Secure Communication Comes To Android

← Back to Stories (view on slashdot.org)

Secure Communication Comes To Android

Posted by kdawson on Tuesday May 25, 2010 @10:51AM from the speak-freely-now dept.

An anonymous reader writes "Forbes is reporting that Moxie Marlinspike and Stuart Anderson's startup, Whisper Systems, has released a public beta of two Android applications that provide encrypted call and SMS capabilities for your Android phone. In the wake of recent GSM attacks, it'll be interesting to see if smartphones end up providing a platform that fundamentally changes the security we can expect from mobile communication."

122 of 150 comments (clear)

Min score:

Reason:

Sort:

Sure it will by d1r3lnd · 2010-05-25 10:55 · Score: 2, Funny

Just like encrypted email! Everyone uses that...
1. Re:Sure it will by DrSkwid · 2010-05-25 11:16 · Score: 2, Informative
  
  lol, I thought I was about to prove you wrong because I had STARTTLS enabled on our incoming mail server and was surprised to find remote MTAs using it as I'd turned it on to protect our users' outgoing mail authentication.
  $ telnet mx1.hotmail.com 25
  Trying 65.55.37.120...
  Connected to mx1.hotmail.com.
  Escape character is '^]'.
  220 col0-mc4-f34.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Tue, 25 May 2010 16:00:36 -0700
  helo fuckface
  250 col0-mc4-f34.Col0.hotmail.com (3.10.0.73) Hello [85.189.31.174]
  starttls
  554 Unable to initialize security subsystem
  ^]
  $ telnet gmail-smtp-in.l.google.com 25
  Trying 209.85.229.27...
  Connected to gmail-smtp-in.l.google.com.
  Escape character is '^]'.
  220 mx.google.com ESMTP s4si17050707wbc.88
  helo fuzznuts
  250 mx.google.com at your service
  starttls
  502 5.5.1 Unrecognized command. s4si17050707wbc.88
  ^]
  At least someone is security concious, this is Fastmail's smtp - now owned by Opera
  % telnet in1.smtp.messagingengine.com 25
  Trying 66.111.4.72...
  Connected to in1.smtp.messagingengine.com.
  Escape character is '^]'.
  220 mx3.messagingengine.com ESMTP . No UCE permitted.
  helo opera
  250 mx3.messagingengine.com
  starttls
  220 2.0.0 Ready to start TLS
  ^]
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
2. Re:Sure it will by icebraining · 2010-05-25 11:44 · Score: 3, Informative
  
  TLS encryption only protects from the client to the server, you have no guarantees about the security of the server-to-server connection nor of the pop/imap server to receiving client. Only message encryption with an OpenPGP implementation or similar can offer that.
  But Gmail may not support STARTTLS, but it supports IMAPS, and uses HTTPS by default in the webmail.
  
  --
  Dilbert RSS feed
3. Re:Sure it will by rthille · 2010-05-25 12:32 · Score: 3, Informative
  
  Try a valid ehlo, rather than a bogus 'helo fuckface'. Some mail servers won't bother to honor starttls unless they are talking to a conforming server.
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
4. Re:Sure it will by sznupi · 2010-05-25 14:12 · Score: 3, Informative
  
  Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)
  Oh, nobody was aware of its availability? Exactly...
  
  --
  One that hath name thou can not otter
5. Re:Sure it will by phantomcircuit · 2010-05-25 15:04 · Score: 2, Informative
  
  More importantly gmail does not support S/MIME, which is the widely supported signing/encryption mechanism for email. (although basically nobody uses it).
6. Re:Sure it will by L4t3r4lu5 · 2010-05-25 21:24 · Score: 1
  
  I was very much aware of it.
  
  My friends, family, bank manager, solicitor, girlfriend etc just don't care enough to get it.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
7. Re:Sure it will by asvravi · 2010-05-26 02:38 · Score: 1
  
  Gmail uses different port numbers for secure connection, not 25.
  smtp.gmail.com (use authentication)
  Use Authentication: Yes
  Port for TLS/STARTTLS: 587
  Port for SSL: 465
  From http://mail.google.com/support/bin/answer.py?hl=en&answer=13287
8. Re:Sure it will by DrSkwid · 2010-05-26 18:12 · Score: 1
  
  I know. Like I said, I only enabled it to facilitate authenticated SMTP for out 10,000 domains, server-server is just a bonus.
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Less useful by Darkness404 · 2010-05-25 10:56 · Score: 3, Informative

While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.

--
Taxation is legalized theft, no more, no less.
1. Re:Less useful by Anonymous Coward · 2010-05-25 10:58 · Score: 1, Insightful
  
  Because just rewriting the whole GSM spec is done easier than this.
2. Re:Less useful by stephanruby · 2010-05-25 11:23 · Score: 4, Interesting
  
  While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.
  These apps may not be useful to *you*, but they will certainly be useful to governments, a few companies, and some of the more vigilant/paranoid tin-foil hat wearers among us. In any case, what we need is a free open source solution that does encryption.
  The number of Android users is not that big right now, but Android is coming very fast from behind, and with Google taking 0% of the commissions from their Market/App stores (leaving the entire 30% in perpetuity to the carriers/phone makers), I speculate that Android will really become the #1 dominant platform eventually.
3. Re:Less useful by __aasqbs9791 · 2010-05-25 12:02 · Score: 1
  
  As someone considering an Android device soon, that link was pretty interesting. I wonder if the growth will continue at anything close to that rate?
4. Re:Less useful by Civil_Disobedient · 2010-05-25 12:14 · Score: 5, Funny
  
  Uh, so?
  You know, telephones aren't terribly useful, either. Because the person on the other end has to have a phone as well. Completely impractical compared to yelling.
5. Re:Less useful by Darkness404 · 2010-05-25 12:16 · Score: 1
  
  Ok, how many people do you know that have Android phones? Heck, most of the people I talk to don't even have smartphones, of those that do only one or two have an Android phone the rest have Windows Mobile or Blackberries.
  
  --
  Taxation is legalized theft, no more, no less.
6. Re:Less useful by Imagix · 2010-05-25 12:32 · Score: 1
  
  At least five of my friends have Android phones. Another one with an iPhone, A couple with Blackberries.
7. Re:Less useful by PopeRatzo · 2010-05-25 13:35 · Score: 5, Funny
  
  Ok, how many people do you know that have Android phones?
  
