NSA-resistant Android App 'Burns' Sensitive Messages

angry tapir writes "Phil Zimmermann's Silent Circle, which halted its secure mail service shortly after Lavabit, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keeps the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys." Seems similar to pieces of the Guardian Project.

Re:Very little utility here

[oodaloop]

The mobile provider would only have encrypted messages, and the only way to decrpypt woulf be brute force or getting the keys on your device. I'm no expert though; I just read TFA.

Re:Very little utility here

[RoboJ1M]

There's a button on my Ubuntu PC for creating private/public key pairs and uploading the public key to a ring of public key servers.
Then, people can encrypt emails that only I can read because only I have the private key.
I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)

Why not just leverage that type of mechanism?
1) Install app
2) it creates a key pair for your phone number
3) It uploads the public key to one of these servers
4) Anybody who texts you using a compatible app, it looks up your private key and encrypts the message only for you.

Job done.

If you can't fit the encrypted message in 120chars, it uploads the encrypted data to a 3rd party and all it sends is a message ID.
Or it uses IP only (like imessage/whatsapp)
Or is uses email as the bulk carrier
All those IP messaging systems must use a 3rd party anyway as you're always NAT'ed behind a real IP address anyway on a mobile connection.
I'm always on a 10.x.x.x address.