
Show HN: ChatSecure iOS v3.0 (OTR + Tor + XMPP) - chrisballinger
https://chatsecure.org/blog/chatsecure-ios-v3-released/
======
tyrion
If you are so concerned about privacy and security, why use an iOS device at
all?

Note: I am not trolling. It is a serious question. I mean, probably no one
would be using ChatSecure if it were not Free Software, rightly, because
nobody could audit its source code, but then isn't it a security/privacy issue
using it on top of a completely closed platform?

~~~
avree
Because there's a tradeoff between 'privacy and security' and 'convenience',
and most people like to fall somewhere in the middle.

It's like locking your doors on your house. Sure, a burglar could break the
door down, smash a window, follow you around and steal your keys, etc., but it
adds a level of security and precaution that keeps _some_ of the bad guys out
while not being insanely inconvenient.

I care about the privacy and security of my home, but I'm not going to live in
a bunker.

~~~
jakeogh
A closer analogy would address a group controlled by a few which has the
resources to install people (whom believe that are doing good things) into
positions that have access to your private keys. It's more like there is an
automatically updated encrypted manifest of your house available. The bunker
analogy is bad unless you think we should meet in the middle on infosec. At
some point, this same conversation will be about hardware inside our heads, we
already use these devices like second brains.

~~~
avree
Yeah, my housecleaner, dogwalker, and certain other people have keys.

I run the risk of them deciding to one day loot everything I own, and yet, I
realize that the convenience of the services they provide is worth that
minimal risk.

Same case with my cell phone.

------
Mizza
Great to see this finally get out there, it's been awesome to watch this
project develop!

This is also a particularly good release write-up, big ups to the team for
writing about all of the components that have gone into this new release.

------
ex3ndr
We in Actor.im tried to build tor-enabled messaging (on better and faster
protocol), but for working tor engine need to download 1-3mb files every 4
hour period. So, this became useless in mobile environment. Tor need to do
step forward to mobile before we can really use it.

~~~
chrisballinger
I was excited about the possibility of federated XMPP over mobile hidden
services, mainly because of the built-in NAT traversal. It could make creating
a "good enough" XMPP server as simple as buying a cheap Android phone,
installing an app, and keeping it plugged in somewhere.

------
higherpurpose
Would it be possible for TextSecure and ChatSecure to interoperate (at least
with chats)? Or would that create too much pain for both groups to support
each other as they (possibly) diverge in features?

~~~
chrisballinger
I'd love to make this happen, but it won't be possible unless they support
open federation, which is currently impossible when using your phone number as
the identifier. I do plan to support Axolotl in conjunction with our provider-
agnostic push solution, which could potentially provide a bridge between the
two platforms.

------
mrmondo
I'd love to see Moxie review this!

~~~
girvo
I'd rather see Signal have text messaging enabled first ;)

~~~
mrmondo
Yeah me too ;)

------
dewey
Very excited for this, just from the GUI point of view it's a big step
forward.

------
magikarp
Fantastic work, Chris! It's really great to see that ChatSecure has such an
ambitious roadmap.

------
funcSoulBrother
Pretty excited about the hidden TOR xmpp functionality in this version, since
NAT won't ever be an issue.

------
foobarqux
Why not use Signal?

~~~
xxdesmus
Signal doesn't do messaging on iOS right now, only phone calls.

~~~
chrisballinger
It will soon! After playing around with their latest Signal 2.0 beta that
integrates TextSecure support, I honestly would recommend using Signal unless
you specifically need Tor/OTR or want to host your own XMPP infrastructure.

~~~
xxdesmus
Oh nice, I'd love to give the Signal 2.0 beta a go if you have any invites
into the beta testing? :)

------
laveur
Does the fact that they use Tor make it more secure? It seems like the network
has been getting hacked a lot lately.

~~~
dewey
It's not "getting hacked a lot". What you are talking about is probably just
the take-down of a few hidden services with poor operational security.

