Zimmermann's Silent Circle Now Live

← Back to Stories (view on slashdot.org)

Zimmermann's Silent Circle Now Live

Posted by timothy on Saturday October 20, 2012 @07:35AM from the different-zimmerman dept.

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

127 comments

Min score:

Reason:

Sort:

Now, with centralized user tracking! by Animats · 2012-10-20 07:40 · Score: 5, Insightful

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.
1. Re:Now, with centralized user tracking! by fustakrakich · 2012-10-20 07:49 · Score: 1, Flamebait
  
  If there are backdoors? Doesn't the government mandate them?
  
  --
  “He’s not deformed, he’s just drunk!”
2. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 08:06 · Score: 5, Funny
  
  HURR DURR Obama Warrantless Wiretapping HURR DURR
3. Re:Now, with centralized user tracking! by Ken_g6 · 2012-10-20 08:07 · Score: 1
  
  If there are backdoors? Doesn't the government mandate them?
  Depends on the government, I think. From one of TFAs:
  
  Canada's privacy laws are the most stringent in the world
  Not that I really trust the company's proprietary software any more because of this.
  
  --
  (T>t && O(n)--) == sqrt(666)
4. Re:Now, with centralized user tracking! by Genda · 2012-10-20 08:14 · Score: 0
  
  Why stop there. The government can just watch the "Silent Circle" and log the folks who go on their site on the presumption that if they want to hide their stuff, there must be reasonable cause for investigation.
5. Re:Now, with centralized user tracking! by interval1066 · 2012-10-20 08:44 · Score: 5, Interesting
  
  Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
6. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 08:48 · Score: 0
  
  It is an FBI sting operation. The whole fucking internet is hahahah !
7. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 08:53 · Score: 5, Funny
  
  Careful there. You're commenting on a story about "wanting to hide stuff" on a known gathering place for geeks and occasionally cyber-terrorists. You're in a database somewhere for simply being here.
8. Re:Now, with centralized user tracking! by nurb432 · 2012-10-20 08:55 · Score: 1
  
  Him being trusted makes it even more dangrous if hes gone rogue, or someone else in his organization has.
  I prefer point to point encryption with no middle man and a direct connection between us. Nothing is perfect, but it should be better than putting your trust in someone else, no matter who it is..
  
  --
  ---- Booth was a patriot ----
9. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 09:13 · Score: 1
  
  Zimmerman is on my whitelist.
  Why... because he has a web page on which he asserts that there are no backdoors in PGP?
  And what do you expect he would have said if there are?
  Note that the source code you can download doesn't compile into the PGP executable. Convenient.
10. Re:Now, with centralized user tracking! by maestroX · 2012-10-20 09:29 · Score: 3, Funny
  
  buuttt.... is it Zimmerman?
11. Re:Now, with centralized user tracking! by Bysshe · 2012-10-20 09:50 · Score: 5, Informative
  
  Considering Zimmermann's track record of not including backdoors and that he was investigated for several years much to his personal detriment for several years in the 90s for his release of PGP I think this particular protocol is pretty safe. Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught. I highly doubt the core team (there are 4 of them, including Zimmermann, 2 ex seals, and Callas) would risk their reputations on including a backdoor. In addition any real backdoors would flag an interference.
  
  --
  Read what I mean, not what I wrote.
12. Re:Now, with centralized user tracking! by Bysshe · 2012-10-20 09:52 · Score: 4, Interesting
  
  Zimmermann's one of those hyper-idealists who will defend his position to his own detriment and the detriment of anyone close to him. If you have to trust someone for privacy, its him.
  
  --
  Read what I mean, not what I wrote.
13. Re:Now, with centralized user tracking! by chihowa · 2012-10-20 10:03 · Score: 4, Interesting
  
  Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.
  That's funny, because I almost feel the complete opposite way. I really want to trust Zimmerman, but I can't make myself do it. Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.
  But part of it also comes from his past. He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever. The fact that he's still working in cryptography and not in some hole somewhere makes me think he's playing ball with the government. It at least raises doubts, which cannot be alleviated by reviewing the source code.
  Or maybe I'm just paranoid. But cryptography is the plaything of the paranoid, and relying on the paranoid to just trust you seems a little off.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
14. Re:Now, with centralized user tracking! by fustakrakich · 2012-10-20 10:29 · Score: 2
  
  Regardless of their reputation, a central server will always put you at risk. There are lots of bad people out there with squeaky clean reputations, but we only find out when they slip up. If you're trying to hide your communications from anyone, then you should better than to trust anyone, including the person you're communicating with. So, you know the risks, take your chances, and hope for the best.
  If the government is ordering the placement of backdoors, which is very likely if the service becomes widespread, I hope he comes clean on it.
  
  --
  “He’s not deformed, he’s just drunk!”
15. Re:Now, with centralized user tracking! by reybo · 2012-10-20 10:37 · Score: 1
  
  There are more gov agents misleading this topic than any we've seen before in this forum. Probably means this will make eavesdropping on email, etc. more complicated.
16. Re:Now, with centralized user tracking! by MangoCats · 2012-10-20 10:50 · Score: 1
  
  Your Logical Fallacy is genetic.
17. Re:Now, with centralized user tracking! by Incadenza · 2012-10-20 10:53 · Score: 4, Funny
  
  "Yes, I am paranoid. But am I paranoid enough?"
18. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 10:59 · Score: 0
  
  This website is a database you know....
19. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 11:40 · Score: 0
  
  >Or maybe I'm just paranoid.
  A little know story, google for NSA in relation to firewalls and "secure" email services. They secretly own many of them.
20. Re:Now, with centralized user tracking! by DerekLyons · 2012-10-20 11:47 · Score: 2
  
  Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.
  Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.
  
