[laen]

Why isn't there a tool with iMessage-quality UI? I find it hard to understand why the demand is not being met. Could it be that a core tenet of a secure app is being open source and open source is less profitable, thus removing incentive. The article suggests it is because efforts are fragmented, which ostensibly is true. Maybe a combination of the two? What am I missing?

[mehrdada]

This [...is less profitable, thus removing incentive] is probably true, unfortunately. I personally seriously considered this space and actually wrote a quite complete prototype with this exact goal more than a year ago, but eventually decided to not move forward with it at the time. One problem is that it is really hard for an average user to distinguish BS security claims from proper crypto. An average user would likely consider Snapchat to be more secure than an E2E app.

[laen]

Mulling on this a bit more - the profitability is further impacted from the inability to mine customer data on a secure app. Anecdotally, when presented with a free unsecure app vice a paid secure app, average Joe will go with the free app. Maybe there isn't a true demand like eps mentions

[musha68k]

I'm often wondering if something like a mixture of the organizational setups of e.g. the Mozilla foundation, Kickstarter and Wikipedia could work for efforts like these?

Companies are the de-facto vehicle to do something interesting and worthwhile together while making a living out of it as well.

Why not take that some steps further and divorce the concept from the often more mindless than not "we have to make a profit!" shareholder value yaddayadda...?

[mbrock]

On iPhone, is it even possible to distribute software that's open source in the sense of being verifiable? It's all binaries coming from a central server. And the operating system code is secret. Maybe all your keystrokes are sent directly to Obama so he can scan them for terrorism.

[mehrdada]

It is now possible to compile your own binaries and deploy it yourself without paying $99.

As for trusting the OS, it is true, but I would argue it is no better than running on an Android phone that you don't compile and deploy the OS for. There can be a hardware backdoor in your phone too. At some point, you will have to trust your infrastructure to a degree.

[mbrock]

Yeah. I guess if you have Xcode installed it's even quite easy. Of course, push notifications won't work.

It's hard to trust anything after Snowden. I don't know why my smart phone wouldn't be spying on everything I say. If not now then next year.

Maybe for messaging, what's most important is decentralized anonymity. We can use code language to conceal secrets. For actual documents, we can use more trustworthy platforms, at the very least ones with non-secret operating systems.

[eps]

Because, realistically speaking, there's no notable demand.