NSA-resistant Android App 'Burns' Sensitive Messages

angry tapir writes "Phil Zimmermann's Silent Circle, which halted its secure mail service shortly after Lavabit, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keeps the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys." Seems similar to pieces of the Guardian Project.

Very little utility here

[wbr1]

I think this gives a false sense of security. Sure it encrypts messages on my device. And helpfully auto deletes them after the expiry has passed. However, if the person you are worried about gaining access to the messages can silently coerce the transport company (in this case your mobile provider), to release the contents of messages they have stored, of what use it?

Re:Very little utility here

[oodaloop]

The mobile provider would only have encrypted messages, and the only way to decrpypt woulf be brute force or getting the keys on your device. I'm no expert though; I just read TFA.

Re:Very little utility here

[RoboJ1M]

There's a button on my Ubuntu PC for creating private/public key pairs and uploading the public key to a ring of public key servers.
Then, people can encrypt emails that only I can read because only I have the private key.
I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)

Why not just leverage that type of mechanism?
1) Install app
2) it creates a key pair for your phone number
3) It uploads the public key to one of these servers
4) Anybody who texts you using a compatible app, it looks up your private key and encrypts the message only for you.

Job done.

If you can't fit the encrypted message in 120chars, it uploads the encrypted data to a 3rd party and all it sends is a message ID.
Or it uses IP only (like imessage/whatsapp)
Or is uses email as the bulk carrier
All those IP messaging systems must use a 3rd party anyway as you're always NAT'ed behind a real IP address anyway on a mobile connection.
I'm always on a 10.x.x.x address.

Re:Very little utility here

[0111+1110]

I just don't see that many legitimate uses.

What about illegitimate uses? Those are the only kind that domestic extremists like myself care about.

If you were discussing something that were merely private that you didn't want anyone to ever know you'd have to convince the other person to install the app as well.

This would seem to be the case for every form of private communication. Is there any way to communicate securely with someone who doesn't care about private communication?

Hey Dave, I have a secret I would like to share with you, but only if you install this app...

I had this problem with my defense attorney. I wanted to discuss some aspects of my case with him via email, which I rightfully didn't trust. So I asked him if he would be willing to install and use gpg4win or at least sign up for Hushmail, but that went over like a lead balloon. So in the end I had to wait to discuss the case with him in person.

WTF, PRZ?

[Cajun+Hell]

TFA makes it sounds like the sender can make decisions about what the receiver's machine does. That is insane (and also impossible, or it's irresponsible to lead users to believe they'll get that). I hope I am misreading the claim.

If the receiver has that control, or if the sender gets to specify advisory info in the hopes that the receiver uses it, ok. If not, then I think one of the most respected programmers ever (PZ) has left the path of wisdom.