  But cryptography is the plaything of the paranoid
  No, it's mostly the plaything of those desperately trying to improve their self image. It's the digital equivalent of elevator shoes or SUV's.
21. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 12:10 · Score: 0
  
  See, this is my problem with you logical fallacy people: Pretty much every argument to you is a logical fallacy because you've typecasted every argument and made a dinky website to say "Your type of argument is a logical fallacy because we've typecasted it to be so, BWAHAHA!" and you get instant invalidation for anyone's opinion you don't like. Notice how no one who brings up logical fallacies ever actually adds to the argument.
22. Re:Now, with centralized user tracking! by HeX314 · 2012-10-20 12:18 · Score: 1
  
  "; DROP TABLE comments;
  
  ...not anymore. ^_^
23. Re:Now, with centralized user tracking! by pnot · 2012-10-20 12:18 · Score: 5, Insightful
  
  Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.
  Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.
  The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.
  "But why trust the skilled individuals?", you may ask. Answer: because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code. At any rate it's a more sensible strategy than "assume that Zimmerman is both infallible and incorruptible".
24. Re:Now, with centralized user tracking! by pnot · 2012-10-20 12:22 · Score: 5, Funny
  
  Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught.
  Lance Armstrong is innocent. His business case is based 100% on being a non-cheating cyclist: if it ever leaked that he'd taken any kind of performance enhancers, it would all be for naught.
25. Re:Now, with centralized user tracking! by TangoMargarine · 2012-10-20 12:54 · Score: 1
  
  Note that the source code you can download doesn't compile into the PGP executable. Convenient.
  And you conclude this how? MD5/SHA-1? Because that proves a whole lot...just one character different somewhere and it's out the window.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
26. Re:Now, with centralized user tracking! by phantomfive · 2012-10-20 13:04 · Score: 3, Insightful
  
  He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever.
  Then you don't pay attention enough.
  
  --
  "First they came for the slanderers and i said nothing."
27. Re:Now, with centralized user tracking! by ubrgeek · 2012-10-20 13:19 · Score: 1
  
  > if hes gone rogue
  
  Next up, Sarah Palin releases her own encryption solution.
  
  --
  Bark less. Wag more.
28. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 13:37 · Score: 0
  
  Sorry, but that is a tu-quoque fallacy.
29. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 13:55 · Score: 0
  
  Ex Navy Seals = two thugs who run 'security contractor' (really mercenary) companies in Iraq
30. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 14:11 · Score: 0
  
  Can you use the drop command with wildcards? (e.g. DROP TABLE * or DROP DATABASE *)
31. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 14:32 · Score: 0
  
  --2 ex seals -- So what does a guy who can stand being wet and move logs 100 pounds heavier than himself know about cryptography anyway? I worked for a government spook house. There are a lot of people there who are 'secure' and have 'government issue' tattoos, and can be trusted to keep secrets, but their knowledge of computers is limited to point and click (on the flip side, there where people without tattoos but several advanced degrees (like Masters Degrees in Computer Science and Electrical Engineering) walking around.
32. Re:Now, with centralized user tracking! by martin-boundary · 2012-10-20 14:48 · Score: 3, Insightful
  
  The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.
  
  Yes. Let me just add a nitpick. It is necessary that *any* user can *initiate* an independent audit of the code he personally received.
  Merely trusting a community of experts who choose to publish their audits as they please is another form of argument from authority. It's a slippery slope to a world where the source code is only available to qualified experts, since there would be no point in making it available to nonqualified individuals.
  Instead, the point of open source is that any user can hire an expert of their choosing, to work on source code as given to them (not source code the expert downloaded from a presumably equivalent source). AND THE PROBABILITY THAT SOME USERS ACTUALLY DO SO MUST BE STRICTLY POSITIVE.
  
  because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code.
  
  Like nearly everybody, cryptographers tend to act in the best interests of their employers. That is why it is necessary for random users to hire such cryptographers every once in a while, as outlined above.
  We cannot trust that the usual employers won't keep quiet about the findings for selfish reasons, eg large companies like Microsoft or Google sitting on discoveries until they can create and deploy a patch.
33. Re:Now, with centralized user tracking! by davydagger · 2012-10-20 15:24 · Score: 2
  
  paranoid is good when you are dealing with security. If your security product doesn't properly asses the concerns of the paranoid, its a shitty secutiy product.
34. Re:Now, with centralized user tracking! by mlts · 2012-10-20 15:45 · Score: 2
  
  Even if the endpoints encrypt data, encrypted data going through one central point is still at risk. Even though it can't be read, it can be tampered with, possibly DoS-ed. At the minimum, an attacker can eventually do traffic analysis and figure out who is communicating to whom.
  The physical car example:
  You don't drive an armored car with your gold in it via a depot in Spokane every time you want to make a deposit to the bank.
35. Re:Now, with centralized user tracking! by Bill,+Shooter+of+Bul · 2012-10-20 15:51 · Score: 1
  
  So how do we know he wasn't found guilty of something, cut a deal and released a closed source program with a direct link to all government agencies? ....tin Hat Maximum power!@!!
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
36. Re:Now, with centralized user tracking! by mlts · 2012-10-20 15:55 · Score: 2
  
  Which PGP executable? I've never encountered his work not building when I used PGP in the past (before GnuPG came out.) Even RSAREF would work.
  PRZ stuck his neck on the line from the get-go way back when Congress was in the process of codifying laws to completely ban cryptography wholesale in the US, or only allow backdoored implementations like Clipper/Skipjack to be used. He spent years twisting on the wind of the ITAR lawsuit.
  You have to trust someone; and he is one of the few people in the industry who has shown they deserve that trust.
37. Re:Now, with centralized user tracking! by Bill,+Shooter+of+Bul · 2012-10-20 15:59 · Score: 4, Funny
  
  Of course I don't drive an armored car with my Gold. The armored car is only used for the silver. The gold is transported by zepplin, for increased security.
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
38. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 16:09 · Score: 1
  
  Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught.
  Lance Armstrong is innocent. His business case is based 100% on being a non-cheating cyclist: if it ever leaked that he'd taken any kind of performance enhancers, it would all be for naught.
  Wait! Are you saying Zimmerman has testicular cancer?
39. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 17:58 · Score: 0
  
  Whoa. You just blew my mind, man.
40. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 18:47 · Score: 0
  
  How can you verify that the source code corresponds to the binaries running on your phone and on their servers? Making it open-source does not effect the level of trust, since they can run arbitrary binaries on their system.
41. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-20 22:43 · Score: 0
  
  To get into the SEAL program you do indeed have to pass those physical tests. However, there are a lot of different roles within the SEAL teams, and only people on the inside ever get to know the difference between (just for example) the guy doing long-range sniping, the guy who defuses the bombs, and the guy who can take apart a motherboard and re-engineer it in the field.
42. Re:Now, with centralized user tracking! by SpzToid · 2012-10-21 00:48 · Score: 1
  
  No, that would be to Phil Zimmerman's detriment. I think the take-home message here is Phil Zimmerman and Sheryl Crow are probably a hot item now, but let's get real. Phil is still Phil and she'll move on; these things cannot last forever.
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
43. Re:Now, with centralized user tracking! by DerekLyons · 2012-10-21 02:44 · Score: 1
  
  Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.
  The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.
  Which brings you right back to the same dilemma - you have no real ability to evaluate the qualifications and skills of the independent auditors.
  
