What It's Like When the FBI Asks You to Backdoor Your Software

[PhantomGremlin]

I don't trust any of them. Period. It makes absolutely no sense to trust any of them. Not when peoples lives are at stake.

At this point, if I wanted to use my phone for any truly critical communication (e.g. like in middle eastern countries where lives are literally at stake), I'd only use open source software.

You could start a company that had the all of following people as founders:

  Ron Rivest
  Adi Shamir
  Leonard Adleman
  Phil Zimmermann
  Whitfield Diffie
  Martin Hellman
  Dan Bernstein
  Bruce Schneier
  Edward Snowden
  Keith Alexander
  Theo de Raadt

Even if every single one of those people were telling me to trust the software, I still wouldn't. Not without source.

Show me the source code. At first glance, I didn't see that option as available at the Wickr web site.

BTW stupid of Wickr to not obtain the wickr.com domain. I'll let people google for the real URL just to make my point.

[willvarfar]

How do you compile your code? (Thompson reflections on trusting trust)

And beyond source-code:

How do you shield your equipment? (tempest, also active attack)

How do you guard your equipment? (evil maid)

Real life is the triumph of convenience over security :(

[PhantomGremlin]

Convenience is exactly what I use in my real life. My texting security is whatever Apple implements in iMessage. I'd be a lot more paranoid if I were a "smuggler" or "revolutionary".

There's also the wrench cryptanalysis discussed in xkcd.com/538. For most people the mouseover text nails it:

  Actual actual reality: nobody cares about his secrets.

[ds9]

The fact that you can't have complete security is not an argument for abdicating the effort, nor a valid criticism of anything that moves in the right direction. At least you can get to a better position in terms of (a) lower probability of compromise and (b) imposing more time and expense on the adversary.