I can't wait until S̶i̶l̶e̶n̶t̶ ̶C̶i̶r̶c̶l̶e̶ Heml.is is open source!
On 07/12/2013 01:29 AM, phryk wrote: > On Thu, 11 Jul 2013 23:09:04 -0700 > Brian Conley <[email protected]> wrote: > >> If it's not open source we aren't trusting it, so wait and see. > > My thought exactly. The companies involved in PRISM denied giving the > feds access to their data, so why won't some guys I've never even heard > of before not do the same? > > They answer the question if it will be open source on their Blog[1] like > this: > >> We have all intentions of opening up the source as much as possible >> for scrutiny and help! What we really want people to understand >> however, is that Open Source in itself does not guarantee any privacy >> or safety. It sure helps with transparency, but technology by itself >> is not enough. The fundamental benefits of Heml.is will be the app >> together with our backend infrastructure, which is what really makes >> the system interesting and secure. > > From this I imply 2 things: > - It's not going to be completely open source (bleh!) > - It's not p2p since they have some sort of "backend > infrastructure" (bleh, too!) > > They also intend to publish the app with a freemium model, something > for which I don't really see the need after collecting over 100k$ > (currently 134,347). > > Then they come up with some pretty unbelievable claims before the > product is even out. Like > "Developing the most secure, fun and sexy messenger IN THE UNIVERSE!" > > They also directly say that you won't be able to run your own server, > something which I *always* dislike. Oh, and messages will be stored on > their server until delivery, so we already know where the feds will > want to listen. > > The Aljazeera post also hails it as "the first secure mobile messaging > system.". Did I miss something there? What about XMPP+OTR? What about > Whispers' TextSecure? > > All in all, this is not something that seems trustworthy to me, and I > don't even know anything of use on crypto. My personal evaluation is > that donating to other open source crypto solutions would be much more > efficient and useful. At best, sponsor many different projects so that > when one project is (temporarily) compromised by an 0day or something > like that you still have alternatives. With heml.is even the > compromisation of one server would completely break it. Once > their infrastructure is compromised, the communication of ALL its' > users is compromised. This wouldn't even have to do anything with > heml.is' security itself but could just be a software update where the > default of one small option was changed… > > > Just my 2cents, > > phryk > > > [1] > http://hemlismessenger.wordpress.com/2013/07/10/first-bunch-of-questions-from-our-funders-answered/ > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