  "But why trust the skilled individuals?", you may ask. Answer: because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code. At any rate it's a more sensible strategy than "assume that Zimmerman is both infallible and incorruptible".
  If all the worlds cryptographers were examining the code - you'd have a point. (And in reality, the cryptographers most likely to find a vulnerability are those also most likely to keep quiet about it.) In the end, you're just being selective about who you're assuming to be "infallible and incorruptible" without actually having any evidence that they actually are... Being "not Zimmerman" is a rational, but flawed strategy - but not realizing and admitting the flaw is not rational. Handwaving away the flaw is irrational.
44. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-21 04:51 · Score: 0
  
  Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.
  That's funny, because I almost feel the complete opposite way. I really want to trust Zimmerman, but I can't make myself do it. Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.
  But part of it also comes from his past. He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever. The fact that he's still working in cryptography and not in some hole somewhere makes me think he's playing ball with the government. It at least raises doubts, which cannot be alleviated by reviewing the source code.
  Or maybe I'm just paranoid. But cryptography is the plaything of the paranoid, and relying on the paranoid to just trust you seems a little off.
  It is very easy with modern tools to investigate cryptographic closed-source software. Hex Rays Decompiler will produce C code for this purpose, which is fairly easy to understand compared to original C sources.
45. Re:Now, with centralized user tracking! by HiThere · 2012-10-21 06:41 · Score: 2
  
  That's not the way to format an SQL injection attack.
  And I'm not going to try, because it MIGHT work.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
46. Re:Now, with centralized user tracking! by HiThere · 2012-10-21 06:52 · Score: 1
  
  Ah, I see your mistake. You're assuming that P = NP.
  Many things which are hard to calculate are easy to check. So it takes a much better expert to create good code than it does to find a hole in the same code.
  This implies that MANY "experts" who wouldn't be qualified to write the code, are still qualified to punch holes in it. Lots of them have large egos, and would like the world to know how smart they are, so some percentage of them would shout it from the rooftops. *IF* they have access so they can find the holes.
  Unless P = NP. Or unless there has been more progress in quantum computing than is yet known. Practically all current cryptographic techniques fall readily to a decent quantum computer. I don't know about Zimmerman's approach, but since it was specified as having originated quite awhile ago, I would expect that it would also fall readily to a quantum computer.
  So possibly the real answer is that the Feds have got themselves a decent quantum computer, and no longer care how secure your cryptographic key is.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
47. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-21 11:11 · Score: 0
  
  If I am paranoid about how I am not paranoid enough. Does that make me sufficiently paranoid?
48. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-21 11:51 · Score: 0
  
  ummm, HURR DURR that came under Bush HURR DURR
49. Re:Now, with centralized user tracking! by fustakrakich · 2012-10-21 15:58 · Score: 1
  
  Bush isn't president anymore. Forget about him...
  
  --
  “He’s not deformed, he’s just drunk!”
50. Re:Now, with centralized user tracking! by Mjanke · 2012-10-22 00:50 · Score: 3, Interesting
  
  From Silent Circle's CEO:
  We are putting our products out open source. CALEA does not apply to us -we are a VOIP and software company. If Canada -US-UK Governments try to regulate VOIP -we will move to where we can provide it to the world. We do not have the ability to track individual user logs nor calls. We hold aggregate server IP logs for 7 days - we are working hard to get it down to 24 hours. The data we do have is:
  *Authentication information — your user name and hashed password. We hash passwords with a twelve-character random salt and 20,000 iterations of HMAC-SHA256 via PBKDF2.
  *Your contact email address.
  *Your Silent Phone number that we issue you...
  That's it. No more no less..We use ZRTP and PGP encryption. Phil created both. Jon created PGP universal and Apple's Whole Disk encryption.They have been open, peer reviewed and tested for 10-20 years. Phil, Jon Callas and Vincent Moscaritolo ( Top crypto engineer at PGP, Apple and Symantec) created our new Instant Messaging encryption called SCimp....it's being released worldwide for audit and review in a few days...we too believe in open source. We will put our products out open source. We are paranoid. We are on the firing line. There are lots of organizations who do not want us doing what we are doing. We want to push back. We worry about CALEA being highjacked again. We do Peer to peer, device to device encryption. We dont like survellience. we believe every worldwide citizen has the right to private comms. We dont like Huawei or the Chinese Government putting holes in the silicon. They dont like Silent Circle. So its a fair fight.
  Our silent network is how we can do clear, very low latency Mobile video and voice on 3G, 4G, edge, and wifi- completely encrypted. Without our custom built network- customers would have poor comms- as is the case with modern day VOIP. We wanted better. We did better. Its not perfect, but we are trying hard to make it the best out there. We don't have the keys to your voice, video, text and data- you do. True security is up to the user. We only secure your comms.
  We are not perfect. We are swimming as fast as we can to launch Android, our Secure PSTN calling plan, Windows 8 version and some new products in 2013... We will make mistakes. We don't stop traffic analysis. We don't secure the device. We don't peddle "military grade encryption" or snake oil VPN systems and we are not for everyone...we deserve scrutiny, skepticism, and questioning. We want to do this right. Phil has been fighting for this chance for 23 years.
  
