On Wed, Jul 23, 2014 at 2:29 PM, Cypher <cypher@cpunk.us> wrote:
On 2014-07-22 23:24, unixninja92 wrote:
Recently found Gruveo[1]. Allows easy video and audio calls similar to cryptocat. Unfortunately not open source and makes no mention of being audited. Otherwise looks very interesting and promising. It tries to use P2P to make calls, and if it fails, then it will go through their servers. Uses WebRTC for end to end encrypted audio and video chat. They claim they don't keep any logs that could identify users.
So the question is, is this an NSA honey pot or something that might actually be trustworthy? It seems at least a bit more secure/trustworthy than skype to me.
Why even consider closed alternatives when you have things like Jitsi[1] available? It's open source, does secure voice, video, and text, and runs on just about any platform (including Android).
[1] www.jitsi.org
Eugen says... RetroShare has quite good P2P audio. It's not properly audited though, caveat emptor.
Ditto. Though it will take some time not just for the open source community to pick which projects to audit under limited resources, but to even develop a real auditing framework within itself to do that under. It's a huge undertaking and responsibility in its own right. Further, what's with crap like gruveo.com, goldbug.sf.net [1], protonmail.ch, and so many more (especially the 'Look, we just solved Email encryption' crowd)? And of the partly open hw/sw stack vendor types like BlackPhone? What are we, some free debunkment service for shills, charlatans, closed source, browser/app/phone loaded crypto/exec environments provided by the service provider instead of reasonably disinterested third parties, keys disclosed, Web3.0, looks like a phone, junk? Sure, ok, it's good that we are, but the dearth of CrapWare and ProCrap analysts and marketers popping up out there lately is ridiculous. And I'm not laying down a universal CrapWare blanket, some of the stuff we see is pretty good, but simply fails to clearly, publicly, and obviously state to its users what risks their model does not cover. That's lack of care, obliviousness, lying, or profiteering... so it lands itself back in Crap territory. To quote OP... not open source.. not audited.. central servers.. webrtc.. 'no' logs.. and a shiny link for grins... and then claims it 'looks very interesting and promising'. WTF, really? I appreciate innocent questions, but the answer (or at least our response) should be obvious, from those parameters alone, to someone who's been around for a while. Though the makeup of their lists is perhaps not yet complete/ideal, you'd be better off picking anything from prism-break.org, yes say Jitsi, than this type of Crapware. We should make prism-locked.org just to list all the junk out there. It's good to have more crypto used in the world, but let's at least try to make and promote strong and open solutions. [1] I and others have been displeased with their, shall we say, 'community involvement'. As with the attempts at parallel compilation and auditing of Truecrypt, has anyone attempted that with their code? Tried to contact them? Seen any presentations? Know who they are? Open development? Etc? People say OpenPGP and crypto is hard for user adoption, no gui's for grandma, etc. So when potentially interesting gui tools appear, it's a shame many of them choose to draw these questions and thus seriously limit and tarnish their forward prospectus. At least Gruveo appears to have already answered those questions.