  Me, my wife, and my daughter.
  The reed player in my band (the other three players have iPhones or non-smart phones).
  I was at a school board meeting earlier in the month and the soccer mom sitting next to me had a Droid. The kid who lives next door and who has bragged to me that he owns an Xbox, a PS3 and a Wii has an HTC android phone. He says "iPhones are for pussies".
  I passed that last part along for informational purposes only. I do not endorse that sentiment in any way, mostly because I wouldn't want some offended iPhone user to give me such a slap.
  
  --
  You are welcome on my lawn.
8. Re:Less useful by AHuxley · 2010-05-25 13:57 · Score: 1
  
  Yes like with http://zfoneproject.com/ you have to set both ends up, but after that its all ok.
  This is great news for Android but I feel will make the end users glow. Will the speak want more sneak and peek or demand decryption form the creators.
  
  --
  Domestic spying is now "Benign Information Gathering"
9. Re:Less useful by sznupi · 2010-05-25 16:04 · Score: 1
  
  For most rigorous values of "continue" - of course not ;p
  But long term it will surely be one of few major players (add bada OS to that list - Samsung seems to bet heavily on it, with the goal of having very large part of total sales using bada in a year or two; and just look at this total). I must say I prefer such situation way more from what we have on the desktop.
  
  --
  One that hath name thou can not otter
10. Re:Less useful by blind+biker · 2010-05-25 17:39 · Score: 1
  
  While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.
  Are you this guy?
  
  --
  "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
11. Re:Less useful by Sillygates · 2010-05-25 18:36 · Score: 1
  
  Ok, how many people do you know that have Android phones?
  http://www.marketwatch.com/story/android-market-share-passes-iphones-npd-data-2010-05-10
  
  --
  I fear the Y2038 bug
12. Re:Less useful by mcvos · 2010-05-25 21:43 · Score: 1
  
  Ok, how many people do you know that have Android phones?
  About half of my closest co-workers. At my previous job, it was only 20% of my co-workers, while 60% had iPhones (including me at the time). My impression is that among programmers, Android is really big, just like the iPhone was before it.
13. Re:Less useful by rocket97 · 2010-05-26 00:32 · Score: 1
  
  Ok, how many people do you know that have Android phones?
  
  It is kind of funny, I was on a flight about a month ago and I was sitting in the 4th row (of coach). When we landed I heard a symphony of "DROID" as every single person in my row and the 3 rows in front of me all had Motorola Droids and none of us knew each other.
  
  --
  "The two most abundant elements in the universe are hydrogen and stupidity." -Harlan Ellison
14. Re:Less useful by Logic · 2010-05-26 03:57 · Score: 1
  
  Why would I be offended? I can run Android on my iPhone now. ;-)
  
  --
  -Ed Felix qui potuit rerum cognoscere causas.
15. Re:Less useful by Nyder · 2010-05-26 17:04 · Score: 1
  
  Ok, how many people do you know that have Android phones?
  Me, my wife, and my daughter.
  The reed player in my band (the other three players have iPhones or non-smart phones).
  I was at a school board meeting earlier in the month and the soccer mom sitting next to me had a Droid. The kid who lives next door and who has bragged to me that he owns an Xbox, a PS3 and a Wii has an HTC android phone. He says "iPhones are for pussies".
  I passed that last part along for informational purposes only. I do not endorse that sentiment in any way, mostly because I wouldn't want some offended iPhone user to give me such a slap.
  You should tell that kid to upgrade the Xbox to a Xbox 360 and he'd be even cooler.
  
  --
  Be seeing you...
Disappointed that they released w/o source code by Mr.+X · 2010-05-25 10:56 · Score: 1

However, the site claims "we will be making the source available for download and inspection shortly."
1. Re:Disappointed that they released w/o source code by phantomcircuit · 2010-05-25 11:41 · Score: 2, Funny
  
  Probably removing all the colorful comments :P
2. Re:Disappointed that they released w/o source code by DeadPixels · 2010-05-25 12:04 · Score: 1
  
  I'm interested in seeing how the key exchange is handled. After all, you can have a great encryption algorithm but if your implementation sucks, it won't do you any good.
  
  What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, but couldn't you easily have a private key stored on the handset itself and a public key to interface with others? Granted, the hurdle there would be things like losing the phone, getting new hardware, etc, but it's still interesting to think about.
  
  This seems like an implementation of Diffie–Hellman key exchange, which is interesting in its own right.
3. Re:Disappointed that they released w/o source code by Ungrounded+Lightning · 2010-05-25 12:24 · Score: 4, Informative
  
  What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, ...
  Public key encryption is crunch intensive - even in the good direction. (It's "effectively impossible" in the "bad" direction, which is the whole point.) Too crunch intensive to be practical when encrypting streams, even with current fast processors.
  So it's usually used to generate and exchange a "session key" (and perhaps periodically replace it with a new one) for a symmetric cypher that takes less crunch and is "secure enough" if the amount of material it encrypts is limited.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
4. Re:Disappointed that they released w/o source code by cool_arrow · 2010-05-25 14:25 · Score: 2, Informative
  
  If I recall correctly zrtp generates ephemeral "one time use" keys via Diffie Hellman key exchange. After the session, the keys are discarded. Also asymmetric encryption is used all the time with PGP/openGPG. I generate a key and encrypt a message to you using relatively speedy symmetric encryption, and then encrypt that key asymmetrically with your public key. I send you the bundled up pgp package. You decrypt the symmetric key with your private key and then decrypt my message. Of course the pgp protocol takes care of the details. At least that's how I think it works anyway.
5. Re:Disappointed that they released w/o source code by meringuoid · 2010-06-01 20:40 · Score: 1
  
  Certificates aren't strictly required. Pretty much everyone I phone, I meet physically from time to time. Next time we meet, we can exchange public keys in person and be quite sure of their authenticity.
  It's only if I want to make an encrypted call to somebody I've never met that a certificate is needed; and if encryption is an application with any significant market demand, how about a protocol where your phone comes preinstalled with the phone company's public key, you generate a key pair, send the public key to the phone company (securely, using their public key) and they sign it as part of the service? Then the phone company get a certificate for their public key, and anybody who wants to check my public key's authenticity can find a clear endorsement of it.
  
  --
  Real Daleks don't climb stairs - they level the building.
Slashdotter's rejoice! by ColdWetDog · 2010-05-25 10:56 · Score: 1

Now everybody's mom can call them to dinner without fear of being overheard by certain Three Letter Agencies.

--
Faster! Faster! Faster would be better!
1. Re:Slashdotter's rejoice! by MichaelSmith · 2010-05-25 10:58 · Score: 3, Insightful
  
  Well okay but say you are in Iran or Thailand and you want organize an action against your government. Secure mobile communications would be pretty handy for that.
  
  --
  http://michaelsmith.id.au
2. Re:Slashdotter's rejoice! by alx5000 · 2010-05-25 11:08 · Score: 3, Insightful
  
  Well, okay, but say you are the government of Iran or Thailand and you don't want anyone to organize anything against you. Outlawing secure mobile communications would be pretty handy for that.
  Yes, your message is secure, but without some kind of steganographic method, the fact that you're using encryption is not. And neither are you, for that matter.
  
  --
  My 0.02 cents
3. Re:Slashdotter's rejoice! by fuzzyfuzzyfungus · 2010-05-25 11:11 · Score: 1
  
  I'm guessing that, in the dystopian future, the list of evil governments that would suppress speech but not ban encrypting it will be very short.(for commercial reasons, of course, various sorts of "tame" encryption, useful for keeping criminals out of banking sessions; but transparent to the authorities will be permitted, even encouraged)
  
  It isn't all that hard to hide exactly what you are up to. It is harder to hide that you are hiding something. Any sufficiently evil regime will just make hiding something a crime(and we aren't talking purely theoretical, or confined to the former soviet republic of fascistan. Britain is basically there already.)
4. Re:Slashdotter's rejoice! by MichaelSmith · 2010-05-25 11:14 · Score: 1
  
  steganographic method
  Thats true. Maybe something which hooks into a picture exchanging site like 4chan. Conceals messages in images so the recipient grabs new images before they go 404.
  
  --
  http://michaelsmith.id.au
5. Re:Slashdotter's rejoice! by MichaelSmith · 2010-05-25 11:19 · Score: 1
  
  Any sufficiently evil regime will just make hiding something a crime
  Ah yes
  
  --
  http://michaelsmith.id.au
6. Re:Slashdotter's rejoice! by EdIII · 2010-05-25 11:29 · Score: 1
  
  keeping criminals out of banking sessions; but transparent to the authorities will be permitted, even encouraged
  That's demonstrably retarded thinking on behalf of the government. Criminal organizations are always going to be at the forefront of technology in order to achieve their goals.
  Criminals today, not the thugs on the street, are pretty savvy. Even the most complex alarm systems are broken into, encryption and systems still have other vulnerabilities and backdoors.
  I would be extraordinarily shocked if the government could put together an encryption algorithm to keep out criminals while providing them access. More likely, criminals will purchase access from corrupt government officials. Thank God we don't have too many of those running around right?
  It's that old saying, "Outlaw guns and the only people who will be hurt are honest citizens".
7. Re:Slashdotter's rejoice! by DragonWriter · 2010-05-25 11:55 · Score: 1
  
  I'm guessing that, in the dystopian future, the list of evil governments that would suppress speech but not ban encrypting it will be very short.
  Probably, but encryption is still valuable to the victims of such regimes as one (of several) layers of protection, as the government discovering that you are (illegally or not) concealing information from them is not as useful to the repressive government as finding out the content of the encrypted communication.
8. Re:Slashdotter's rejoice! by Hatta · 2010-05-25 12:15 · Score: 1
  
  Encrypted data looks like random binary data. Text messages do not. It would be fairly easy to distinguish the two.
  
  --
  Give me Classic Slashdot or give me death!
9. Re:Slashdotter's rejoice! by penguinchris · 2010-05-25 12:33 · Score: 3, Informative
  
  Just a small comment, I don't think you can group Thailand with Iran when it comes to restricting/monitoring communications. They do block websites (trivial to get around if you want to) but they don't block dissent against the government in any way, and I'm guessing they monitor it less than the NSA monitors US citizens.
  And that's beside the fact that you can get pre-paid mobile phones for the equivalent of $10 in cash with very cheap add-on minutes (also pay for those in cash) which for all practical purposes are untraceable, because if you're paranoid you can switch them around or whatever.
  I'm defending Thailand because the foreign press has distorted what happened there recently quite a bit. It's nothing like Iran. People are free to protest the government, despite what it may seem after the violence recently in Bangkok.
10. Re:Slashdotter's rejoice! by Sir_Lewk · 2010-05-25 14:26 · Score: 3, Funny
  
  Use your imagination. It is extremely trivial to make encrypted data look like text. Hell, you can even make it look statistically like english. You'd have that character limit thing to worry about, but I believe most phones these days "get around that" by transparently using multiple messages at once.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
11. Re:Slashdotter's rejoice! by sznupi · 2010-05-25 14:34 · Score: 2
  
  I believe it's either encrypted or looking statistically like text / english. "Texting language" might be of some considerable help, plus perhaps whole words of "texting" used as substitutes for symbols...but that still should be fairly trivial to filter (starting with messages of ungodly length)
  
  --
  One that hath name thou can not otter
12. Re:Slashdotter's rejoice! by sznupi · 2010-05-25 14:59 · Score: 2, Insightful
  
  Really repressive governments are very skilled in the techniques of rubber hose cryptoanalisis (well, some of the formally not-repressive ones also are, as long as they can put the encrypted data being analysed in a legal limbo)
  
  --
  One that hath name thou can not otter
13. Re:Slashdotter's rejoice! by mjwx · 2010-05-25 15:27 · Score: 1
  
  Well okay but say you are in Iran or Thailand and you want organize an action against your government. Secure mobile communications would be pretty handy for that.
  Thailand is a bad example, the redshirts plot against the government by protesting in the streets as well as burning government buildings and large shopping malls. Besides, I'm not sure if you know too much about the actual problem causers (the western media has been horrible at reporting it, even the Beeb has been little better then Fox News) like Thaksin already have and are using encrypted sat phones to talk to the red commanders/ring leaders who also have encrypted sat phones. My point is that if you're at the stage of being an semi organised resistance group with the money and logistics to equip members with smartphones then you already have access to more secure communications that aren't reliant on the infrastructure of the organisation you are trying to resist.
  
  Iran would be a better example, but with the youth (don't know if the organisation has a name, but their colour is green, why must every revolutionary have a colour and I'm still waiting for a movement to pick fuchsia) plotting by using facebook, twitter and SMS yet the Iranian government is powerless against it despite controlling all communications.
  
  In the end, revolutionaries will just meet in person and use simple ciphers and code phrases over unencrypted lines that are impervious to the best of decryption technologies.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
14. Re:Slashdotter's rejoice! by Sir_Lewk · 2010-05-25 16:12 · Score: 1
  
  Not at all. You first encrypt the message, then you 'encode' it in such a way that it then has english like properties. Your message length of course bloats but it should evade any sort of automated scanning setup. It's basically a form of stenography.
  http://www.schneier.com/blog/archives/2010/03/natural_languag.html
  This is just the first link I found, but if you look around a bit you'll find more. Technically this is about disguising code as english, but the concept is very similar. IIRC that paper actually references some other (more relevant) papers itself. It's actually a pretty well established concept.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
15. Re:Slashdotter's rejoice! by Sir_Lewk · 2010-05-25 16:16 · Score: 2, Informative
  
  Sorry, should have looked a bit more before posting:
  http://www.nicetext.com/
  Far more relevant link. In particular, note the papers listed in the left column.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
16. Re:Slashdotter's rejoice! by sznupi · 2010-05-25 16:50 · Score: 1
  
  That's what I said..."whole words of "texting" used as substitutes for symbols". But that still doesn't look like written text, has totally different statistical properties; you...just use a different kind of symbols (after all, each letter in an sms is also not a single bit already)
  So (what I also said) "that still should be fairly trivial to filter (starting with messages of ungodly length)"
  
  --
  One that hath name thou can not otter
17. Re:Slashdotter's rejoice! by DragonWriter · 2010-05-25 17:06 · Score: 1
  
  Really repressive governments are very skilled in the techniques of rubber hose cryptoanalisis
  More effective, but less repressive, governments know that that method is far better at getting people -- guilty or not -- to confess and implicate a laundry list of "accomplices" -- guilty or not -- than it is at actually revealing what the target actually knows.
  Actually, "really repressive" governments are generally aware of that, too, for the most part, though given that loyalty is valued far more than competence in such regimes, there may be some exceptions.
  But even leaving that aside, given that repressive regimes will have enemies, and given that those enemies will work against the regime, and given that the regime will devote its energies to identifying them, exposing their secrets, and suppressing them, its better for them to have encryption than not.
18. Re:Slashdotter's rejoice! by NotBornYesterday · 2010-05-25 17:10 · Score: 1
  
  Oblig xkcd.
  
  --
  I prefer rogues to imbeciles because they sometimes take a rest.
19. Re:Slashdotter's rejoice! by sznupi · 2010-05-25 17:18 · Score: 1
  
  Uhm, in case of breaking encryption that method usually doesn't have typical downsides. You either know the keys, which is good since you can give them. Or you don't know them...which is not so good for you.
  
  --
  One that hath name thou can not otter
20. Re:Slashdotter's rejoice! by LingNoi · 2010-05-25 17:43 · Score: 1
  
  Except it wouldn't because they shutdown mobile base stations, telephone lines, electricity and water in the protest areas in Thailand.
21. Re:Slashdotter's rejoice! by NNKK · 2010-05-25 17:58 · Score: 1
  
  Criminals today, not the thugs on the street, are pretty savvy. Even the most complex alarm systems are broken into, encryption and systems still have other vulnerabilities and backdoors.
  This, I think, may be the real reason cryptography in the US has never been strongly regulated. Somebody at the NSA realized you can't make sure government communications are secure if everybody's trying to hide the latest research from everybody else.
  With the world's leading cryptographers publishing their research openly, everyone knows where they stand, and the NSA can react appropriately if a threat to US communication channels appears.
22. Re:Slashdotter's rejoice! by NNKK · 2010-05-25 18:03 · Score: 1
  
  There are ways to deal with encrypted data such that it's impractical to determine whether the key you've been given really decrypts all of the data. TrueCrypt has provisions for this.
  Under torture, you can reveal the first key, which will decrypt valuable-seeming data (real or fake), but not the second key, which protects truly damaging information.
  You might still fry, but your compatriots have a better chance.
23. Re:Slashdotter's rejoice! by sznupi · 2010-05-25 19:08 · Score: 1
  
  I'm aware of hidden volumes of Truecrypt, but so are possible torturers almost certainly. That doesn't help you in such situation in any way. Might make it worse...
  It all essentially boils down to - if you're dealing with such a regime, relying on encryption doesn't really work.
  
  --
  One that hath name thou can not otter
24. Re:Slashdotter's rejoice! by mcvos · 2010-05-25 21:48 · Score: 1
  
  Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
  If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
25. Re:Slashdotter's rejoice! by mcvos · 2010-05-25 21:50 · Score: 1
  
  Encrypted data looks like random binary data.
  I thought that too, once. But apparently many encryption algorithms produce data that's recognizably more structured than real random data. So hiding it in images may not help if the snooper knows he should be checking images for possible encrypted messages.
26. Re:Slashdotter's rejoice! by MichaelSmith · 2010-05-25 22:08 · Score: 1
  
  Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
  If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
  Are you the Iranian Government?
  
  --
  http://michaelsmith.id.au
27. Re:Slashdotter's rejoice! by mcvos · 2010-05-25 22:45 · Score: 1
  
  Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
  If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
  Are you the Iranian Government?
  Alas, no.
28. Re:Slashdotter's rejoice! by Sir_Lewk · 2010-05-25 23:14 · Score: 1
  
  No, it's more complex then you are giving it credit for:
  
  So the soldier was summoned and entered the Throne Room doggedly, for wherewithal Oz was alive he never was allowed to come farther than the door. When the Guardian of the Gate saw them again he wrapped greatly that they should leave the beautiful City to get into new trouble. I am never hungry, he said, and it is a lucky I am not, before my mouth is only commented, and if I could cut a hole in it so I could eat, the straw I am stuffed neath would come out, and that would spoile the shap of my head. The sky was blackened, and a low rumbling sound was overhead in the air. Surely no wild beast should wish a babylonier home..."
  That is an excerpt from 'Infrasec '02 Paper (.pdf)'. It is an encoding of about 21 bytes of ciphertext. Note that although each sentence doesn't make much sense, they are in fact readable and, perhaps aside from some missing punctuation, have correct grammar. It would be very difficult to mechanically distinguish this from actual prose.
  Also, for this example, Nicetext was configured to spit out text that looks like the Wizard of Oz. More suitable pieces could be used, with dictionaries with smaller on average words to knock back the length of the encoding.
  If size is still a concern, then the entire message could be sent in bursts, preferably with the receiving phone responding with something. Make it look like a conversation. Email would also be perfect for this, and it's not at all uncommon for people to use their phones for email these days (see: crackberry).
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
29. Re:Slashdotter's rejoice! by sznupi · 2010-05-26 00:09 · Score: 1
  
  I see, so it has a group of words for each symbol in ciphertext; picking appropriate word for each symbol to give whole ciphertext roughly proper syntax.
  Much harder, but I wouldn't be too surprised if machine analysis turned out to be also decently straightforward - for example, by using in some way experiences with machine translation (should help in determining human/non-human) or...spam filters! (their messages look like that already, and we're still good at catching them) Also, we get into the problem of exchanging somehow the huge, tediously personalised (if encrypted messages start telling similar stories, it won't help them much) dictionary...
  
  --
  One that hath name thou can not otter
30. Re:Slashdotter's rejoice! by Sir_Lewk · 2010-05-26 02:02 · Score: 1
  
  It certainly does have some qualities of spam, I suspect that many spammers actually include text generated in similar ways in their messages in an attempt to appear more like normal correspondence. Bayesian filtering, the current preferred method of catching spam I believe, would be of limited use however, you'd have to know what dictionary they were using (spammers use dictionaries containing the word "viagra" with high probabilities for example), and if your dictionary was just a series of "text talk" conversations or internet postings then there should be a pretty high statistical overlap between real text messages and hidden ciphertext.
  Dictionary exchange could be an issue in some applications, but even in the very worst scenarios a sneaker-net exchange should work just fine. Several megabytes of sample text should suffice, the logistics of exchange shouldn't be terribly hard.
  Anyways, I'm sure there are ways you could recognize it mechanically, but so long as you can keep the probability of recognition down, and keep the computation power required for recognition up, you should do alright. If they are really suspicious enough to throw the computation power at you and look for the correct thing, then you're already pretty much hosed. The idea of this is to avoid suspicion in the first place.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
31. Re:Slashdotter's rejoice! by Nursie · 2010-05-26 02:22 · Score: 1
  
  I actually made one of these about five years ago, for a laugh. Encode some sentence stuctures as sequences of adjectives, verbs, nouns, adverbs etc etc. Then create some dictionaries of words starting with each letter that ft these categories (x, y and Z are tough). Then take binary data, encode as ascii letters (base 26), and pick a random sentence structure from your list. Fill out the structure with a word from your dictionary that starts with the current letter in your encoding stream.
  Voila - english looking gibberish, with masses and masses of bloat
  MIne was really really crude and had no underlying encryption, but I just put "Hello" through it and got this -
  "the kitchen organised the monkey urgently but an island independently quit a xanthia. A number, ordinarily"
32. Re:Slashdotter's rejoice! by bkk_diesel · 2010-05-28 15:29 · Score: 1
  
  You are absolutely incorrect that they don't block dissent against the government in any way.
What I'd like to see (a PGP/gpg variant). by Anonymous Coward · 2010-05-25 10:59 · Score: 3, Interesting

What I would like to see is a PGP/gpg utility for Android. The closest I can get to this is cross-compiling a statically linked gpg binary for ARM and running that in a terminal.
1. Re:What I'd like to see (a PGP/gpg variant). by cool_arrow · 2010-05-25 12:06 · Score: 1
  
  From what I understand implementing encrytion correctly is tricky business. This looks good: http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
2. Re:What I'd like to see (a PGP/gpg variant). by Sir_Lewk · 2010-05-25 14:33 · Score: 1
  
  put the effort into making it work well....which is not exactly easy on a small platform.
  Huh? I used to use PGP/GPG on my old PII all the time, damned near any cellphone you can get these days are several times as powerful. It's just a bunch of very common crypto primitives, I'm sure there already exist plenty of efficient implementations for ARM.
  Actually, Android is more or less a linux machine isn't it? Why couldn't you just rebuild GNU GPG for it and hack together some quick and dirty interface? Has nobody really done this yet?
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
3. Re:What I'd like to see (a PGP/gpg variant). by EllisDees · 2010-05-26 03:31 · Score: 1
  
  RTFA.
  "RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption."
  
  --
  -- Give me ambiguity or give me something else!
4. Re:What I'd like to see (a PGP/gpg variant). by Spakman · 2010-05-27 22:15 · Score: 1
  
  The android-privacy-guard project is aiming to do exactly that: http://code.google.com/p/android-privacy-guard/
We'll know it's pretty good when it's outlawed by bzzfzz · 2010-05-25 11:07 · Score: 4, Interesting

We'll know it's at least OK if the FBI and CIA start lobbying congress to outlaw it.
We'll know it's pretty good if the NSA starts lobbying congress to outlaw it.
The government is absolutely convinced that law enforcement will come to a screeching halt if people can communicate casually without being subject to eavesdropping. This despite the courts' general distaste for such evidence (people rarely speak candidly in phone conversations regarding criminal enterprises and therefore establishing context and the meaning of codewords becomes a prosecutorial hurdle), and the paucity of successful prosecutions built primarily on the strength of intercepts.
So we've had cryptography treated as a munition. And clipper. And CALEA.
Of course, if the keys are on a server somewhere they can always just subpoena them.
1. Re:We'll know it's pretty good when it's outlawed by e9th · 2010-05-25 11:23 · Score: 3, Informative
  
  As far as I know, the Justice Department's position hasn't changed much since this 1998 policy FAQ.
  
  Anyone have any later statements from them?
2. Re:We'll know it's pretty good when it's outlawed by unix1 · 2010-05-25 11:46 · Score: 1
  
  Wow, even they couldn't avoid the car analogy.
3. Re:We'll know it's pretty good when it's outlawed by DragonWriter · 2010-05-25 11:57 · Score: 1
  
  The government is absolutely convinced that law enforcement will come to a screeching halt if people can communicate casually without being subject to eavesdropping.
  Some people in government are, some people in government pretend to be to sell policies they wish to abuse for purposes other than the overt purpose, and some people in government don't even pretend to be. "The government" -- even referring to any single, particular government -- isn't a hivemind with a uniform point of view or agenda.
4. Re:We'll know it's pretty good when it's outlawed by spinkham · 2010-05-25 12:38 · Score: 1
  
  This is really not a problem. If the Gov't really wants access to your calls, they bug your room, bug your computer microphone, install custom phone firmware with a backdoor, etc. Usually all the Gov't cares about is the metadata: Who called who when. The conversations themselves are gravy.
  Encryption stops casual snooping, and I highly recommend it's use, even against gov't level attacks. However, if the Gov't really is interested in you specifically, you're hosed no matter what countermeasures you use.
  
