Stories
Slash Boxes
Comments

SoylentNews is people

Redphone and TextSecure are now Signal

posted by martyb on Friday November 20 2015, @01:22PM   Printer-friendly
from the tried-to-search-on-'Signal'-but-got-lots-of-noise dept.

kadal writes:

Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.

Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.

The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.

Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.

All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Redphone and TextSecure are now Signal | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by kadal on Friday November 20 2015, @02:33PM

    by kadal (4731) on Friday November 20 2015, @02:33PM (#265813)

    That's what I thought. Then I read this: https://github.com/WhisperSystems/Signal-Android/issues/127#issuecomment-13335689 [github.com] . I think his stance is not unreasonable.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=3, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 4, Informative) by radu on Friday November 20 2015, @02:42PM

    by radu (1919) on Friday November 20 2015, @02:42PM (#265820)

    Actually only the last sentence makes sense (but it's enough sense for me):

    if you aren't able to build TextSecure from source, you probably aren't capable of managing the risks associated with 3rd party sources.

    • (Score: 2) by boltronics on Saturday November 21 2015, @08:28AM

      by boltronics (580) on Saturday November 21 2015, @08:28AM (#266116) Homepage Journal

      3rd party to who? Google? Google's a 3rd party to my point of view. The Google proprietary components are probably full of spyware for all we know. If I'm using Replicant, having Google's signature hardly matters. If Open Whisper Systems published their own F-Droid repository, they could sign all their own packages.

      The problem with Open Whisper System's stance is that they somehow believe people who prefer free software are all "power" users, and that's BS. We want *everyone* to benefit from free software - not just geeks.

      Moxie's contributing to a world where security software for the average person is expected to run on top of proprietary software, and we desperately need to put a stop to that. You don't need to be a security expert to see the problem with contributing to that trend.

      --
      It's GNU/Linux dammit!