  --
  Michael Janke, CEO , Silent Circle
51. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-22 15:33 · Score: 0
  
  Adversaries can already use traffic analysis even if you don't use a central server. PGP in e-mail doesn't stop traffic analysis. Neither does SSL or OTR. None of the popular crypto protocols prevent it, nor were they designed to.
  Tor is an exception but it's not a crypto protocol and is not used for privacy (it has a completely different goal all together). If you want to evade traffic analysis and still retain privacy you would have to use Tor along with your favorite crypto protocol. Good luck using Tor with VOIP (lulz).
  So, basically, you're always going to be subject to traffic analysis on the Internet almost no matter what you do. If you don't like it, use a peer to peer connection over a private VPN or something.
52. Re:Now, with centralized user tracking! by mlts · 2012-10-22 17:53 · Score: 1
  
  Sometimes, I wonder if someone will be able to make a decent DC-net implementation, or if that doesn't work, perhaps use age-old remailer technologies to hide who is messaging whom, with both end to end encryption, as well as hub to hub encryption.
  This would work better for non real-time messaging such as E-mail, file sending, or a SMS analogue. Of course, video and other real-time stuff this would be made difficult just due to the fact that latency forces connections to be as direct as possible.
  Traffic analysis is a threat, but compared to others out there, it isn't as a big priority as just getting stuff encrypted end to end. What is really needed is for people to start using a WoT in the first place and to start making their own chains of whom to trust (and whom not to), rather than just assume that any CA shipped with the program (be it a browser, MUA, or OS) is good enough. CAs have their place, as a means of getting Bob's key to Alice, but what is really needed is for one of Bob's trusted friends/introducers to hand him Alice's key.
53. Re:Now, with centralized user tracking! by interval1066 · 2012-10-23 04:16 · Score: 1
  
  You just made me burst out lauging at the office. Tnx.
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
54. Re:Now, with centralized user tracking! by Anonymous Coward · 2012-10-23 10:47 · Score: 0
  
  And is the gold encased in lead to disguise it?
the first rule of the silent circle... by Anonymous Coward · 2012-10-20 07:40 · Score: 3, Funny

shhh...
Silent circle by Anonymous Coward · 2012-10-20 07:46 · Score: 0

That's what we call it when a bunch of guys gather round in a circle and... you know what I mean. We never talk about it. Hence "silent" :)
What does SilentCircle.... by Anonymous Coward · 2012-10-20 07:50 · Score: 5, Informative

"What does SilentCircle provide that previous applications didn't have?"
The 20$/*PER MONTH* price tag. You can also use csipsimple, it does secure messaging (using sips) and voice using the zrtp protocol. For 0$/*PER MONTH*.
(Captcha: investor. How fitting...)
1. Re:What does SilentCircle.... by SpzToid · 2012-10-21 00:58 · Score: 1
  
  Zimmerman and SilentCircle are now providing a paid service. But there is nothing stopping you from rolling your own.
  FWIW, the 'Z' in zrtp stands for Zimmerman.
  https://en.wikipedia.org/wiki/ZRTP
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
MDM and MAM? by Anonymous Coward · 2012-10-20 07:51 · Score: 0

From TFA:
The company's encryption tools offer potentially powerful capabilities for those who need to secure sensitive data. However, broader MDM and MAM capabilities currently aren't included, which means that Silent Circle could be a component in an enterprise's security policy but not a complete solution.
What do MDM and MAM stand for?
1. Re:MDM and MAM? by Anonymous Coward · 2012-10-20 07:57 · Score: 0
  
  "It's ma'am, as in ham, not ma'am as in farm."
2. Re:MDM and MAM? by furbearntrout · 2012-10-20 08:33 · Score: 3, Informative
  
  What do MDM and MAM stand for?
  Mobile Application Management (MAM) and Mobile Device Management (MDM)
  
  --
  Crap. What did the new CSS do with the "Post anonymously" option??
You cannot subscribe to good crypto by betterunixthanunix · 2012-10-20 08:01 · Score: 4, Insightful

How many times will subscription approaches to crypto have to fail before people understand that it does not work? It failed with Hushmail, and it will almost certainly fail here.

--
Palm trees and 8
1. Re:You cannot subscribe to good crypto by MangoCats · 2012-10-20 10:53 · Score: 1
  
  Hushmail is still going, for anyone who wants to trust a service that can be cracked by court order.
  Actually, in theory, point to point encryption can also be cracked by court order - but if you are the putative holder of the secret key, you get the option to reveal it or go to jail.
2. Re:You cannot subscribe to good crypto by betterunixthanunix · 2012-10-20 14:27 · Score: 2
  
  Hushmail is still going, for anyone who wants to trust a service that can be cracked by court order.
  Or by any Hushmail employee, or by anyone who can hack Hushmail, etc., etc., etc.
  
  Actually, in theory, point to point encryption can also be cracked by court order
  In which case at least one of the two parties is aware that the secret was leaked. In the case of Hushmail, neither the sender nor the receiver of the message would know.
  
  --
  Palm trees and 8
Zimmerman, "Silent Circle" by Anonymous Coward · 2012-10-20 08:02 · Score: 0

I was almost sure you were talking about the Trayvon Martin murder.
Doesn't matter. by Anonymous Coward · 2012-10-20 08:04 · Score: 3, Funny

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.
I couldn't sign up going through my 3 proxies - the website timed out.
What?!? And let them know my IP?!?!
This could be a honey pot for the FBI or CIA or Illuminati!
1. Re:Doesn't matter. by K.+S.+Kyosuke · 2012-10-20 08:54 · Score: 2
  
  This could be a honey pot for the FBI or CIA or Illuminati!
  You think that FBI and CIA would fall for it and ditch their own encryption measures? I mean, they're dumb at times, but still...
  
  --
  Ezekiel 23:20
SEAL of approval? by Anonymous Coward · 2012-10-20 08:06 · Score: 1

Seriously though, WTF is it with the SEAL shit. Do they cover advanced cryptography after mastering small unit tactics and CQB? I have nothing but the greatest respect for Phil Zimmerman but this just smacks of crude marketing.
Poor headline by Anonymous Coward · 2012-10-20 08:09 · Score: 1, Informative

Using the name Zimmerman immediately after a post about Treyvon Martin was a poor choice. Perhaps "PGP Creator's Silent Cirlce is now live" would have been a better choice. I certainly didn't associate the name with PGP, I associated it with the previous article, and I'm sure others did as well.
1. Re:Poor headline by nurb432 · 2012-10-20 08:59 · Score: 1
  
  I associated it with the previous article, and I'm sure others did as well.
  No, just you.
  
  --
  ---- Booth was a patriot ----
2. Re:Poor headline by 1u3hr · 2012-10-20 16:29 · Score: 3, Informative
  
  I certainly didn't associate the name with PGP, I associated it with the previous article, and I'm sure others did as well.
  I associated it with Bob Dylan myself.
3. Re:Poor headline by Anonymous Coward · 2012-10-21 03:00 · Score: 0
  
  No, not just him.
Would you believe? by bigdarryld · 2012-10-20 08:10 · Score: 4, Funny

They have the first working implementation of CONTROL's Cone of Silence.
All This Needs Is A FOSS Solution by Jane+Q.+Public · 2012-10-20 08:14 · Score: 2

Seriously. Make programs (like email, IM, etc.) work with a good but open encryption protocol, like gpg for example. And surely (since Skype has shown what is possible with compression) voice applications can make good use of encryption too.

But a subscription-based, proprietary solution with central servers? No thanks.
1. Re:All This Needs Is A FOSS Solution by HatofPig · 2012-10-20 08:41 · Score: 3, Informative
  
  Ostel is a running public beta of the Open Secure Telephony project. It's end-to-end secure VoIP. Anyone with an Android phone (i.e. everybody reading this) is covered for everything but video by The Guardian Project.
  
  --
  Silicon & Charybdis McLuhan Kildall Papert Kay
2. Re:All This Needs Is A FOSS Solution by westlake · 2012-10-20 11:55 · Score: 1
  
  Seriously. Make programs (like email, IM, etc.) work with a good but open encryption protocol, like gpg for example. And surely (since Skype has shown what is possible with compression) voice applications can make good use of encryption too.
  
  Encryption in Skype is transparent to the user. He doesn't have to give it a second thought --- much less persuade a critical mass of users to adopt the same standard,
3. Re:All This Needs Is A FOSS Solution by icebraining · 2012-10-20 13:22 · Score: 1
  
  That's because it's weak and leaves you vulnerable to snooping by Microsoft (either for their own purposes or for someone else's, like law enforcement), since there's no way for you to verify that you're communicating directly with the other party's instance, and that the network doesn't have a copy of its key. This is the reason why people using PGP/GPG publish their fingerprints.
  
  --
  Dilbert RSS feed
4. Re:All This Needs Is A FOSS Solution by Anonymous Coward · 2012-10-20 20:40 · Score: 0
  
  HatofPig, do you use Ostel?
  Don't take this as aggressive, I'm truly interested in it and just wish to know the involvement.
  I'm worried at the current lack of laptop OS versions ('calling home'); I happily discovered this is for year 2 but then this very info is on a page that's been "accessed 9 times"!
  If some here do use it, I'll try to turn the android apk into something working on the BlackBerry playbook.
5. Re:All This Needs Is A FOSS Solution by semi-extrinsic · 2012-10-21 07:55 · Score: 1
  
  Problem is, the email service providers don't want you to use crypto, cause then they can't data mine you. Thus even third party things that make crypto user friendly are foiled (cf gmail and GPG)
  
  --
  for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
d'oh! by pbjones · 2012-10-20 08:16 · Score: 1

why would you mention on CIA-/. that you have subscribed to that service??

--
There was an unknown error in the submission.
If at first you don't succeed... by Anonymous Coward · 2012-10-20 08:20 · Score: 0

How many times has it been tried?
Phil Zimmerman is ok in my book by hardie · 2012-10-20 08:44 · Score: 4, Informative

I worked with Phil for awhile at StorageTek--6 months or a year I think. He's a very smart guy. He was also one of the most evangelistic people I have ever met. I do NOT mean this in a religious sense, any way shape or form. At the time (this was the 1980's) he spoke a lot (incessantly?) about the danger of nuclear war and all these bombs we've got. I expect that this same incredible focus and sense of purpose has now been applied to security, which could be a really good thing. I also expect that he has mellowed a bit, but that's just a guess.
Steve
1. Re:Phil Zimmerman is ok in my book by e065c8515d206cb0e190 · 2012-10-20 08:53 · Score: 4, Interesting
  
  OP here.
  
  Exactly. My reason to believe SilentCircle is in good faith is Zimmerman's history fighting for privacy. It doesn't mean I would trust that service. But I guess it gives some hope that people are going to become more aware of privacy issues in general.
  
  Which is why I was ambivalent about this and came to get /.'s opinion
2. Re:Phil Zimmerman is ok in my book by Bysshe · 2012-10-20 09:55 · Score: 1
  
  Nope, not mellowed. Just as focused and evangelical on privcay. Just the public eye has moved on a bit.
  
  --
  Read what I mean, not what I wrote.
Silent Circle? by 93+Escort+Wagon · 2012-10-20 08:46 · Score: 0

When I saw the title, I thought it was a Google+ story. There are a lot of silent circles over there, after all.

--
#DeleteChrome
Canada's Canada's privacy laws the most stringent? by whathappenedtomonday · 2012-10-20 08:57 · Score: 1

citation needed. should probably read "among the most stringent".

--
I hope I didn't brain my damage.
crude marketing by nurb432 · 2012-10-20 08:57 · Score: 1

well, hes gotta eat too....

--
---- Booth was a patriot ----
CALEA by gellenburg · 2012-10-20 08:59 · Score: 5, Informative

