Hacker News new | comments | show | ask | jobs | submit login

> 1. What is TextSecure's business model? Who pays for the server infrastructure?

It's a good question. TextSecure is not a business, so we don't really have a business model in the traditional sense. Open Whisper Systems is a collective project made up of volunteers and a growing number of contributors, who are sometimes paid by donations (https://whispersystems.org/blog/bithub/) and grants.

Thus far, we've been able to smoothly fund the server infrastructure through grants and donations as well. I think we'll probably be able to continue that way indefinitely, but if that ever changed for any reason, we would consider charging small amounts for premium or high cost features like extremely large attachments. But in general, Open Whisper Systems is a project rather than a company, and the project's objective is not financial profit. I know that's a difficult thing to explain.

> 2. Doesn't WhisperSystems belong to Twitter? Twitter is a US-company (and also part of the NSA stuff), so why should I use that kind of software?

This is also confusing, but Open Whisper Systems is not Whisper Systems. Open Whisper Systems has no relationship with Twitter at all, and is a different organization that came together to facilitate development of the Whisper Systems software which was released under GPLv3. Twitter has never contributed money or resources to Open Whisper Systems, and is not in control of any of the infrastructure.

Hey moxie, I recently myself switched to using TextSecure (mostly was just looking from an SMS app from reputable people, but the crypto parts are a nice bonus). The above question about the business model was also my first question after my initial evaluation. It would be awesome if you could put this info somewhere on the website (maybe I missed it?).

That is indeed confusing. Because the names are so similar, there is an implied close relationship between these two entities. Have you considered renaming the project?

I'd pay good money for an iOS version. I'm limping along with Threema now (which, functionally, is really great!).

I'd pay even more good money for hosting to not be in Google's data centers.

An iOS version is in progress and should be released in the next few months [1].

The TextSecure servers are not hosted in Google's data centers. Google's GCM push messaging framework is used to deliver messages to Android users, but the GCM payloads are fully encrypted.

[1] https://github.com/WhisperSystems/TextSecure-iOS

I know it's in progress. I'm anxiously waiting. If you tell me where I can send $ or BTC to help it go faster, I'll gladly oblige.

See [1] for donating BTC and [2] for donating other currencies through the Freedom of the Press Foundation.

[1] https://whispersystems.org/blog/bithub/

[2] https://pressfreedomfoundation.org/

I'd actually like a Chrome browser extension version, too (yes, I recognize the vulnerabilities vs. a true native client, but signed browser extensions mitigate a lot of those)

This is already in progress [1].

[1] https://github.com/TheBlueMatt/textsecure-chrome

What's the relation between the server and the SMS verification when setting up the app? I haven't tried TextSecure in a while, but when I tried right after you announced TextSecure v2, I kept getting failure to send me the SMS, and I had to receive the robo-call. I had a friend from another country who experienced the same. Is that still a problem?

There were some capacity issues when the new version of TextSecure was first released. The SMS code is used to verify ownership of a number before it can be used for Push messaging.

If it's not for profit, why don't you open source the server-side code too? Then those that are interested can rely on their own infrastructure.

Note that you're forking the net with this though. As far as I understood in the posts about TextSecure here:

- You can run your own server

- Your server cannot talk to the 'official' servers

- Federation is somewhat possible, but works on a 'We whitelist your machine' base

It's not XMPP. So people using 'Default' TextSecure and your friends & family on your own TextSecure server would be isolated, as far as I understand.

I'd love to be corrected though, because THAT (not business model/jurisdication) is my reason why I'm not comfortable using/recommending it. No offense to moxie and his team, but for me this is another Threema unless running under my (most likely not competent enough, if we're honest) supervision.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact