
John McAfee releases secure anti-surveillance messaging app ‘Chadder’  - mroling
http://www.chadder.im/
======
nodata
Or use TextSecure and RedPhone:
[https://whispersystems.org/](https://whispersystems.org/)
([https://github.com/WhisperSystems/TextSecure/](https://github.com/WhisperSystems/TextSecure/))

~~~
mrmondo
Isn't that Android only?

~~~
lxgr
The iOS client will (hopefully) be released in the next few months.

~~~
nodata
Link: [https://github.com/WhisperSystems/TextSecure-
iOS](https://github.com/WhisperSystems/TextSecure-iOS)

------
ctz
Some observations:

\- This uses an external service 'scrambls'
([https://scrambls.com/](https://scrambls.com/)) which seems to do per-message
symmetric key management. Therefore, the owners of this service can read all
your messages.

\- The thing which seems to be sent along with the ciphertext is an 'XID'
which is sent to scrambls and exchanged for the raw AES message encryption
key. There doesn't seem to be any binding to the recipient in this step(?)

\- The encryption of messages is AES-CBC with PKCS#5 padding. There is no
message integrity, so therefore this provides no confidentiality under CCA2.

In conclusion, this is the sort of thing you should expect from a secure
messaging app. (TextSecure excepted.)

~~~
andor
It's interesting how they know it's happening, but don't seem to understand
the consequences.

In the video, they say that "the key and message can only be read by Sally."

Or look at this one, where they even visualize it:
[http://siliconangle.com/blog/2014/05/03/the-design-behind-
ch...](http://siliconangle.com/blog/2014/05/03/the-design-behind-chadder-john-
mcafees-new-chat-app-for-security-conscious-millennials/)

 _The architecture of the product features a unique web-based exchange of key
transfer capabilities to facilitate completely encrypted messaging._

------
casca
Having access to source is no guarantee of security or correctness (see
Heartbleed) but relying on any of these secure messaging apps seems
optimistic. Writing correct crypto code is hard and John McAfee's involvement
offers no assurances.

~~~
dirktheman
Especially since his stint with the authoroties of Belize and his subsequent
escape from said country... I thought it was a very entertaining story, but
professional suicide for him.

------
davexunit
Free software is a prerequisite for software to be "anti-surveillance" and I
see no indication that Chadder is free software.

~~~
FBT
_Libre_ is a prerequisite, _gratis_ isn't. This is an important distinction to
make. While it is true that this software seems to be neither, it is important
to note when we try to convince them to release it free, we mean _libre_ and
not necessarily _gratis_. (Although the two often go hand in hand.)

When people hear us complaining about it, they often think we want to avoid
paying money for it. This is false, and a bad impression to give. That is the
purpose behind making this distinction.

~~~
air
Libre isn't prerequisite either. Access to buildable source is.

~~~
id
Doesn't libre require access to source code?

According to the free software definition [1], it's one of the essential
freedoms:

 _> The freedom to study how the program works, and change it so it does your
computing as you wish. Access to the source code is a precondition for this._

[1] [https://www.gnu.org/philosophy/free-
sw](https://www.gnu.org/philosophy/free-sw)

~~~
keithpeter
Absolutely, libre implies code.

Access to compilable code can happen in more ways than fully libre release
though.

I think that is what the parent post to yours meant.

------
memorion
So that's an iPhone screenshot on what appears to be a Nexus 4 without the
navigation buttons with the android contact icons but there isn't even an iOS
version yet. The first screenshot in the playstore shows the windows phone
version and the second is the actual android version, what?

------
EC1
Why do people keep releasing messaging applications? These things rarely, if
ever catch on.

Awaiting the inevitable HN thread about how Chadder is flawed.

~~~
abrahamsen
Small investment, tiny chance of success, huge payoff iff successful. It is
the lottery of applications.

------
jacquesm
McAfee ceased to be a brand that you'd want to be associated with a while ago,
I wonder what they intend to achieve by attaching their reputation to his.

Toxic doesn't even begin to describe it, he's the IT world equivalent of a
rogue.

~~~
saurik
One would presume because "he is/was a fugitive, so he really understands the
need of that underrepresented user community".

------
motters
If the source code isn't available then any claims to being secure should be
treated cautiously. For instance, how do we know that there aren't heartbleed-
style errors in this anti-surveillance app?

~~~
riquito
I love open source, but we didn't know about heartbleed even with the sources
available.

~~~
skj
I think that it's rather because the source was available, we eventually found
out about heartbleed.

------
sschueller
Isn't McAfee back in the US? You can't trust crypto tools that are closed
source form the US. The current state of laws make that impossible. [1] [2]

[1]
[http://en.wikipedia.org/wiki/National_security_letter](http://en.wikipedia.org/wiki/National_security_letter)
[2]
[http://en.wikipedia.org/wiki/Patriot_act](http://en.wikipedia.org/wiki/Patriot_act)

------
a1a
I think the biggest problem here is that the application claims to be "anti-
surveillance" yet it doesn't really solve the surveillance problem, namely
meta-data.

If anything this application _helps_ surveillance by filtering out the
communication from "regular" communication.

We have had encrypted messaging for ages now. I cannot tell what's new here.

~~~
delinka
Has anyone even publicly discussed how to mitigate metadata collection? I
don't recall any such discussion, but this also isn't really my area of
interest.