I wrote to Silent Circle over a week ago when news of the impending launch first started making circles.
SC's COO was kind to respond in an attempt to allay my fears. Sadly though his answer was more "non" than one.
A week ago replied back with a follow-up question, and have yet to receive a response.
While my political activism is pretty much limited to change.org petitions, SC is directly marketing their services TO activists. As the Occupy movement has shown, political activism, and the free-speech that goes along with it, are becoming in jeopardy. My concern, and I feel it's a valid one, is that CALEA will give subscribers a false sense of security. After all when Microsoft purchased Skype, one of the first things they did (they had no choice) was to install CALEA intercepts.
Hopefully somebody at Silent Circle will be able to answer this. Until then, I wouldn't recommend it. Check out The Guardian Project and Jitsi instead.
(Note - I'm only posting this because as Silent Circle's COO, Vic Hyder is authorized to speak on behalf of the Company.)
-----BEGIN EMAIL-----
Mr. Hyder,
Thank you very much for the reply and information you've provided below,
but I'm afraid I'm still unclear on one particular point: /does Silent
Circle fall under /CALEA/jurisdiction or not/?
Kind regards,
George Ellenburg
On 10/11/12 7:43 PM, Vic Hyder wrote:
> *George*,
> Thanks for the note. Quick response - Silent Circle provides peer to
> peer encryption from subscriber to subscriber. The Secure Calling Plan
> offers members a little flexibility to use their Silent Phone number
> to send and receive calls outside the Circle (encrypted to our servers
> but decrypted from servers to non-subscriber). We'll let our members
> determine what their threat model is and how they need to protect
> their transmissions.
>
> Circle up.
> *______________*
>
> Vic Hyder
> Chief Operations Officer
>
> Silent Circle
> Private Encrypted Communications
> Silicon Valley | Washington DC
>
> w: SilentCircle.com
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you received this e-mail in error, please notify the
> sender immediately and destroy and/or delete all copies. Circle up.
>
>
>
> On Oct 11, 2012, at 6:01 AM, George Ellenburg > wrote:
>
>> Hello-
>>
>> I read with interest news reports yesterday that Silent Circle was
>> getting ready to launch. As an activist and privacy advocate, I was
>> troubled though to read that Silent Circle was planning on offering a
>> Secure Calling Plan amongst other communication services.
>>
>> I understand the obvious revenue stream such an offering will generate,
>> but I'm intrigued as to how you plan to not comply with CALEA, or
>> curious as to how CALEA wouldn't do an end-run around your service
>> altogether? CALEA, as you probably know, is the Communications
>> Assistance for Law Enforcement Act, which requires mandatory technical
>> intercept points for Law Enforcement and Intelligence purposes.
>>
>> Being a United States Company, offering Communication services, located
>> in the United States, your Company is certainly subjected to mandatory
>> CALEA implementations.
>>
>> Thanks for your time. I earnestly look forward to your response.
>>
>> -George Ellenburg
>>
>
-----END EMAIL-----
1. Re:CALEA by Anonymous Coward · 2012-10-20 10:13 · Score: 1
  
  You might be asking for a legal theory when trying to find out if CALEA applies. CALEA requires telecommunications carriers and manufacturers of telecommunications equipment to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time. (taken from wikipedia)
  Are they a telecom carrier or telecom equipment manufacturer? How is a telecom carrier defined? Any gov't registered company that charges money (or not) while using the physical telecom network to provide some kind of service? I don't think so, and would guess it's limited to verizon, at&t, level 3 et. al.
  Better question might be: 'have you implemented measures to be in compliance with CALEA?' Or are they willing to fight in court before they implement measures, etc..
  Individuals with no contracts with the government are outside it's jurisdiction as long as they 'do no harm' (simplification). Bit more complicated if you have a contract...
2. Re:CALEA by Cornan · 2012-10-20 10:13 · Score: 0
  
  You may want to re-read this bit of the email you just posted. > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you received this e-mail in error, please notify the > sender immediately and destroy and/or delete all copies. Circle up.
3. Re:CALEA by Anonymous Coward · 2012-10-20 10:32 · Score: 0
  
  Most corporations put similar boilerplate on the end of their emails. I don't understand why since it has no legal force.
4. Re:CALEA by Threni · 2012-10-20 10:34 · Score: 2
  
  He didn't agree to that - it was stuck on an email someone sent him. If I email you saying `you get to send me some Zappa CDs once a month` I don't expect you to give a shit either. It's not a contract - I'm not going to expect a copy of `One Size Fits All` in the post from you, and some guy sending emails to random people shouldn't expect them to follow his random instructions either.
5. Re:CALEA by cbhacking · 2012-10-20 10:55 · Score: 1
  
  So, your point is that this Vic Hyder person, the COO of a company supposedly providing a technological solution to private conversations, apparently thinks that such PS blocks are worth the bits to transmit them? That says a lot for my confidence in SC...
  Or were you suggesting that the GP shouldn't have posted that message? Here's a hint: those blocks are not only completely unenforceable, they're basically meaningless business-speak bullshit. Short of legal or contractual obligations to do otherwise, once you receive a document by any means, it's yours to do with as you please. In the case of email, even copyright doesn't apply.
  
  --
  There's no place I could be, since I've found Serenity...
6. Re:CALEA by MangoCats · 2012-10-20 10:56 · Score: 1
  
  Also check out CryptoCat (no affiliation), and StegaMail (affiliated), or just roll your own and wrap it in a couple of more common layers of trusted security such as PGP, etc.
7. Re:CALEA by IndustrialComplex · 2012-10-20 12:47 · Score: 1
  
  It makes a big difference when criminal charges or lawsuits are filed.
  In the US at least, there are laws which apply extra penalties for people if they willfully violate them. For 99.99% of all email traffic, things like this don't mean anything. However, when you start dealing with things like breaches of confidential data, trade secrets, PII, proprietary information... it makes a big difference.
  Working in the Defense Industry, one of the big things that we work hard to remind our workers of, is that it is VERY important to mark things properly with respect to Proprietary information.
  The very LAST thing you want is a big contract win subject to protest because a dumbass project manager forgot to mention that one of our competitors accidentally cc'd them on their cost data. Even if we would have won the contract anyway, the whole thing now becomes a huge waste of money and can potentially kill the entire program.
  It's important, and it DOES have legal force, just not in the "Oh I said that was confidential so you can't repost it" manner that a lot of people think it does.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
8. Re:CALEA by sociocapitalist · 2012-10-21 00:21 · Score: 1
  
  A week ago replied back with a follow-up question, and have yet to receive a response.
  The lack of response is the response. The product is surely CALEA compliant.
  
  --
  blindly antisocialist = antisocial
9. Re:CALEA by Anne_Nonymous · 2012-10-21 01:12 · Score: 2
  
  So I can stop sending the CDs then?
10. Re:CALEA by gellenburg · 2012-10-21 08:04 · Score: 1
  
  Oh agreed. Definitely. In fact I already knew the answer before writing the guy originally. Any telecom provider located in the US *must* be CALEA compliant. However the entire service will give folks a false sense of security and that's the larger point I was trying to make.
  Most speech isn't prohibited today, but political winds change all too often and what may be legal today may become illegal tomorrow.
  Just hope and wish folks realize that their calls can and WILL be intercepted no matter what Silent Circle may say on the matter, that's all.
11. Re:CALEA by sociocapitalist · 2012-10-21 10:24 · Score: 1
  
