[atmosx]

I think Snowden revelations showed Cisco in bed with the NSA, I wouldn't trust them if government surveillance is a concern.

There are many open source for teleconference these days, e.g. https://jitsi.org/ - I recall a few appearing on HN as well.

[kyrra]

From my time in Cisco, they take security VERY seriously. There was the story about Cisco devices being intercepted by the NSA in-transit to high-profile targets[0]. This was really bad press, especially since a lot of people assume that Cisco was complacent in the practice (there was no evidence as such, this was very likely the NSA intercepting the package in-route to the target). Many hardware companies (Cisco included) are trying to do verified-boot approaches where they can detect if the firmware or hardware is not genuine, there-by defeating these package intercept cases.

If you are a high-profile target, no matter what vendor or software you use, Five Eyes will do whatever is needed to infiltrate your network. Cisco is a large target just due to their volumes compared to most other solutions (you are more likely to see news of Cisco attacked due to volume of sales). But with that, Cisco will also dedicate resources to trying to defeat this type of attack.

[0] http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-...

[awqrre]

Is this true: "The NSA has been sitting on a zero day exploit to remotely grab VPN keys from Cisco firewalls for FOURTEEN years." [0]

0. https://twitter.com/musalbas/status/777834235273027584

[kyrra]

There is a separate thread here on HN about this[0], though most of the discussion is around the original editorialized title for the article.

If you read the "Exploitation and Public Announcements" section of the Cisco publication, it meantions the source was another CVE from a month ago[1].

[0] https://news.ycombinator.com/item?id=12540692

[1] http://blogs.cisco.com/security/shadow-brokers

[walexander]

One of the points of the E2E security model used here is so that you don't have to trust Cisco.

[sbierwagen]

There's a distinction between trusting a company not to look at your data when you hand it to them in plaintext, (Skype) and trusting them to have completely flawless, bugfree code that the NSA hasn't backdoored. (Dual_EC_DRBG)

[Ninlil]

Only if the enryption is done properly. Is that an open source project? Did someone you trust security review this?

[oneloop]

You still have to trust that the encryption is indeed E2E as they claim, no?

I mean, whatsapp claims it has E2E encryption, but I've never checked...

[obmelvin]

https://whispersystems.org/blog/whatsapp-complete/

I'm not sure what parts you can verify, but I'm willing to trust the word of those at Whisper. Perhaps I'm naive but they seem to genuinely care about improving privacy for others.

[sz4kerto]

This comment also shows that privacy is always based on trust. Trusting Cisco, Google, Microsoft, OpenSSL devs, Whisper Systems, whatever. You can decide who's more sympathetic, moxie, Zuckerberg, Nadella..

[oneloop]

That was exactly the point I was trying to make when I responded to someone saying "well, with E2E encryption you don't have to trust them". Yes you do.

[fulafel]

You still have to use the software you're running, and sounds like you are running Cisco's software.