

TribalContact - The hammer that breaks PRISM (Encrypted web based chat) - liamcarton
http://www.tribalcontact.com

======
jlgaddis
Oh boy, Yet Another "Secure" Web-Based Encrypted Communication
Application(TM)!

Initial thoughts after a quick look:

I see mention of code/libraries that are being used, but no link to the source
code.

I don't normally bother pointing them out (such as here in the comments), but
the numerous spelling and grammatical errors don't exactly instill confidence.

Liam -- what are your (or your "co-programmers") qualifications? Why should
the "community" trust/have faith in your cryptographic and/or programming
skills?

Ironically enough, "the hammer that breaks PRISM" apparently doesn't even use
SSL/TLS (click link above to the web site then click on "App").

 _> Privacy - because it matters

> Anonymity - because you are worth it

> Security - because you need it_

I fail to see where TribalContact provides any of these.

 _sigh_

~~~
liamcarton
Yes, indeed, it is another encrypted web based communication app. I
personally, am not aware of any others, thought I do not doubt that some might
exist. There are a number of apps out there, but websites that offer mil-spec
encryption? I have never seen any.

There are, in fact, no libraries being used, and while we do mention credit to
those who developed code or algorithms, all code is in-line, and therefore
viewable from the browser. (At present leaflet is included but, as soon as we
have integrated the latest version, it will be in-lined)

In our opinion, it is this ability for a competent technical person to confirm
the absence of back-doors, and it is this that offers protection against
surveillance.

We do not use SSL as there is absolutely no point. We know that it is NOT
secure against government snooping. As the encryption offered by TribalContact
is double layer we feel that to use SSL is simply a waste. If we know it is
broken, why bother using it?

I am sorry that you seem to have found a number of spelling mistakes, but I do
wonder if maybe this is because this is written in British English rather than
American English. Neither I nor MS Word have found any errors. If you can
identify any errors I would be most appreciative if you could point them out,
and I will correct them.

I think that I have been quite clear that I do not expect nor require trust
from the community. The source code is viewable, and before trust can be
established verification should be completed. Perhaps it sounds rude, but it
is not for me to prove that I am trust worthy, that, after all, is a fools
errand. Only by the community verifying that what I say is true can that trust
be gained.

I still feel that the combination of perfect forward security, ephemeral keys,
and double layer encryption offers the claimed privacy, anonymity and
security.

One final point that I think has been overlooked, is that TribalContact is
designed to be a simple, zero install, easy to use solution to the problem of
wall-to-wall surveillance. Most other encryption apps are so hard to install,
configure and use that people such as Glenn Greenwald are not able to reliably
use them. TribalContact was designed from the ground-up to be usable by
anyone, and as such offers significant utility above any other encryption
application I have ever used.

I hope that these comments answer some of your questions.

I am very grateful for your feedback, and am always more than prepared to
answer any questions. If you have anything else that you would like to discuss
please feel free to contact me, or add a new comment on hacker news.

Liam Carton liam.l.carton@gamil.com

