On 06/28/2012 04:58 AM, ilf wrote: > Opinions on this? Has there been any peer-review?
Not as far as I know, but I think can tackle it quickly here from what is on their website. Most of this is the usual open-vs-closed type issues, but still important to reiterate. I have also cc'd their privacy@ address so they can join the libtech list and respond if they choose. I should also disclose my well-known bias towards open source and open standards. PROS - it is free (as in free cheese samples at the grocery store) - they have some sense of user-oriented design/threat model design - their claimed data retention / privacy policies seem ideal - the claim that centrally stored data is minimal - it comes with all that proclaimed "easy to use" and "just works" attitude that is part of the Apple iOS world; from screenshots, it looks simple enough to use - better than an unencrypted SMS! CONS - closed-source, no ability to publicly audit without some sort of NDA - includes "patent-pending technology" aka proprietary, encumbered, not an open/known standard - limited to distribution where Apple and partner countries allow it - only works on iOS - no perfect-forward secrecy, it seems, meaning any encrypted on a remote device, can easily be tied back to your wickr ID and/or your cryptographic key - no information about client-to-server connection (SSL, TLS? resistant to man-in-the-middle attacks?) - centralized service with no option of hosting your own - "Activist" is not one of their user stories/types that they have designed around, though they claim "freedom fighters" are among their existing users - based on their "third parties" policy, it seems their system design is susceptible to lawful intercept Would I recommend it? Probably not, but I am curious to see what sort of mainstream uptake they might get, much in the same way I am curious about SilentCircle.com, which is offering a very similar set of promises as Wickr. Best, Nathan _______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
