Zimmermann's Silent Circle Now Live

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

Now, with centralized user tracking!

[Animats]

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.

Re:Now, with centralized user tracking!

HURR DURR Obama Warrantless Wiretapping HURR DURR

Re:Now, with centralized user tracking!

[interval1066]

Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.

Re:Now, with centralized user tracking!

Careful there. You're commenting on a story about "wanting to hide stuff" on a known gathering place for geeks and occasionally cyber-terrorists. You're in a database somewhere for simply being here.

Re:Now, with centralized user tracking!

[Bysshe]

Considering Zimmermann's track record of not including backdoors and that he was investigated for several years much to his personal detriment for several years in the 90s for his release of PGP I think this particular protocol is pretty safe. Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught. I highly doubt the core team (there are 4 of them, including Zimmermann, 2 ex seals, and Callas) would risk their reputations on including a backdoor. In addition any real backdoors would flag an interference.

Re:Now, with centralized user tracking!

[Bysshe]

Zimmermann's one of those hyper-idealists who will defend his position to his own detriment and the detriment of anyone close to him. If you have to trust someone for privacy, its him.

Re:Now, with centralized user tracking!

[chihowa]

Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.

That's funny, because I almost feel the complete opposite way. I really want to trust Zimmerman, but I can't make myself do it. Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

But part of it also comes from his past. He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever. The fact that he's still working in cryptography and not in some hole somewhere makes me think he's playing ball with the government. It at least raises doubts, which cannot be alleviated by reviewing the source code.

Or maybe I'm just paranoid. But cryptography is the plaything of the paranoid, and relying on the paranoid to just trust you seems a little off.

Re:Now, with centralized user tracking!

[Incadenza]

"Yes, I am paranoid. But am I paranoid enough?"

Re:Now, with centralized user tracking!

[pnot]

Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.

The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.

"But why trust the skilled individuals?", you may ask. Answer: because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code. At any rate it's a more sensible strategy than "assume that Zimmerman is both infallible and incorruptible".

Re:Now, with centralized user tracking!

[pnot]

Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught.

Lance Armstrong is innocent. His business case is based 100% on being a non-cheating cyclist: if it ever leaked that he'd taken any kind of performance enhancers, it would all be for naught.

Re:Now, with centralized user tracking!

[Bill,+Shooter+of+Bul]

Of course I don't drive an armored car with my Gold. The armored car is only used for the silver. The gold is transported by zepplin, for increased security.

What does SilentCircle....

"What does SilentCircle provide that previous applications didn't have?"

The 20$/*PER MONTH* price tag. You can also use csipsimple, it does secure messaging (using sips) and voice using the zrtp protocol. For 0$/*PER MONTH*.

(Captcha: investor. How fitting...)

You cannot subscribe to good crypto

[betterunixthanunix]

How many times will subscription approaches to crypto have to fail before people understand that it does not work? It failed with Hushmail, and it will almost certainly fail here.

Would you believe?

[bigdarryld]

They have the first working implementation of CONTROL's Cone of Silence.

Phil Zimmerman is ok in my book

[hardie]

I worked with Phil for awhile at StorageTek--6 months or a year I think. He's a very smart guy. He was also one of the most evangelistic people I have ever met. I do NOT mean this in a religious sense, any way shape or form. At the time (this was the 1980's) he spoke a lot (incessantly?) about the danger of nuclear war and all these bombs we've got. I expect that this same incredible focus and sense of purpose has now been applied to security, which could be a really good thing. I also expect that he has mellowed a bit, but that's just a guess.

Steve

Re:Phil Zimmerman is ok in my book

[e065c8515d206cb0e190]

OP here.

Exactly. My reason to believe SilentCircle is in good faith is Zimmerman's history fighting for privacy. It doesn't mean I would trust that service. But I guess it gives some hope that people are going to become more aware of privacy issues in general.

Which is why I was ambivalent about this and came to get /.'s opinion

CALEA

[gellenburg]

I wrote to Silent Circle over a week ago when news of the impending launch first started making circles.

SC's COO was kind to respond in an attempt to allay my fears. Sadly though his answer was more "non" than one.

A week ago replied back with a follow-up question, and have yet to receive a response.

While my political activism is pretty much limited to change.org petitions, SC is directly marketing their services TO activists. As the Occupy movement has shown, political activism, and the free-speech that goes along with it, are becoming in jeopardy. My concern, and I feel it's a valid one, is that CALEA will give subscribers a false sense of security. After all when Microsoft purchased Skype, one of the first things they did (they had no choice) was to install CALEA intercepts.

Hopefully somebody at Silent Circle will be able to answer this. Until then, I wouldn't recommend it. Check out The Guardian Project and Jitsi instead.

(Note - I'm only posting this because as Silent Circle's COO, Vic Hyder is authorized to speak on behalf of the Company.)

-----BEGIN EMAIL-----
Mr. Hyder,

Thank you very much for the reply and information you've provided below,
but I'm afraid I'm still unclear on one particular point: /does Silent
Circle fall under /CALEA/jurisdiction or not/?

Kind regards,

George Ellenburg

On 10/11/12 7:43 PM, Vic Hyder wrote:
> *George*,
> Thanks for the note. Quick response - Silent Circle provides peer to
> peer encryption from subscriber to subscriber. The Secure Calling Plan
> offers members a little flexibility to use their Silent Phone number
> to send and receive calls outside the Circle (encrypted to our servers
> but decrypted from servers to non-subscriber). We'll let our members
> determine what their threat model is and how they need to protect
> their transmissions.
>
> Circle up.
> *______________*
>
> Vic Hyder
> Chief Operations Officer
>
> Silent Circle
> Private Encrypted Communications
> Silicon Valley | Washington DC
>
> w: SilentCircle.com
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you received this e-mail in error, please notify the
> sender immediately and destroy and/or delete all copies. Circle up.
>
>
>
> On Oct 11, 2012, at 6:01 AM, George Ellenburg > wrote:
>
>> Hello-
>>
>> I read with interest news reports yesterday that Silent Circle was
>> getting ready to launch. As an activist and privacy advocate, I was
>> troubled though to read that Silent Circle was planning on offering a
>> Secure Calling Plan amongst other communication services.
>>
>> I understand the obvious revenue stream such an offering will generate,
>> but I'm intrigued as to how you plan to not comply with CALEA, or
>> curious as to how CALEA wouldn't do an end-run around your service
>> altogether? CALEA, as you probably know, is the Communications
>> Assistance for Law Enforcement Act, which requires mandatory technical
>> intercept points for Law Enforcement and Intelligence purposes.
>>
>> Being a United States Company, offering Communication services, located
>> in the United States, your Company is certainly subjected to mandatory
>> CALEA implementations.
>>
>> Thanks for your time. I earnestly look forward to your response.
>>
>> -George Ellenburg
>>
>
-----END EMAIL-----