Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday November 20 2015, @01:22PM   Printer-friendly
from the tried-to-search-on-'Signal'-but-got-lots-of-noise dept.

Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.

Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.

The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.

Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.

All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by drgibbon on Friday November 20 2015, @02:46PM

    by drgibbon (74) on Friday November 20 2015, @02:46PM (#265824) Journal

    Moxie is definitely not against free software, his concerns are security based. There's a thread on the Github tracker [github.com] where he explains why he prefers that F-Droid don't package Signal (back when it was TextSecure). Of course someone could just package it anyway, but ok, the guy has contributed a massive amount to security so people respect that. From what I remember, Moxie's main reasons are that he's against people checking "install apps from unknown sources" and he is also against the F-Droid centralised signing process. Actually OpenWhisper could just make their own F-Droid repo, but that would still mean that users need to install "unknown apps", which Moxie sees as a return to the "desktop security model". I can see where he's coming from, but I still think OpenWhisper should make their own F-Droid repo and release it quietly for the people who want it. However, what he doesn't want to see is geeks putting F-Droid on normal peoples' phones and checking "allow unknown apps" thus weakening security for those that don't know how to manage it. He would be happy to have APKs outside of the Play Store based on the conditions in this post [github.com], although I don't see how that gets around installing "unknown apps".

    It's a bit of a hassle, but for myself I just build a version of Signal from source every now and then. They do at least make that process very easy.

    --
    Certified Soylent Fresh!
    Starting Score:    1  point
    Moderation   +4  
       Insightful=3, Informative=1, Total=4
    Extra 'Insightful' Modifier   0  

    Total Score:   5