| Correction its called Silent Circle, not secure circle. I'm happy to see the surge of interest and new projects, but most of the offerings are between embarrassing and pathetic. Either the concept is being exploited for marketing purposes, the individuals involved just aren't appropriately skilled at what they are doing, or there are actual nefarious purposes. (I would agree, Bitmessage, and similar schemes could prove to be the best of the bunch.) One could respond this is just paranoia, secure software doesn't really need to be open source. Or, we should trust someone because they did something very good in their past. What the NSA leak showed us is that paranoia is real. Politics aside, and I've said this here before, this isn't just an issue of the NSA. For 99%+ of individuals, what the NSA is doing isn't going to damage them personally. However, those techniques damn well can. What the NSA is doing, other intelligence services are doing too. In some circumstances private companies are doing it as well. It doesn't matter if you aren't a terrorist, if you work on anything that could be very interesting or very profitable you are at a real risk of being targeted for electronic spying. Standards need to be established: a) If its closed source, it can not be audited and thus can be considered neither secure or insecure. b) If it forces automated updates, it can not be secure. c) If it runs on a leaky platform (all mobile devices so far) it can not be secure. That should tell us, in my opinion, that the number one goal of secure chat would be a secure mobile platform -- that includes both operating system and hardware. If you take a look at the fine print on Replicant, the fully free version of Android, you'll notice nearly every supported phone has major potential holes, save for one really ugly looking thing. |