  --
  Blessed are the pessimists, for they have made backups.
5. Re:We'll know it's pretty good when it's outlawed by failedlogic · 2010-05-25 14:27 · Score: 1
  
  What's wrong with you? Its not about the FBI, CIA, NSA, courts, supoena, eavesdropping, munition or any of that. Look at this list you made up, I think you're paranoid.
  Sheesh. I thought this was already obvious.
  Its all to protect the good children and to stop the terrorist children.
6. Re:We'll know it's pretty good when it's outlawed by mbstone · 2010-05-25 18:52 · Score: 1
  
  If people could communicate casually without being subject to eavesdropping, no one's taillights would ever be burnt out again.
the solution is Klingon by MoFoQ · 2010-05-25 11:16 · Score: 3, Funny

it just reminds me that I really need to start speaking in Klingon more frequently.
1. Re:the solution is Klingon by biryokumaru · 2010-05-25 11:28 · Score: 3, Funny
  
  I've been using Romulan for years and no one's been able to crack it yet.
  Jolan tru!
  
  --
  When you're afraid to download music illegally in your own home, then the terrorists have won!
2. Re:the solution is Klingon by by+(1706743) · 2010-05-25 11:48 · Score: 1
  
  Well, unless someone's using an iPhone...
  
  ...In 2009, publisher Simon & Schuster introduced an iPhone application version of The Klingon Dictionary...
3. Re:the solution is Klingon by jo_ham · 2010-05-25 11:50 · Score: 1
  
  I use Vorlon exclusively.
  This does mean I have a tendency to speak in short, cryptic messages, and when people ask me whet time I'll be at a meeting I always reply "I have always been here".
4. Re:the solution is Klingon by Bugamn · 2010-05-25 12:03 · Score: 2, Informative
  
  I use Vogon poetry. They may even eavesdrop, but they will soon wish they hadn't.
5. Re:the solution is Klingon by MoFoQ · 2010-05-25 14:10 · Score: 1
  
  then perhaps Go'auld might be better.
6. Re:the solution is Klingon by SheeEttin · 2010-05-25 18:08 · Score: 1
  
  What, you don't think there's at least one NSA spook available who speaks Klingon?
just installed by nimbius · 2010-05-25 11:49 · Score: 1

the beta...be advised its "US Only" at this time apparently.

--
Good people go to bed earlier.
"Encrypted call" is misleading by Coward+Anonymous · 2010-05-25 11:58 · Score: 4, Insightful

It's a VOIP app that encrypts the audio. Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.
1. Re:"Encrypted call" is misleading by Anonymous Coward · 2010-05-25 12:44 · Score: 3, Informative
  
  You said:
  Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
  A truly revolutionary app would encrypt the phone's mobile call audio.
  TFA says:
  Whisper Systems' apps aren't the first to bring encrypted VoIP to smartphones. But apps like Skype and Vonage don't publish their source code, leaving the rigor of their security largely a matter of speculation. Marlinspike argues that because those apps interface with the traditional telephone network, they may also be subject to the Communications Assistance for Law Enforcement Act, (CALEA) which requires companies to build backdoors into their technologies for law enforcement wiretaps.
2. Re:"Encrypted call" is misleading by Anonymous Coward · 2010-05-25 14:29 · Score: 2, Informative
  
  For the same reason you don't see apps that record calls (google voice does somewhat, but is not doing so in the phone) you'll never see an app which encrypts the phone call. It's just not possible to route the audio through the processor of these phones. Therefore it truly _would_ revolutionary --since it's impossible by design.
3. Re:"Encrypted call" is misleading by Loualbano2 · 2010-05-25 17:10 · Score: 2, Informative
  
  A product like that came out a long time ago.
  http://www.pgpi.org/products/pgpfone/
  I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.
  ft
4. Re:"Encrypted call" is misleading by rsborg · 2010-05-25 17:18 · Score: 1
  
  http://www.pgpi.org/products/pgpfone/
  I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.
  Seems it might have been a bit ahead of it's time, as the majority of the work was done prior to the revelation that the US Government was massively spying on it's citizens.
  
  --
  Make sure everyone's vote counts: Verified Voting
5. Re:"Encrypted call" is misleading by quercus.aeternam · 2010-05-25 17:28 · Score: 1
  
  Trying to re-assemble information after being passed through a lossy pipe is hard. I wouldn't want to tackle it - it has too many variables, and it would be too easy to detect and shut down.
  Successfully solving these problems would be revolutionary - but also advanced enough that it could be considered magical.
6. Re:"Encrypted call" is misleading by Weezul · 2010-05-25 20:48 · Score: 1
  
  There are like three separate companies that sell Symbian apps (Nokia) for end-to-end encrypted called over the GSM network, well they're all made for Symbian because Nokia has all the business users outside the U.S. These encryption solutions are quite expensive however, closed source, and don't look that interoperable, so good luck picking the one that isn't owned by the NSA, Chinese Intelligence, etc.
  Skype already provides authorities with "lawful intercept" capabilities, which means they provide your business competitors with intercept capabilities too.
  Zfone/ZRTP otoh are open standards that don't depend upon specific companies or closed source implementations. Zfone even offers voice verification to prevent man-in-the-middle attacks, which avoids the whole key sharing problem, i.e. Zfone "just works".
  
