+1 On Jul 11, 2013 11:48 PM, "Douglas Lucas" <[email protected]> wrote:
> I can't wait until S̶i̶l̶e̶n̶t̶ ̶C̶i̶r̶c̶l̶e̶ Heml.is is open source! > > On 07/12/2013 01:29 AM, phryk wrote: > > On Thu, 11 Jul 2013 23:09:04 -0700 > > Brian Conley <[email protected]> wrote: > > > >> If it's not open source we aren't trusting it, so wait and see. > > > > My thought exactly. The companies involved in PRISM denied giving the > > feds access to their data, so why won't some guys I've never even heard > > of before not do the same? > > > > They answer the question if it will be open source on their Blog[1] like > > this: > > > >> We have all intentions of opening up the source as much as possible > >> for scrutiny and help! What we really want people to understand > >> however, is that Open Source in itself does not guarantee any privacy > >> or safety. It sure helps with transparency, but technology by itself > >> is not enough. The fundamental benefits of Heml.is will be the app > >> together with our backend infrastructure, which is what really makes > >> the system interesting and secure. > > > > From this I imply 2 things: > > - It's not going to be completely open source (bleh!) > > - It's not p2p since they have some sort of "backend > > infrastructure" (bleh, too!) > > > > They also intend to publish the app with a freemium model, something > > for which I don't really see the need after collecting over 100k$ > > (currently 134,347). > > > > Then they come up with some pretty unbelievable claims before the > > product is even out. Like > > "Developing the most secure, fun and sexy messenger IN THE UNIVERSE!" > > > > They also directly say that you won't be able to run your own server, > > something which I *always* dislike. Oh, and messages will be stored on > > their server until delivery, so we already know where the feds will > > want to listen. > > > > The Aljazeera post also hails it as "the first secure mobile messaging > > system.". Did I miss something there? What about XMPP+OTR? What about > > Whispers' TextSecure? > > > > All in all, this is not something that seems trustworthy to me, and I > > don't even know anything of use on crypto. My personal evaluation is > > that donating to other open source crypto solutions would be much more > > efficient and useful. At best, sponsor many different projects so that > > when one project is (temporarily) compromised by an 0day or something > > like that you still have alternatives. With heml.is even the > > compromisation of one server would completely break it. Once > > their infrastructure is compromised, the communication of ALL its' > > users is compromised. This wouldn't even have to do anything with > > heml.is' security itself but could just be a software update where the > > default of one small option was changed… > > > > > > Just my 2cents, > > > > phryk > > > > > > [1] > > > http://hemlismessenger.wordpress.com/2013/07/10/first-bunch-of-questions-from-our-funders-answered/ > > -- > > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
