

Talk – Smart, Private Messaging - szimpl
https://path.com/talk

======
ceejayoz
Given Path's history... nope.

[http://www.theverge.com/2013/4/30/4286090/path-is-
spamming-a...](http://www.theverge.com/2013/4/30/4286090/path-is-spamming-
address-books-with-unwanted-texts-and-robocalls)

------
dmix
"Deleted from our server" assumes the user has no understanding of data
forensics.

We really need TextSecure on iOS soon to stop the proliferation of all of
these silly privacy apps. There needs to be a strong cross-platform
alternative.

~~~
jmuguy
Here here, I go through a range of emotions each time I see a new messaging
app and they always end with me checking the WhisperSystems blog.

~~~
yeleti
True, i remember the whispersystems fanboys trolling all over the telegram.org
founders.

------
dchuk
Does Path have any interest at all in making money so they can, ya know,
become a real business? Or are they just another participant in the big-VC
social network app ponzi scheme?

~~~
eswat
I addressed this in another comment, but the ability to message businesses
that they are rolling out in the summer would be their gateway to actually
making money (businesses want to hear feedback about themselves but there
aren’t many solutions that address this well yet).

~~~
jljljl
Don't businesses already get a lot of this through Twitter, Facebook, Get
Satisfaction, and other sources?

~~~
eswat
This is all public though. Given Path is a "private" social network then if
businesses can resolve issues without getting into a public mess, talking to
the customer in a private tunnel in a sense, it’s easier to diffuse
situations.

------
howeyc
Maybe I don't understand, but why even have messages retained on the server at
all? Couldn't the local app keep them stored on the phone?

Also, does anyone know if they're encrypted at all. In this day and age isn't
that a requirement for them to be considered private?

~~~
schrodinger
What if the other phone is off at the time? You kind of need a server to act
as a buffer. No reason why it couldn't be client side encrypted though...
iMessage does that.

~~~
lttlrck
the sender can do that.

~~~
thenipper
What if the sender is offline when the receiver signs back on? Does the
message not get sent?

~~~
Spearchucker
You'd use a basic store/forward protocol. Sender sends message to a zero-
knowledge server. If the sender has no network the encrypted message is stored
locally, on the client device until the server can be reached.

Similarly, the recipient polls the server for new messages only when online.
Any messages accumulated by the server since the last sync are downloaded.
That's the easy part. More interesting is the key exchange that needs to take
place between sender and recipient for them to exchange messages securely. The
idea being that both parties each create a public/private key pair for each
other, and then use each others public key to encrypt the symmetric key that
decrypts messages.

Straight-forward enough. The problem here is when you want to exchange
messages with Bob, you need to know that you have the real Bob's public key,
and not an imposter's key. While an in-person, meatspace exchange will give
you the assurance you need, that's not always practical.

Here's a bit more detail on how you might engineer the key exchange:
[http://en.m.wikipedia.org/wiki/Needham-
Schroeder_protocol](http://en.m.wikipedia.org/wiki/Needham-Schroeder_protocol)

------
pzxc
If they really took our privacy seriously, they'd have a retention period of
zero instead of 24 hours.

~~~
paulgb
If they really took privacy seriously they wouldn't be able to decipher the
message even as it passed through their servers. There are already apps that
make end-to-end encryption user friendly (Telegram comes to mind).

~~~
LeoPanthera
Even iMessage uses end-to-end encryption. It's a pretty poor sign if it's less
secure than the service already built into the phone.

(And yeah I know iMessage isn't open source and so this is difficult to
verify, but "Talk" isn't open either. Apple published a big PDF about how they
do encryption - if this were proved to be false it would destroy all trust in
Apple forever, so I believe what they say.)

Big PDF:
[http://images.apple.com/ipad/business/docs/iOS_Security_Feb1...](http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf)
(See page 20)

tl;dr: "Apple does not log messages or attachments, and their contents are
protected by end-to-end encryption so no one but the sender and receiver can
access them. Apple cannot decrypt the data."

~~~
paulgb
Interesting, did not know that. Apple is still in a position to MITM the
transaction if they wanted though (Telegram provides a key visualization that
can be compared offline to prevent this)

~~~
mahyarm
Unless telegram changed their protocol recently, it's a fundementally flawed
design. Telegram can also MITM you with their design too.

------
cabalamat
> We take your privacy seriously.

That's a funny way of spelling "we will give all your data to the NSA".

If they really cared about my privacy, then their app would encrypt the data
on the way out and automatically decrypt it by the receiver, so that any
information on their servers would be unreadable. Oh and their app would also
be open source.

------
humpolec
Any plans to support XMPP, or is this another closed platform?

~~~
azinman2
Do you even need to ask? :)

------
skrebbel
Does anyone know the reasoning behind this? Off the feature list, it seems
like it has little more to offer than Whatsapp, and easy worse platform
support..

~~~
eswat
They also acquired TalkTo, a startup that lets you chat to business. The
ability to talk to your friends using Talk is just a trojan horse to
connecting you with businesses later on, where real money would be made.

[http://blog.path.com/post/89363978092/path-
talkto](http://blog.path.com/post/89363978092/path-talkto)

------
johnchristopher
I don't understand why the new chat protocols and clients focus solely on
mobile (phone?) platforms.

Why aren't there more desktop clients ?

~~~
yoshyosh
Next time you are out, check out what most people are doing on their phones.
SMS dominates usage so much. Most people don't use desktop chat outside of
tech

~~~
johnchristopher
I don't own a smartphone and I use SMS a lot. But I barely use online chat
system nowadays (MSN/AIM used to be the rage within my peers circle but it's
now gone and fb chat or g+hangout didn't replace it).

------
Globz
Id rather use Yo.

------
neil1
The app's restaurants messaging comes from a startup path acquired, talkto.