  Oh agreed. Definitely. In fact I already knew the answer before writing the guy originally. Any telecom provider located in the US *must* be CALEA compliant. However the entire service will give folks a false sense of security and that's the larger point I was trying to make.
  Most speech isn't prohibited today, but political winds change all too often and what may be legal today may become illegal tomorrow.
  Just hope and wish folks realize that their calls can and WILL be intercepted no matter what Silent Circle may say on the matter, that's all.
  We agree to agree :-)
  
  --
  blindly antisocialist = antisocial
12. Re:CALEA by Anonymous Coward · 2012-10-22 16:02 · Score: 0
  
  1) CALEA only applies to U.S. companies. Silent Circle is not incorporated in the U.S. for precisely this reason.
  2) Even if Silent Circle did host its servers in the U.S., it wouldn't matter since CALEA only applies to companies that provide physical infrastructure (ISP's and telcos).
  This is what the FBI has been complaining about since 2008 -- they want CALEA expanded to include software communications (VOIP, IM, text, etc.). So far Congress has yet to update the law, most likely because Skype (which was the FBI's biggest complaint) is now wiretap friendly ever since M$ bought it and inserted backdoors (we know this because M$ patented a "lawful intercept for VOIP" technique). M$ officials, when asked if Skype now has a backdoor, have repeatedly refused to respond or have danced around the issue. Regardless of what they say, the patent application pretty much answers the question for us.
  Irrespective of Skype, the fact remains that software services (VOIP) are exempt from CALEA. Any VOIP provider that goes along with CALEA is doing it voluntarily. And even if Congress did update the law, can you imagine how difficult it would be to force every developer of every protocol to insert backdoors into his/her software? It's unfeasible to say the least.
Was gonna say something by Anonymous Coward · 2012-10-20 09:01 · Score: 0

But it's the wrong damn Zimmerman.
Timely Idea, but Do It Yourself? by rueger · 2012-10-20 09:03 · Score: 3, Interesting

Of late I've been thinking that it might be prudent to establish an on-line persona that can't be traced back to me. Between corporate tracking (Google?) and government's love of surveillance, and a sense that we could be heading for some economically or politically charged time, I can see situations where anonymity could be essential.

It seems to me that if you can start with an untraceable e-mail address and consistent use of Tor, you should be on the way to building up an on-line profile that's recognizable, useful, and fairly disconnected from real life.

I'm not naive enough to think that anything I could do would be 100% safe or secure, but surely you can keep most of the prying eyes away from you.

--
Three Squirrels
1. Re:Timely Idea, but Do It Yourself? by Anonymous Coward · 2012-10-20 09:48 · Score: 1
  
  In espionage circles this is called a "legend." Establishing one is probably enough to make you of interest to the security services (except for valid reasons. For example, I established one for the purposes of marketing a novel as part of an elabourate joke.) YMMV.
  RP
2. Re:Timely Idea, but Do It Yourself? by Anonymous Coward · 2012-10-20 10:56 · Score: 0
  
  probably enough to make you of interest to the security services
  Being alive is apparently enough to make you of interest to the "securicty services" these days.
  The NSA, for example, is apparently trying to record, store indefinitely, and no doubt analyze, EVERYTHING.
  
  The former NSA official held his thumb and forefinger close together: “We are that far from a turnkey totalitarian state.”
3. Re:Timely Idea, but Do It Yourself? by swell · 2012-10-20 15:54 · Score: 1
  
  "might be prudent to establish an on-line persona that can't be traced"
  It would be prudent for everyone to do so. And everyone should encrypt every communication possible.
  The simple reason is that if only 1% seek privacy, then governments and others can simply focus their great power on that 1%; but when everyone seeks privacy it is more difficult to snoop on any particular 1%.
  Yes, it will be harder to pin down bad guys & terrorists, but that's the wrong approach anyway. When people are educated, treated with respect, given medical attention and given opportunities to prosper there won't be any terrorists, and mentally ill 'bad' guys will be managed with dignity.
  
  --
  ...omphaloskepsis often...
4. Re:Timely Idea, but Do It Yourself? by Anonymous Coward · 2012-10-20 20:41 · Score: 1
  
  You'll also need a way to block online tracking (cookies, widgets, gifs).
  Ghostery comes close, but there's no guarantees that it gets them all.
  Next you need to make your browser un-unique.
  With version number, installed add-ons and what information is available about your particular hardware, it's quite possible to figure out which personas belong together.
  It's not just about a particular id bit any longer, it's tiny bits of irrelevance scooped up by tracker networks combined into a whole in the long term.
TFS / TFTFY by bill_mcgonigle · 2012-10-20 09:09 · Score: 1

new suite of tools for the stupid and paranoid

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Restricted by frisket · 2012-10-20 10:01 · Score: 1

Presumably this is a US-only thang?
Two Zimmerman stories in a row! by MouseTheLuckyDog · 2012-10-20 10:05 · Score: 1

and they are not the same Zommerman. who would have thought.
Encryption in the stack by ironicsky · 2012-10-20 12:27 · Score: 1

I'm personally surprised that no one has bothered to build encryption in to the TCP/IP stack yet, an sTCP/IP if you will. Using a public/private key encryption model, each time the stack initiates a new connection to any IP, it would first ask the other side if it supports secure encryption, if it doesn't, the other side would probably return an error. Once it is determined the other side supports encryption, both sides generate one-time key pairs and transmits the public key to the other side. Once the connection closes, the private key is destroyed and must be renegotiated. Of course, this doesn't prevent against man in the middle attacks, because there is no central repository to prove who's keys belong to who, but something like this could be done.

I guess what I am trying to say is, SSL should be implemented in the stack, instead of the application level, then we wouldnt really need to worry about our ISP's or the big bad government sniffing out our traffic.
1. Re:Encryption in the stack by icebraining · 2012-10-20 13:27 · Score: 1
  
  https://en.wikipedia.org/wiki/IPsec
  
  --
  Dilbert RSS feed
2. Re:Encryption in the stack by mlts · 2012-10-20 16:50 · Score: 1
  
  Isn't this what TLS is for, or am I mistaken? TLS is a connection level encryption protocol.
  On the individual IP packet level, there is IPSec, but that tends to be mainly used in Windows domains.
3. Re:Encryption in the stack by Anonymous Coward · 2012-10-20 18:27 · Score: 0
  
  ... then we wouldnt really need to worry about our ISP's or the big bad government sniffing out our traffic.
  Which is exactly why no government is going to support this.
4. Re:Encryption in the stack by Anonymous Coward · 2012-10-21 06:19 · Score: 0
  
  TLS relies on PKI. ZRTP does not.
  TLS is used by Silent Circle for signalling, ZRTP is for the media (UDP).
5. Re:Encryption in the stack by Anonymous Coward · 2012-10-21 15:21 · Score: 0
  
  ...
  On the individual IP packet level, there is IPSec, but that tends to be mainly used in Windows domains.
  It's also the protocol used for VPNs that aren't SSL-based. And IPsec is almost always used for site to site VPNs (whether natively in tunnel mode or to protect a GRE connection).
Laugh... by koan · 2012-10-20 14:35 · Score: 2

"suite of tools for the paranoid" where you let a 3rd party handle your security...