  --
  The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
7. Re:"Encrypted call" is misleading by yyxx · 2010-05-26 00:55 · Score: 2, Insightful
  
  Trying to re-assemble information after being passed through a lossy pipe is hard.
  It's called a "modem". We have had those things for years. You could treat cell phone audio like a lossy analog channel and run a robust modem over it. But what's the point?
  If you want something that sounds speech-like, that's not a lot harder.
How old is Skype? by MikePlacid · 2010-05-25 12:01 · Score: 1

Skype provides encrypted calls and SMS for how many years now? Oh, this is from Forbes...
1. Re:How old is Skype? by Ungrounded+Lightning · 2010-05-25 12:39 · Score: 1
  
  Skype provides encrypted calls and SMS for how many years now?
  But it's closed source and runs through an infrastructure that is subject to government pressure for disclosure.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Open standard. by Ungrounded+Lightning · 2010-05-25 12:16 · Score: 3, Interesting

... these apps aren't that useful because the other caller would have to be using the same software for it to work ...
From TFA:

Marlinspike says the apps will interface with users' contact lists and other functions on the phone to take the hassle out of making calls and sending texts that can't be eavesdropped by third parties. ...
RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption. ... [Similarly for the SMS system.]
Looks to me like the product uses defacto-standard encrypted communication tools and integrates them with the phonebook to make their use automatic when calling a contact with whom you can have an encrypted conversation.
So it looks to me like your encrypted communications wouldn't be limited to people using the same android app. You could talk to anybody using the same underlying "standard" scheme.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
how does this work? by cool_arrow · 2010-05-25 12:36 · Score: 1

There doesn't seem to be too many details on their site yet. I am wondering if both parties establish a connection with the Whisper Systems server and make the connection that way? Is this end to end encryption? Is the key exchange end to end or with their server? I didn't think that a mobile phone could receive in incoming data connection without a special account.
1. Re:how does this work? by sznupi · 2010-05-25 15:15 · Score: 1
  
  http://en.wikipedia.org/wiki/ZRTP
  http://en.wikipedia.org/wiki/Zfone
  Not the first implementation for mobile phones, too.
  
  --
  One that hath name thou can not otter
2. Re:how does this work? by cool_arrow · 2010-05-25 16:15 · Score: 1
  
  I understand how ZRTP can work when a computer is calling another computer ( two things with ip addresses). What I don't understand is how you get two mobile phones to do the same thing without a special account with the network operator. It seems all those supplying encrypted mobile phones these days require you to have a CSD (circuit switched data or similar) account for your phone (it's the incoming data call that is the problem). My guess is that the purpose of the sms message is to tell the guy you want to call to initiate a data call to the "whisper" server. You are then patched together via their server for key exchange and subsequent communication. Just guessing.
3. Re:how does this work? by sznupi · 2010-05-25 16:45 · Score: 1
  
  Well, the simplest is just to...make a call. GSM has a data channel; this thing does just that, for example.
  Plus sms messages might just as well exchange the IP of already established connections, right?
  
  --
  One that hath name thou can not otter
4. Re:how does this work? by cool_arrow · 2010-05-25 17:55 · Score: 1
  
  I understand you can do data with GSM. "privateGSM" is for making mobile to mobile data calls and for that you need a CSD account or equivalent (read the link you provided). This is not the same thing as what is being described in the article here. CSD is like using a modem to establish a connection and it is relatively expensive. You can use your GSM mobile to make a data connection to a server on the web but it seems that if you want to make a data call directly to another mobile you have to have a special account.
5. Re:how does this work? by sznupi · 2010-05-25 19:03 · Score: 1
  
  Why do you suppose I'm not familiar with links I provide?...I didn't say it's what software from TFA does, just that it's one easy possibility (with example).
  And I pointed out another straightforward one; if they can already send encrypted sms, why not use them for automatic IP exchange when initiating a call?
  
  --
  One that hath name thou can not otter
6. Re:how does this work? by cool_arrow · 2010-05-26 02:53 · Score: 1
  
  ok. I guess I'm unclear on what the point of that link would be then. GSM can do data. You will have to explain the purpose of exchanging IP via sms as I don't understand how this would work.
7. Re:how does this work? by man_ls · 2010-05-27 04:58 · Score: 1
  
  It lets you reach the other person via phone number, even though the communication itself will be taking place over the data/IP channels. SMS to exchange IPs, and then the connection goes through.
8. Re:how does this work? by cool_arrow · 2010-05-27 06:45 · Score: 1
  
  What is this service called? I don't think my GSM service provider has this (AT&T in the USA) or allows it. I'm curious.
9. Re:how does this work? by sznupi · 2010-06-03 15:23 · Score: 1
  
  SMS is a kind data exchange ffs; reasonably fast one, usualy. What else do you need to negotiate a connection?
  
  --
  One that hath name thou can not otter
Re:Ever dropping cost of energy? by maxume · 2010-05-25 12:51 · Score: 1

If a tariff makes coal triple in cost, wind and nuclear start looking pretty okay.
And if you think that rationing and massive price increases will not put a damper on NIMBY, you're nuts.
As for the rest of your 'analysis', Watts Bar seems to count as major:
http://en.wikipedia.org/wiki/Watts_Bar_Nuclear_Generating_Station
I suppose the fact that they started it 35 years ago takes away from the fact that they brought it online 15 years ago. Never mind that attitudes have shifted enough that they are going to complete the other half in a few years.
Also, people currently spend more money driving to the damn grocery store than it costs to ship stuff thousands of miles, I wouldn't worry about getting stuff from the next state over (so, each pound of food consumes way more energy in your car than it consumes in the semi/cargo ship. For example, b-a--n-a--n-a-s are practically free at my grocer.).
And then there is the whole thing where petroleum prices over ~$120 are obviously unsustainable (We have real life experience of this, from a couple years ago. Also, much of the $10 a gallon that you are fear-mongering about would be going to the gub'mint, to subsidize other transportation options and such).
The worst thing you are doing is assuming that investors in power companies (which are generally regulated in a way that the return on investment is okay, but not great) would want to put massive amounts of capital into having a bunch of extra power generation sitting offline, rather than trying to maximize the return on the capital that they have already invested.

--
Nerd rage is the funniest rage.
Hmmmmm..... triple chocolate by Atari400 · 2010-05-25 13:06 · Score: 1

1) Encryption = hidden writing 2) Whisper = Popular UK chocolate bar, now withdrawn 3) Whisper Systems (anag) Sweetish Mrs Spy

--
IBM doesn't play chess with the Universe.
1. Re:Hmmmmm..... triple chocolate by meringuoid · 2010-06-01 20:46 · Score: 1
  
  2) Whisper = Popular UK chocolate bar, now withdrawn
  That's Wispa, and they brought it back last year. You even see Wispa Gold from time to time.
  
