
Crowd steps up to fund 'NSA-proof' app  - ramisms
http://stream.aljazeera.com/story/201307112159-0022901
======
moxie
I'd been wondering when the explosive kickstarter campaign that leverages the
NSA news would appear.

My feelings about projects like these are always complicated. Even though it's
encouraging to see that people are excited about building secure communication
platforms, my initial reaction to announcements like these is typically
extreme dread.

There is a small community of people who have been working on secure mobile
messaging for years, and unfortunately newcomers to secure communication
generally fuck it up. Not only is that bad for users, but it's bad for those
of us who have put years of effort into this, because it sets a tone where
users begin to assume that _all_ apps which attempt to provide secure
communication must have done it incorrectly, so it's not worth using any of
them.

I think there are probably enough apps in this space now (TextSecure,
ChatSecure, Gibberbot, Silent Circle) that these folks could have probably
just partnered with or contributed to an existing project in order to meet
their needs. Despite the article's subtitle, this will be far from "the first
secure mobile messaging system."

~~~
MikeCapone
Anyone who knows this stuff can provide additional feedback on apps like
ChatSecure and Gibberbot? Are they considered to be good crypto
implementations?

Update: I installed ChatSecure on my iPad and it's very easy to set up. So
easy in fact that I'm thinking there must be something wrong with it, because
otherwise it would probably be recommended more often in these types of
threads...

One of the things that seems problematic is that the background session
expires after a few minutes, so if someone tries to just randomly message you,
chances are you won't be logged in, so this can't be a replacement for IM.

~~~
thaweatherman
Time out on chatsecure is a draw back of iOS. It forces app to close after 10
minutes of inactivity. Very annoying.

I'm with moxie. There are already plenty of good encryption apps out there.
That 100,000 could have gone to existing apps that do what they say they do
rather than an app that might not turn out as promised.

~~~
nthj
I never quite understood this. Certainly you don't want to send an unencrypted
notification message (“Matt says: here are the meeting times”) to Apple's
notification servers. But do you really have to be that verbose? I'm not
terribly concerned about the NSA logging “you have $n new messages!”
notifications.

~~~
DanBC
> I'm not terribly concerned about the NSA logging “you have $n new messages!”
> notifications.

But you can appreciate that as part of risk assessment some people might have
a valid reason to be concerned about leaking even that much information?

GCHQ / NSA are _good at finding patterns in data_ , so a collection of "You
have $n new messages!" notifications can provide insight into the organization
of a group.

~~~
nthj
Yes, I certainly understand. Most people wouldn't be concerned—and would be
far more likely to use the technology if they could enable a feature like "You
have $n new messages."

I propose it as an option, not a default.

------
chrisballinger
Don't trust this any more than any other closed-source "encrypted"
communication product (like Skype). If they control both the source and the
backend, how can you be sure it isn't compromised? How can you be sure it
won't eventually be sold to the highest bidder?

Disclosure: I am the original author of ChatSecure, the only open source
OTR+XMPP app for iOS devices.

~~~
bajsejohannes
They are planning on releasing the source "later when it's stable and good
enough".

Souce:
[https://twitter.com/brokep/status/354608029242626048](https://twitter.com/brokep/status/354608029242626048)

Edit: But they will still control the server. (It's audited by third parties,
but... yeah)

~~~
coopdog
If the client source proves that the message is properly encrypted though
(they're using PGP), the servers can be as insecure as the open internet and
it should be ok

~~~
bajsejohannes
I agree. The reason I put in that last sentence is because I read this in
their FAQ ([https://heml.is/](https://heml.is/)):

> Distributing to other servers makes it impossible to give any guarantees
> about the security.

Not sure what they're referring to.

------
dobbsbob
Port bitmessage to Android then release it alpha and then wait 2-3 years to
see if anything goes wrong. Then release it beta with gigantic warnings.