--
"If any question why we died, Tell them because our fathers lied."
Zimmerman gave us PGP, he can shoot who he wants! by bussdriver · 2012-10-20 15:00 · Score: 1

That explains why there are so many Zimmerman supporters in the shooting stories... They think it is THAT Zimmerman. I remember Mr. Filesystem which lost files better than he lost evidence... many biased defenders on that one too...

--
Democracy Now! - uncensored, anti-establishment news
Re:Zimmerman gave us PGP, he can shoot who he want by bussdriver · 2012-10-20 15:02 · Score: 1

Correction. Reiser lost files better than he lost incriminating evidence.

--
Democracy Now! - uncensored, anti-establishment news
hey by Anonymous Coward · 2012-10-20 15:09 · Score: 0

First rule of Silent Circle, don't talk about Silent Circle. Second rule - Don't talk about Silent Circle!!
I believe him by ei4anb · 2012-10-21 05:42 · Score: 1, Interesting

I was working on public key cryptography in the late 70s while doing my undergrad degree in maths and electronics and got to know some of the people in that field. I have talked with PZ face to face about his experiences with PGP and government. I believe him.
1. Re:I believe him by Anonymous Coward · 2012-10-21 17:04 · Score: 0
  
  I was working on public key cryptography in the late 70s while doing my undergrad degree in maths and electronics and got to know some of the people in that field.
  I have talked with PZ face to face about his experiences with PGP and government. I believe him.
  That's great, but what about everyone who hasn't talked with him face to face? That's not a very scalable system.
`You'll also need a way to block online tracking' by Max+Hyre · 2012-10-21 06:51 · Score: 1

I clicked on the Silent Circle URL, and was immediately offered a cookie. (Which I declined—thanks Firefox.)

--
I refuse to believe corporations are people until Texas executes one. -- desert rain on http://www.dailykos.com/user/
Too many questions remain open by Anonymous Coward · 2012-10-21 22:51 · Score: 0

Sorry, but I have been trying to get a QUALIFIED view of their security and I have been unable to come up with anything that I can actually consider a confirmation that this is not a honey trap.
HOSTING abroad is of nil and nada value if any part of the business or the people involved is based in the US, and as far as I can see that is indeed the case. Not that I begrudge the US government the power to catch bad guys, the problem is that their definition of bad includes "foreigners who may have interesting stuff we would rather sell as American products" and "foreigners who compete with US companies". Actually, just say "foreigners", that's easier.
I'm not going to touch this one. Maybe it'll work for US citizens, but sticking a label "Phil Zimmermann" over any product to call it secure is not going to fly.
I prefer setups that follow Kerckhoff's principle.
From Silent Circle -Re:CALEA by Mjanke · 2012-10-22 23:58 · Score: 1

"There has been considerable chatter about Silent Circle's launch and about what our products, service and unique architecture is all about. We wanted to get out in front to keep everyone here informed as best we can....
We just posted our Law & Compliance information on our site (https://silentcircle.com/web/law-compliance/) to clear up a lot of the questions about whether CALEA laws apply to us, what data we do hold and how we will handle the "heat" to come.
We are putting our products out open source. CALEA does not apply to us -we are a VOIP and software company -the law makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications.That is us, thats what we do. If Canada -US-UK-EU Governments try to regulate and change this -we will move to where we can provide it to the world. We do not have the ability to track individual user logs nor calls. We hold aggregate server IP logs for 7 days — we are working hard to get it down to 24 hours.The data we do have is:
*Authentication information — your user name and hashed password. We hash passwords with a twelve-character random salt and 20,000 iterations of HMAC-SHA256 via PBKDF2.
*Your contact email address.
*Your Silent Phone number that we issue you...
That's it. No more no less..We use ZRTP and PGP encryption. Phil created both. Jon created PGP universal and Apple's Whole Disk encryption.These protocols have been open, peer reviewed and tested for 10-20 years. We are in the process of open sourcing our code Phil, Jon Callas and Vincent Moscaritolo ( Top crypto engineer at PGP, Apple and Symantec) created our new Instant Messaging encryption called SCimp....it's being released worldwide for audit and review in a few days...we too believe in open source. We will put our products out open source. We are paranoid. We are on the firing line. There are lots of organizations who do not want us doing what we are doing. We want to push back. We worry about CALEA being highjacked again. We do Peer to peer, device to device encryption. We dont like survellience. we believe every worldwide citizen has the right to private comms. We dont like Huawei or the Chinese Government putting holes in the silicon. They dont like Silent Circle. So its a fair fight.
Our silent network is how we can do clear, very low latency Mobile video and voice on 3G, 4G, edge, and wifi- completely encrypted. Without our custom built network- customers would have poor comms- as is the case with modern day VOIP. We wanted better. We did better. Its not perfect, but we are trying hard to make it the best out there. We don't have the keys to your voice, video, text and data- you do. True security is up to the user. We only secure your comms.
We are not perfect. We are swimming as fast as we can to launch Android, our Secure PSTN calling plan, Windows 8 version and some new products in 2013... We will make mistakes. We don't stop traffic analysis. We don't secure the device. We don't peddle "military grade encryption" or snake oil VPN systems and we are not for everyone...we deserve scrutiny, skepticism, and questioning. We want to do this right. Phil has been fighting for this chance for 23 years. We understand that secure comms and crypto is a contact sport. We have our big-boy pants on and know we cannot please everyone -we dont want to.
I have included my email address so anyone on slashdot can let me know what you think, give us some ideas on what we can do better- or just fire criticism missiles my way.

--
Michael Janke, CEO , Silent Circle