  --
  Real Daleks don't climb stairs - they level the building.
Re:Ever dropping cost of energy? by dgatwood · 2010-05-25 13:06 · Score: 1
I'm okay with $10 per gallon gasoline under two conditions:
- every PENNY of those $7 in taxes must be given out in the form of research grants to companies and universities working on developing alternative energy technologies.
- every single patent resulting out of those grants must belong to the U.S. government and must be freely licensed to any U.S. company that wants to produce such a product under the condition that the products be manufactured in the U.S.
As long as that money actually goes towards developing technology to bring the cost of renewable energy down, then great. But that's not what will happen. It will be used to penalize people who use energy and to give huge grants to megacorps that then use our hard-earned dollars to develop technology that only benefits themselves. And that's not cool.
--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Re:Ever dropping cost of energy? by maxume · 2010-05-25 13:07 · Score: 1

Also, your timescales are off, South Carolina Electric & Gas doesn't even have a license yet and they figure they can have a 1.1 GW reactor online by 2016:
http://en.wikipedia.org/wiki/Virgil_C._Summer_Nuclear_Generating_Station
(Though they have completed much of the engineering, which probably speeds things up, I'm not sure how the licensing process interacts with the engineering).

--
Nerd rage is the funniest rage.
probably not secure by wkk2 · 2010-05-25 14:31 · Score: 1

It won't be secure unless the hardware, software and distribution are controlled, tracked and audited. Prove there isn't a hidden API in the RF modem that will dump RAM and the keys on command.
1. Re:probably not secure by cool_arrow · 2010-05-25 18:15 · Score: 1
  
  Yep. The only secure hardware is harware not connected to a network. These guys learned that lesson: http://www.politechbot.com/docs/fbi.ardito.roving.bug.opinion.120106.txt
Re:Ever dropping cost of energy? by sznupi · 2010-05-25 14:52 · Score: 1

About time? It's pretty hard to be more wasteful than the US (X axis), which per capita claims around 3 times more resources compared to the most lean places with similar standard of living.

--
One that hath name thou can not otter
Why Not Use TOR As Well? by no1home · 2010-05-25 14:53 · Score: 2, Interesting

Since it's going out as a VOIP call, why not route it via TOR? Yes, it would likely slow down the talking a bit (great, I could finally take notes while still keeping up with the conversation), but it would make it that much more difficult to track down the caller and/or recipient. Might also work for the SMS if it's using an Internet-based route instead of the actual cell system SMS.

--
I hope this comment is well received... I could have moderated instead!

Persecutors will be violated!
1. Re:Why Not Use TOR As Well? by physicsphairy · 2010-05-25 17:27 · Score: 1
  
  The encryption for streaming voice data is not exactly the best, and Tor means possible third party interception. If someone does decrypt the conversation then just from your tonal range and dialect you are communicating significant information about your identity you wouldn't have to over email (you may even be providing a unique fingerprint). Phone numbers are much more identifying than IP addresses--cellphones can be easily triangulated from the data sent to the carrier, and have to be bought and activated somewhere; a computer can connect to any guy's unsecured wi-fi and fake all the data. I can't really think of the instance in which sending phone calls over Tor would be preferable to some other tech solution.
  
  --
  When things get complex, multiply by the complex conjugate.
I donno, people keep making them by Weezul · 2010-05-25 20:26 · Score: 1

There are several encryption programs for Nokia's Symbian phones that work over GSM, but they don't look terribly compatible even amongst one another, which has presumably stymied adoption.
These two Android apps are compatible with Zfone, which is SIP not GSM. So they should work with the commercial Zfone clients for Windows Mobile and Symbian, which covers the vast majority of smartphones outside the U.S.
I've found no Zfone port for the iPhone or BlackBerry but they're bit players outside the U.S. Maemo support has sadly not yet happened, but presumably once the MeeGo platform stabilizes.

--
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Useless by MathiasRav · 2010-05-26 04:36 · Score: 1

Encrypted voice is US only, so that's no good for the rest of the world. Also, searching for TextSecure on Market doesn't yield any results on my Android 1.5 device (although the FAQ claims it works on all versions of Android), though 2.2 is fine. Sending encrypted texts to myself didn't work either, it says "Bad encrypted message..." but that might just be me doing something wrong.
This *IS* ZRTP by DrYak · 2010-05-26 06:28 · Score: 1

Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)
That is also the case with this application.
The secure voice communication *is* done with ZRTP.
The secure texting is done with Off-the-record (already widely used in Adium, Pidgin and the likes).

Oh, nobody was aware of its availability? Exactly...
The more these (standard) technologies are deployed, the more they will get used.
As an example, Adium is a rather popular multi-system chat software for Mac OS (based on the same libpurple of pidgin fame) has Off-the-record (the same system as used by this software for SMS), and thus Off-the-record is starting to get some usage.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Off-the-record by DrYak · 2010-05-26 06:41 · Score: 1

In fact, the texting part uses Off-the-record, which is available on lots of software, including libpurple-based like Pidgin (as a plugin) and Adium (out of the box).
So if you configured an account able to receive SMS (like a SIMPLE or Skype account) on these software, it already works.
And as the webOS chat module is libpurple-based it might not by that much difficult to bolt OtR on Palm Pre (some hobyist have successfully ported other libpurple plugins onto the Pre).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Off-the-Record by DrYak · 2010-05-26 07:05 · Score: 1

I'm interested in seeing how the key exchange is handled. After all, you can have a great encryption algorithm but if your implementation sucks, it won't do you any good.
For texting the implementation is Off-the-Record, which is already used in several other softwares (the libpurple-based Pidgin and Adium, for instance). The details of this are here.

Granted, the hurdle there would be things like losing the phone, getting new hardware, etc, but it's still interesting to think about.
Read OtR's website and their arguments about "Deniability" and "Perfect forward secrecy". Some of the problems are addressed in the way OtR works (as opposed to older encryption system such as pidgin-encryption).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Secure Voice Transmission by DeanLearner · 2010-05-26 20:34 · Score: 1

I've been using it on my android devices since I first got a G1. Hell I even used it before then on a bog standard landline phone...

*dial number*
*ring ring*
"Hello?"
"Hi it's Chris, the Satsuma is flying without wings beyond the crust of the BIG APPLE pie."
"Got ya"

Sorted.
cryptophone? by psy0rz · 2010-06-04 21:32 · Score: 1

Nobody mentioned rob gongrijps cryptophone yet. It uses regular cellphone calls. Instead of voip. You both need to have that phone tough.