I hope this isn't another Jabber/OTR implementation because those would be
full of metadata the NSA wants in order to identify social networks. Once
identified, and if they look interesting enough they want to listen in, they
would then go to town on your device, car, or home with surveillance equip to
read your screen as you type, or just sneak inside the project's servers using
nginx shell exploits or linux/bsd exploits none of us know about yet to inject
code into the apk for download which will still pass signature tests.
[http://www.pcworld.idg.com.au/article/512362/proof-of-
concep...](http://www.pcworld.idg.com.au/article/512362/proof-of-
concept_exploit_available_android_app_signature_check_vulnerability/)

Another problem is most devices are carrier built so can't be trusted not to
have a new CarrierIQ-like rootkit, and they can just send an OTA update that
can basically do whatever it is they want it to do including recording the
screen whenever this app get's turned on. Maybe these carriers leave their
build keys lying around and the NSA gets a hold of them and sends you their
own OTA update. Or maybe their agents volunteer to work on this project and
sabotage it like the NIST Special Publication 800-90 that recommended an
inferior deterministic random bit generator that researchers assumed were
deliberately made standard so a federal skeleton key could determine the
random numbers and unlock the encryption.

The best NSA proof cell accessory is thermite to melt your phone so you stop
using it to communicate stuff the NSA might want to find out. If you're not a
terrorist, Snowden, or Assange then you can use Gibberbot only with a .onion
jabber server because of SSL problems, and even then your device is still wide
open, and Tor sacrifices traffic analysis timing prevention for usability so
technically still vuln to metadata analysis by gigantic spy agencies like the
NSA

~~~
conformal
there is no such thing as a secure cellphone platform, at least for us non-
govt folk. expecting your comms to be secure on a cellphone because you use
some app is super naive. as dobbsbob points out, your phone is likely
ownable/backdoored by (1) the manufacturer, (2) the OS maker, (3) the ISP and
(4) the local intelligence services.

the best way to keep anything secure as it relates to your phone is to not use
it. in fact, keep your phone well away from where you work and have important
conversations. there is a reason certain ppl are not allowed to bring their
cellphones to work: it's because they're not even remotely secure.

------
danso
Odd coincidence that today, I came across this late 2012 article, "What
Happened to the Facebook Killer? It's Complicated"

[http://motherboard.vice.com/2012/10/2/what-happened-to-
the-f...](http://motherboard.vice.com/2012/10/2/what-happened-to-the-facebook-
killer-it-s-complicated)

It's a detailed look at the failure of Diaspora, the secure, privacy-
preserving app that raised $200K during the height of Facebook privacy
concerns, but fell apart, with the founder eventually committing suicide.

I bring it up _not_ because I think hemlis is doomed to the same fate, but
precisely because the differences between what the OP aims to achieve compared
to Diaspora makes it much more likely to succeed...if it's just a messaging
app, rather than a social network that has certain infrastructure challenges,
then it should definitely be doable (it goes without saying that the Pirate
Bay co-founder probably has a lot more experience than the Diaspora founders)

------
danielsiders
"The way to make the system secure is that we can control the infrastructure."

This is an incredibly narrow vision of the future. We need an interoperable
network that supports a variety of encryption technologies. Users should be
able to select the apps they prefer with the features they need.

Locking the social graph into a single service and a single app which like
most applications will eventually have vulnerabilities is a tremendous
liability.

~~~
antihero
We need an easy to use/transparently embeddable version of Freenet or I2P with
a rich messaging app built on top.

------
RealGeek
Direct link: [https://heml.is](https://heml.is)

Hemlis is founded by The Pirate Bay co-founder.

------
downandout
Encryption is only half the battle. NSA et al. could still get metadata - whom
is communicating with whom and when. Unless they carefully engineer a solution
to this problem into their app, it's useless.

------
venomsnake
NSA proof app for Apple and similar devices is oxymoron. Until you know what
exactly the vendor can do remotely with your device you cannot assume
security.

These devices and OS-s are provided by companies that are part of PRISM so
they have a track record of collaboration with law enforcement.

