Why Is the Government Afraid of this iOS App?

Brilliant!

 

Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

I am not going to say that NSA has backdoors in consumer grade hardware or not. I can't prove anything either way. But I will say that if they don't have such backdoors, then they aren't doing their job. We know for a fact that NSA has been caught putting backdoors in hardware before, so it isn't like it would be unprecedented. (Do you know how America found out who the Pan-AM Lockerbee bombers were? From a hardware backdoor in a crypto machine in Iran).

These guys get billions of dollars a year to play with and spend as they see fit (some of it is spent on contractors, but some of it is done in-house). It's almost like "Q's" lab in the James Bond films. They are at least 20 years ahead of the private sector in technology and computer science. The stuff they are doing now will finally go mainstream in about 2030.

Why do you think they no longer complain about crypto and have relaxed all export laws? It's obvious they have no problem breaking it. Whether they do this through superior mathematical know-how or through backdoors I can't be sure. Bruce Schneier thinks it is doubtful they can break AES in a traditional "code-breaking" sense, but he admits it is highly probable they have ways around it. And those "side-channels" are where agencies like NSA really shine.

The academic community has just now really started researching side-channel attacks (power analysis, cache timing, TEMPEST, etc.), but NSA has been at it for decades. Not only do they have a huge head-start, but they also have much more money to spend on research. The academic community simply doesn't have the resources to compete (it's hard to compete with the bottomless pit of money that is the taxpayer).

Now, I am sure Silent Circle is solid. Will it protect you from Joe Hacker? Most certainly. Will it protect company A from having it's trade secrets stolen by Company B? I would say as long as the company is careful to use it the way it is supposed to be used, then yes. Will it protect Terrorist X from NSA eavesdropping? Not a chance in hell.

 

Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

Yes. I used too run that setup, minus Wirefly. I have switched to a Galaxy Nexus running JellyBean 4.1.2 with the built in encryption. Yes - It's not as good as Moxie's WhisperCore, but WC stopped development with Gingerbread 2.3.5 when Twitter bought WhisperSystems. Staying on Gingerbread was killing me, so I dumped WC. With EncPassChanger from the Play Store, you can use the built in Linux commands to change the encryption passphrase from the UI limited 16 characters, to as many as you want. My lockscreen remains at 16 full ASCII characters. Yes, only the User Space is encrypted and not the OS...that's the trade off for running a current OS until Moxie makes a comeback. RedPhone and TextSecure were open sourced by Thoughtcrime Labs (Moxie?) and continue to be updated. RedPhone call quality has improved. I have also dumped "Big Telco" and got a SIM card in the mail, pre-pay each month. I have greater faith that Android (I run a custom AOSP based ROM and Kernel) has less of a chance of being back-doored, than iOS.

PD

 

Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

I don't see any evidence that governments are afraid of this app except for some hairy eyeball statement. The rest is based on assumptions. This looks like advertizing hype that targets the "paranoid" among us.

 

PaulyDefran Moxie aint coming back, he sold his soul to Twitter.

 

Chris Rock

 

Right... usually ppl who never used Android say such things...

 

I'm on the cautious side about such services and products. While I generally assume Uncle Sam and the hacker next door are listening. I really don't give them anything beneficial to steal. (1) they don't known what security precautions I've taken to protected my personal information, and (2) they lack physical access. Best of luck

 

Go ask any security expert then come back and say that.

OH and nothing against Moxie, he deserves to get cake. He is still a legend though, I wish I had his bank balance.

 

I'm glad you said that, If I invented something, I'd want to make money too...unless I was already rich. He is free to keep on, keepin' on and make more stuff. Even 'Non-Compete's' don't last forever. I also think that Thoughtcrime Labs is Moxie (could be wrong, so check me on that), so he has Open Sourced TextSecure and RedPhone. While WhisperCore was awesome with all it's capabilities, ICS and JB are 'ok' with encryption if you use a long pass phrase. 16 is pretty damn secure already, and EncPassChanger lets you do 64 if you want. On a practical level, not having the OS encrypted doesn't bother me too much. Yes, if you are a high value target you have Evil Maid type stuff to worry about, and other things that WhiperCore prevented...but really, for normal people, a Cellebrite attack for contacts, texts, and web history is what is going to happen...and the built in OS encryption can handle that.

I predict SilentCircle will hire Moxie, LOL.

As far as iOS .vs Android...I believe Android was the platform of choice for DoD/NSA trials for secure mobile phones, correct?

PD

 

Yes that may be so, but it doesn't make it right. While the IPHONE has been popped it's much safer than Android ATM.