[phibit]

"There is no demo" -- just make an account quickly and try it out. I did this and it was easy.

"Open-source, but no git repo" -- Open-source does not always entail git or Github.

"I dropped the idea because i realized that no one needs this level of security, NSA is not interested in your chat with family and friends..." -- I'm glad you dropped the idea because someone who doesn't understand why privacy is important shouldn't be making privacy applications. The NSA doesn't care about your chat with family and friends, until suddenly they DO start caring and everything you've said can be manipulated and transformed against you, whether your conversations were innocent or not.

[joepie91_]

Some sort of reproducible version control chain is essential for any kind of privacy- or security-related application. It makes auditing about a hundred times easier.

[vsakos]

I know it can be open source without git, but GitHub gives a lot of benefits.

Also as I understood, you don't have Facebook, Twitter, Skype, Googe, Outlook, YouTube, and even HN account because NSA could one day transform everything against you?!

[orthecreedence]

Possible scenario: you are chatting with a friend about how you bought bitcoin at 300 and sold at 500, making 6000USD on the trade. Your money is in an offshore exchange. Next year, you receive a bill from the IRS wanting their cut of the $6000. How did they know? You never pulled out your money.

Well, the NSA gave them a tip.

Now imagine you're running for public office and your opponents will pay top dollar for dirt on you. Imagine that one day you're at odds with your government and they'll use every piece of information they can to prosecute you.

Privacy from one's government and those who control/buy into it is something that nobody needs until they do.

That doesn't mean you can't have a public life as well. But why give out more than you need to?

[josho]

I like your example, but it is also why a lot of folks don't care so much about privacy. Ie. in the scenario there was an illegal hiding of revenue from the IRS. The privacy infringement simply corrected a wrong. So, for many folks they remain unconvinced because they aren't doing anything wrong, so they feel they have nothing to hide, and don't take issue.

Perhaps, a better scenario is that you are chatting with a fellow entrepreneur about bitcoin, a short while later they are charged by the IRS for tax evasion. Meanwhile, your conversation with them on the subject is discovered through the NSA machinery and is used to kick off an investigation against you.

I wish I had a better example, as that would serve us well to educate folks on the value of privacy. I'm writing in part that someone has a better example to share.

[orthecreedence]

You're right, it's a tricky line to walk.

When not citing technology-focused issues, I like to use the bathroom example: "Would you use a public bathroom with glass walls?" It illustrates the difference between covering up wrongdoing and need for personal privacy, two entirely different things.

[phibit]

You misunderstood, completely. I never indicated that I don't have any FB/Twitter/Skype/... accounts.

The idea of having a secure communication channel doesn't mean that ALL your communications have to be over secure channels, that would be ridiculous. Having the option to bank on a secure channel for conversations you deem private is a perfectly reasonable compromise. People in government agencies switch between insecure and secure mediums regularly.

Having a FB/Twitter/Skype/HN account just means that I am willing to make a tradeoff of privacy to use these services, one that I am okay with. This does not completely exclude me from occasionally using a secure medium, right?

[vsakos]

So you're using FB to communicate with family and friends. As far as i know Facebook messages are not encrypted. Then NSA could use these messages against you (you said this). Am i right?

[phibit]

Yep, you got it! Once again, I don't encrypt all my conversations because I'm making a tradeoff, but I would definitely prefer that they were all private. And again, having a distinct communication channel that was private would not be unwelcome.

[acveilleux]

The published source code is only the client-side. So not quite open-source, at least in my book if a client is open-source the protocol it implements ought to be documented somewhere or the implementation provided.