[zedred]

I haven't directly explored the source for either in little while, so I should take a new look. I might be a little out of date, but the things that I have seen second hand recently confirmed my earlier conclusions.

Like I recently saw an announcement from Wire that calls are now secure, but they had been advertising them as secure all along! I had even spent time looking through the code but didn't know that calls weren't authenticated. Now are they really secure? I don't know, they said that before too, and the source is so hard to follow. Then I saw a post that showed they weren't even doing cert pinning, which is so basic.

I wanted to like it, but the more I looked the more I felt like "security" was just sprinkled on as an after thought.

[walterbell]

Did you see that they implemented CBR for audio calls and submitted patches to both Signal and WebRTC?

https://medium.com/@wireapp/call-security-constant-bit-rate-...

[JshWright]

In 2017... CBR has been a thing in secure calling apps for ~5 years now.

[walterbell]

Can you recommend some iOS/Android apps which support CBR?

[JshWright]

Silent Phone is both Android and iOS compatible, and we have used CBR codecs since we launched (in 2012).

[walterbell]

Thanks for the pointer ($10/month), did not know this was available without buying a Blackphone.

[Siimteller]

Care to name one?

[JshWright]

Silent Phone (disclosure: I am an employee)