
Phil Zimmerman's post-PGP Silent Circle: Privacy for $20 - iProject
http://news.cnet.com/8301-1009_3-57451057-83/phil-zimmermanns-post-pgp-project-privacy-for-a-price/
======
alister
This is Zimmermann's third attempt at encrypted phone calls, at roughly 9 year
intervals: PGPfone (1995) and Zfone (~2004/5).

I'll assume that this will be a lot easier to use than the earlier programs,
and I'll also grant that smartphones are a much bigger market than VOIP
software for desktops.

I want to see Zimmermann's product to succeed, and I'd love to see all phone
calls have unbreakable end-to-end encryption by default.

However, as the article points out, it is difficult to persuade consumers to
spend their own money on privacy.

The only way I can see consumers starting to care is if we get a massive
wikileaks-style dump of millions of private phone calls that some malware or
government has intercepted and recorded.

~~~
vr000m
From the article it seems that Zimmermann is reusing ZRTP, which was/is also
part of Zfone.

~~~
rdl
The transport is probably the easiest part of the whole system; the hardest
part is convincing people of the need, followed by "we're the central point of
secure to insecure" not itself being a massive monitoring target. UI/UX, key
management (and directory management, kind of the same thing), and running the
gateways themselves are kind of a problem too.

I hope they support multiple providers (including setting it up yourself) for
Circle -> PSTN/SIP/etc., to avoid this problem. (I know Jon Callas, I guess I
should ask him)

They could probably charge $500/mo for 10 users for secure
email/voice/sms/etc. for groups, vs. $20/mo for individuals, if there was zero
security exposure to the central servers for the groups, and if the groups
could locally connect to their own/existing infrastructure. Add some trivial
Mobile Device Management (MDM) functionality (forcing passcodes, remote wipe,
etc. -- trivial stuff, not the huge monstrosity of corporate MDM products).

Basically, BES + VoIP for non-dead (iOS+Android, vs. BB) platforms.

~~~
18pfsmt
Are you familiar with the milkfsh project? I use it to talk with my brother,
but getting anyone else I know to set it up has been impossible.

<http://www2.milkfish.org.sipwerk.com/?page_id=2>

------
rdl
The $20/mo price is kind of misleading since it includes PSTN termination (99%
of calls will probably be encrypted from the mobile device to a gateway to
call non-users of the application, at least initially). There are not a lot of
great SIP clients for iOS which connect to reasonable inbound and outbound
termination providers, so for a US user internationally, the "free roaming"
aspect will more than save $20/mo.

------
nathan_long
>> We're going after target markets that have a special need for this,"
Zimmermann said. "For example, U.S. military serving overseas that wish to
speak to their families."

An interesting example. "See, government? There's an upside for you in
citizens having encryption tools."

~~~
Tloewald
Interesting pitch. Even better solution to that problem would be not starting
idiotic foreign wars.

~~~
bdunbar
_not starting idiotic foreign wars._

Don't be tedious. Even if the US didn't start wars there are a whole lot of
guys deployed overseas who don't go to war. Peacekeeping missions,
humanitarian aid, operations other than war, etc.

~~~
Tloewald
Tedious? There wouldn't be nearly so many, and operational security wouldn't
be as critical.

------
shin_lao
The problem with privacy and security is that it's considered a "nice to have"
but not a "must have".

It's extremely difficult to sell "nice to have".

~~~
themenace
The dichotomy is not "nice to have" vs. "must have" -- it is whether the
threat is "visible" vs. "invisible" when it concerns privacy and security for
consumers.

Phone calls being massively scanned by a national security organization are an
invisible threat. Consumers don't worry about it.

But consumers will pay for anti-virus software because it's in their face.

Another great example is personal shredders. I remember a skit, perhaps it was
on Saturday Night Live, where the kids had to throw dad's incriminating papers
into the "family shredder", portrayed as a ridiculous appliance for a family
to own.

In the years since we started to hear a lot about identity theft, and then
Fellowes created a billion dollar market for personal shredders. Is a personal
shredder a "must have"? No way. The risk is very low, and there are so many
better ways for thieves to get ID info in bulk. But ID theft is highly
visible; you hear about constantly.

While I agree that it is hard sell for the consumer market, if it should
somehow became highly visible (like a wikileaks dump of millions of recorded
calls as another person suggested here), then sales could fly out the door.

------
joejohnson
I have so many technical questions about his software. How does he plan on
implementing this in iOS? It is difficult to modify the Phone app, and
impossible without a jailbreak. Is this going to be a separate app for phone
calls and emails?

And on top of all these technical limitation imposed by Apple, will this
service only work if both parties (you and the recipient) have this software
installed? This will prevent widespread adoption.

~~~
delinka
You don't modify the Phone app. You build a custom VoIP app like Skype did.

And yes, it can _only_ work if both parties have the app installed. Otherwise,
someone along the way (at the tower (your mobile provider) or in the OS
(Apple)) will have to decrypt the data for you and that sorta defeats the
purpose.

~~~
jcr
Actually, no, it can work when only one person has the app installed, albeit
without end-to-end encryption.

> If only one person has the app, the connection will be scrambled only to
> Silent Circle's servers, which could still be valuable for overseas users
> worried less about the FBI and more about their own government
> eavesdroppers.

------
earl
I _love_ this quote from the article:

    
    
       "I’m not going to apologize for the cost," Zimmermann told
       CNET, adding that the final price has not been set. "This is
       not Facebook. Our customers are customers. They’re not
       products. They’re not part of the inventory."
    

I need to pull this out every time some wanker is whinging on about how awful
free, ad supported services are for doing their best to target ads and make
more money.