I'd imagine a system that's _completely_ a p2p mesh network. "Oh, hello, peer.
I have 17 blocks for delivery on the network." Those 17 blocks might be pieces
of messages for said peer; they might be destined for other nodes anywhere in
the network; maybe they're noise. And don't forget to hand those blocks off to
other nodes as well, because maliciously dumping blocks could be a thing...

~~~
a1a
Not really my topic either but I guess messaging via TOR or alike is the best
solution.

~~~
delinka
Perhaps, but then I believe each participant in the messaging system would
need to run a hidden service to receive messages. I think you may be onto
something here.

------
chrisdevereux
Anyone care to explain how this is supposed to work? If Chadder don't store or
transmit the key, how does the person I'm sending a message to have it?

The ambiguity in the way the video explained it makes me a bit suspicious.

~~~
a1a
I do not know what your objections are. It's pretty straight forward.

I guess it's something like:

For messages: AES

Key exchange: RSA

Alice and Bob both generates their own RSA keypair (the server do not have
their private keys). Alice generates the AES key to be used with Bob, encrypts
it using Bobs public RSA key and then sends it to him.. _done_

~~~
simfoo
But then how does Alice know if she's talking to the right Bob and not some
evil middle-man? In other words, she has to trust the server that it is giving
her the correct public key.

~~~
a1a
Signing. I.e. Bob encrypts a dummy message or whatever with his private key.

------
andor
Oh wow. It uses a very innovative REST key exchange protocol.

Encryption:

    
    
      * Messages are encrypted with AES 128 CBC
      * Random key for each message
      * The AES key is sent to the server, and exchanged for some key-id
      * They key id is prepended to the message
    

Decryption:

    
    
      * Split message into key id and encrypted part
      * Download key from server
      * Decrypt message
    

Edit: Decompile it to see for yourself

~~~
andor
It's based on "scrambls", and they have a description of their protocol here:

[https://developer.scrambls.com/bin/view/Main/P4ComponentInte...](https://developer.scrambls.com/bin/view/Main/P4ComponentInteraction)

------
SchizoDuckie
Anything that claims to do 'APP X' with 'encryption' these days should not put
itself out there without posting a full (and RECENT) security audit by an un-
biased third party.

Otherwise, I'm going to assume you are still leaky as hell, make mistakes and
have not cleaned up your code, etc.

And no, claiming you are 'open source' doesn't cover it (And I Don't even have
to refer to Heartbleed here)

------
atanasb
When is the iOS client going to be released? It's kind of interesting that
this comes up on HN and at the same time a security leak [0] in the iOS email
client is found.

[0] [http://www.macrumors.com/2014/05/05/ios-7-email-
attachment-e...](http://www.macrumors.com/2014/05/05/ios-7-email-attachment-
encryption/)

------
dm2
Do the phones have to be online at the same time in order to send the first
key or does a Chadder server distribute the keys to each pair of users but
simply not store the key after it's distribution?

Sorry if this question sounds ignorant, the details and best practices of
encryption are way over my head.

~~~
andor
Their server stores _all the keys_

[https://developer.scrambls.com/bin/view/Main/P4ComponentInte...](https://developer.scrambls.com/bin/view/Main/P4ComponentInteraction)

------
dewey
Even if it's not directly relevant to the product in question but I always
think it's a bit weird to promote a "secure" product and don't even have SSL
enabled on your own website. It's not like it's expensive to get a simple
certificate these days.

~~~
dawkins
It doesn't ask you for any information. What would be the benefit of enabling
SSL?

~~~
a1a
SSL is not only for secrecy, it provides integrity as well.

For example: You cannot be sure the links are valid. The javascript- and/or
youtube iframe might be modified/malicious.

------
sajithdilshan
I'm confused. Does this app uses public key encryption? if so, how do I obtain
the actual public keys of all my contacts? Do we have to personally meet and
exchange the public keys?

------
schrodinger
They didn't even capitalize his last name properly:

    
    
        We are also very excited to announce our partnership
        with John Mcafee and Future Tense Central!

------
akumen
So the client is open source but the server and backend isn't, same as
Telegram? What is the point? That and McAfee doesn't exactly inspire
confidence.

~~~
zokier
Where do you see the client sources?

~~~
gulbrandr
See here: [https://telegram.org/apps#source-
code](https://telegram.org/apps#source-code)

~~~
zokier
I meant for Chadder.

~~~
akumen
Sorry, I assumed it was clients were open sources based on the article. Now
that I looked it appears that is not the case. So ... it is safe because John
McAfee?

------
phpnode
wow, that's a distracting background. Also the video doesn't explain how the
key exchange works, and isn't that the important/hard bit?

~~~
sajithdilshan
It's the Matrix

------
zokier
Only explanation they give is that it "uses encryption" and that should make
the app trustworthy? Is this a joke?

------
n1ghtmare_
Is the name McAfee supposed to be a plus ? Isn't he kinda crazy these days ?
That's a red flag in my book.

------
hemaljshah
If that's how they designed the website, I'm a little scared to download the
app.

Also, no iOS?

------
JohnDoe365
I thought he is in prison? Or at least under investigation?

------
higherpurpose
So how does it do that encryption? Through magic?

------
mantrax5
Nothing against John McAfee, I have no idea what happened in Belize, and he
can probably have a wonderful career as a reality TV star or a similar effort.

But I wouldn't touch a security product he offers with a 20 foot pole.
Literally I wouldn't even visit the site, let alone hover my mouse over the
download link.

And no, not because of McAfee Antivirus, but despite it.

