Twitter To Open Source Android Security Tech

itwbennett writes "Following last month's acquisition of Whisper Systems, Twitter is open sourcing 'some' of the company's Android security products. First up: TextSecure, a text messaging client that encrypts messages. Souce code is on GitHub now. 'Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent,' writes IDG News Service's Nancy Gohring."

Maybe it was required?

[migla]

Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent.

So, apparently whispersystems has to do with that Moxie Marlinspike character, who strikes me as someone who might have some open souring as a requisite for the acquisition?

Re:Maybe it was required?

Q: Are there business or technical reasons you do not want to open the source code for WhisperCore or any of the sub-projects like WhisperMonitor?

A: (Moxie Marlinspike) Same reason most enterprise software vendors' products aren't OSS, harder to sell software that way. =)

So I guess you're saying he wanted it open since he no longer has to worry about selling it? If you are, that's part of what burns me about open source... so many are on the band wagon until it means that they're the ones producing software while not standing a great chance to profit from their work.
 
Not far from the "IP doesn't really exist crowd"... they're all too happy to take what they want and claim that artists can make money elsewhere yet few, if any, produce a quality product themselves and even less of them give it out 100% free.

Re:Maybe it was required?

What about those like me? I release my software closed source, but after a short period I open source it under the AGPLv3 (A license that ensures the most end user freedoms, AFAICT).

Yeah, it's artificial scarcity, but I can't seem to get people to fund my development as the program is in progress, IN ADVANCE of the project actually being usable. This leaves me with the only option being to release it as closed source and charge for access after the program is complete. In 4 years I haven't yet drummed up enough donation support to fund development without a paywalled & closed source initial release. Now I use a "help free ProductX" progress bar indicating the amount of funds I require in order to fund the next iteration or program. When the gauge is full I open source the product.

Either by donation or paywall you're still paying only for the work I'm doing only once, not the act making infinitely reproducible copies. This is the hardest part to wrap your mind around I suppose. I only want to get paid when I'm doing work, or offering a service (that requires expenditure of time or money on my part). Traditional closed source software development only pays their devs when they work, but attempt to charge for every single copy.

Copying takes far less work than coding. Copies aren't scare. My work is scarce. I only want funding for my efforts. I need to have funding for my work because I'd like to continue doing it instead of digging ditches or busing tables.

The fallacy people like you fall into is the belief that people like me can actually release our products as 100% FLOSS software and still EAT. Closed and open sources can play in the same sandbox, in the same way that labor unions prove that Socialism and Capitalism can work together. At the end of the day, I want my users to have freedoms, but the truth is that most people don't put their money where their freely eating mouths are.

In the future, I may gain enough of a user base that the donations will be able to completely meet my financial prerequisites for the development... However, realize that I must bring in a bit MORE funding than merely enough to actually develop the product. I must have enough funding to have a bit of financial security. Else, I'm living "paycheck to paycheck" and risk one bad release causing me to end all development.

I call people like you software extremists. As any extremist you're likely immune to reason: Anything that's not white is 100% black. No Gray Allowed!!! Gray is THE DEVIL! (Failing to realize that the entire world is a beautiful place predominantly because it's made of many shades of many colors, including gray.)

You need a reality check: Absolutes are a rarity in nature, in fact, they don't exist naturally. To say FLOSS isn't about pushing an ulterior agenda is denialism; The same can be said of closed software.

This is really good news

[Mr_Plattz]

This makes a lot of sense. Twitter is and has always been a facilitator of open communication, particularly from censoring governments. This is just an extension of that.

I have always kept an eye on Whisper Systems and specifically TextSecure (and WhisperCore) but they never became really "usable". I would (and I think many people) love to be able to securely text message (or via iMessage or Facebook) knowing it's safely encrypted but still highly usable (similar to Pidgin + OTR).

Will they try to use this for corporate evil? Maybe. But at the same token WhisperSystems never had enough power/traction to develop what they really wanted and we (the people) needed.

Re:More "Web 2.0" crap that we had years ago?

[Gr8Apes]

The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)

Regarding the open sourcing of the encryption code, generally self-written encryption routines are inadequate at best. If you're not leveraging one of the well vetted encryption libraries, odds are that your solution is weak and will only stand up to cursory inspection. Otherwise, you're using PGP, RSA, Blowfish, etc, and your code is merely a light wrapper around those libraries. (No, I did not review the code)

As for chat clients and the like connecting to each other with encryption, this has been around and open sourced a long time, one implementation is Off-the-Record. And of course there's the PGP solution that has been around since the early 90s.