[clug] Wickr and previous privacy discussion

James Ring sjr at jdns.org
Thu Mar 19 09:01:51 MDT 2015


On Wed, Mar 18, 2015 at 9:33 PM, Hal Ashburner <hal at ashburner.info> wrote:
> I use TextSecure and recommend using it as the default sms app on
> Android. I recommend my ios using friends use signal, which is the
> compatible ios app.

Does this actually protect you against metadata collection? Sure
message content is scrambled, but not the headers.

> The protocol is open and well specified. The source is Free. It comes
> with Moxie Marlinspike halos as endorsed by Jake Appelabaum (whether
> you think that is a positive or a negative is up to you). I'd go with
> capable (somewhat) dissidents every single day of the week on this
> sort of thing if only because there are a metric f.ton() of really
> smart, diligent even obsessive people who want to find the
> bug/backdoor/mis-specification to make them eat crow while making
> their own reputation @ blackhat.
>
> If you think having secure comms is something you might ever want,
> start using TextSecure or Signal now. By the time you really need it
> it may be too late. "But I can't see why I would ever need it" - If
> you ever see a crime (eg murder) committed by a well connected and
> powerful person and don't feel right about being complicit and
> ignoring it - that's when you have something to hide.
>
> <unpaid_advert>
>
> TextSecure, just install the damn thing now. Unless you're on ios,
> then install Signal.
> No really, do it.
>
> </unpaid_advert>
>
> It needs you (both ends have to use it to encrypt) as much as you
> might ever need it and it costs nothing.
>
> Now wickr:
>
> "there's virtually no technical information available on it"
> http://blog.cryptographyengineering.com/2013/03/here-come-encryption-apps.html
>
> "the code is not open to independent review"
> https://en.wikipedia.org/wiki/Wickr
>
> It may well be great but that doesn't inspire as much confidence as
> the TextSecure approach which is the approach taken by all
> meaningfully useful crypto that we know of up until now.
>
> 2c, and worth all of it.

It seems Wickr needs to be in the middle, so at least the message
metadata will show a bunch of messages going from you to one place.
Though if my life depended on it, I wouldn't trust Wickr not to hand
over my metadata if the government demanded it.

Regards,
James


More information about the linux mailing list