So running secure software on them is like putting a steel lock on a mosquito
net.

~~~
superuser2
All carrier locked phones, including Android and Firefox OS, can receive ota
updates without knowledge or consent. Any open source phone OS can and will be
modified to benefit the carrier before reaching consumers.

------
comex
"Heml.is would be the first secure mobile messaging system."

Heh... I don't think so!

~~~
melpomene
I made a short list of the end-to-end encrypted messaging applications which
are available now:
[https://blog.kejsarmakten.se/all/personal/2013/07/10/end-2-e...](https://blog.kejsarmakten.se/all/personal/2013/07/10/end-2-end-
encrypted-messenger-apps.html)

------
astangl
Reminds me of this

[http://www.gocomics.com/foxtrot/2013/06/30](http://www.gocomics.com/foxtrot/2013/06/30)

------
D9u
[https://en.wikipedia.org/wiki/Deep_packet_inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection)

 _Deep Packet Inspection (DPI) (also called complete packet inspection and
Information eXtraction - IX -) is a form of computer network packet filtering
that examines the data part (and possibly also the header) of a packet as it
passes an inspection point, searching for protocol non-compliance, viruses,
spam, intrusions, or defined criteria to decide whether the packet may pass or
if it needs to be routed to a different destination, or, for the purpose of
collecting statistical information. There are multiple headers for IP packets;
network equipment only needs to use the first of these (the IP header) for
normal operation, but use of the second header (TCP, UDP etc.) is normally
considered to be shallow packet inspection (usually called Stateful Packet
Inspection) despite this definition.

There are multiple ways to acquire packets for deep packet inspection. Using
port mirroring (sometimes called Span Port) is a very common way, as well as
optical splitter. Deep Packet Inspection (and filtering) enables advanced
network management, user service, and security functions as well as internet
data mining, eavesdropping, and internet censorship. Although DPI technology
has been used for Internet management for many years, some advocates of net
neutrality fear that the technology may be used anticompetitively or to reduce
the openness of the Internet.

DPI is currently being used by the enterprise, service providers, and
governments in a wide range of applications._

[http://www.adax.com/products/dpi.html](http://www.adax.com/products/dpi.html)

[http://www.infonetics.com/pr/2013/2H12-Service-Provider-
DPI-...](http://www.infonetics.com/pr/2013/2H12-Service-Provider-DPI-Products-
Market-Highlights.asp)

With DPI encrypted comms can be routed to storage, from there the encrypted
data can be sent to the supercomputers for further analysis. Just what can,
and can not, be cracked is open to conjecture, as I don't really know the
specific capabilities of the supercomputers in use by the alphabet gang.
However, with the rapid decline of storage prices it would be safe to assume
that what cannot be cracked today, may be broken in the not too distant
future.

I'm wondering if there actually is any currently known encryption which cannot
be broken in the unforeseeable future...

Whichever way it is, I wish this venture luck and success.

------
tommis
Hopefully they wont host the servers in Sweden..
[https://en.wikipedia.org/wiki/FRA_law](https://en.wikipedia.org/wiki/FRA_law)

~~~
melpomene
In their FAQ they mention how they intend to connect serveral countries
through VPN tunnels and using anycast so that personal traffic won't cross
national borders: [https://hemlismessenger.wordpress.com/2013/07/10/first-
bunch...](https://hemlismessenger.wordpress.com/2013/07/10/first-bunch-of-
questions-from-our-funders-answered/)

This would stop FRA since they are not allowed to look at domestic traffic,
only traffic crossing the border.

~~~
mtgx
Like that has stopped NSA or any other spy agency before. But I guess what you
mean is that it won't be legal for them to do it, not that it will "stop" them
from doing it, necessarily.

------
chatmasta
What would the government do if Google bought these guys?

~~~
pavanred
I guess its safe to presume they wouldn't sell it. Otherwise, the simplest way
to deal with the "piracy problem" would be to buy piratebay and shut it down.

------
buro9
If the only thing that comes out of this is that someone solves key storage in
a user friendly way, it will have been a bargain.

