Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.
Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.
The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.
Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.
All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).
(Score: 0) by Anonymous Coward on Friday November 20 2015, @06:34PM
I agree with you to some extent, but there is a fundamental problem here: Most users don't want to give up convenience for privacy and security. Oftentimes non-free proprietary software is more convenient at the moment (not to mention pushed on people by multi-million dollar ad campaigns which of course do not inform users of what they're really getting), so people use that. Still, even under these circumstances, there's a chance that things like TOR could help, even if users would be better off with free platforms. Perfection is the enemy of... slightly better.
(Score: 5, Insightful) by melikamp on Friday November 20 2015, @08:05PM
You know, that's great, and probably true: we can reasonably suppose that using TOR on Windows (or Signal on IOS) does increase privacy and security, although the end result is still really really bad. What stymies me is... Where's the admission? Where's a fair warning? Where's the honest efficiency assessment by the devs or the security experts? If they want to spend their time developing "security" solutions for spy-phones, I can't complain, but what's that with pretending they work? Just tell the user like it is. The sooner users are aware of the basic facts, the sooner they will push legislators to marginalize the whole damn non-free software ecosystem.