
join:2003-12-14

1 recommendation

chachazz to goalieskates

Premium Member

to goalieskates
»New "Surveillance-Proof" App To Secure Communications.
OZO
Premium Member
join:2003-01-17

OZO to Blackbird

Premium Member

to Blackbird
said by Blackbird:

The cost of true traffic security is invariably a certain loss of anonymity in order to verify key-holder ownership, at least to some degree...

Not necessarily, if P2P is involved in design (and they've specifically mentioned it) and keys are generated (and then immediately destroyed) on the fly - there is no need to forfeit anonymity (as opposite to centralize based PKI). Here is example of similar (only by the idea behind) implementation - ZRTP.

Authors are practicing quite rare privacy-by-design approach, which shows respect to the end user, not to any other third party entities (government, private snoopers, marketeers, etc). And they've committed to making source code of the new technology available publicly. It's yet another sign of true user-oriented intentions behind the project. That, IMHO, brings confidence to this privacy solution (along with well known authors, standing behind it).

Good to hear that there are still some folks, who care about privacy or people.

Wildcatboy
Invisible
Mod
join:2000-10-30
Toronto, ON

1 edit

1 recommendation

Wildcatboy to Steve

Mod

to Steve
said by Steve:

said by Blackbird:

True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.

How would you propose, even in broad strokes, for this to happen?

Encryption is trivial, it's key management that's the hard part.

The ability and the infrastructure is already in place for email. All you need is a free S/MIME certificate like this for each side. The problem is that although all email clients support the feature, having a certificate is not mandatory. I send dozens of emails to dozens of people daily but majority of them don't have a certificate installed, therefore I can't send them encrypted emails.

All you need for this to become widely used is to make the feature mandatory in popular email clients like Thunderbird or Outlook, etc... When you setup your email client, you add your name, email address, SMTP and POP server addresses and it should download and install a certificate for you automatically and you and the rest of the world would be sending encrypted emails, no training required.

Similar procedures could be implemented and mandated for browsers and popular web servers such as Apache and IIS to use similar key exchange procedures. They just need to be implemented into web browsers and web servers, majority of which by the way, are open source or at least security conscious.

By securing the web browser and email data transfers you would be covering the majority of the Internet data flow and you don't need a key management infrastructure beyond what is already in place.