Dnia piątek, 10 kwietnia 2015 10:17:44 Cathal pisze:

Use SMSSecure, an SMS-only fork of TextSecure, also on FDroid store now whereas TextSecure was pulled from FDroid by the devs to maintain their Google-only distribution system.

Didn't know about SMSSecure, thanks! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

On Fri, Apr 10, 2015 at 10:44:02AM -0300, hellekin wrote:

http://libreplanet.org/wiki/GNU/consensus/Secure_Messaging_Scoreboard

i'm not sure the "mostly working" category is well researched, grarpamp, what you say about goldbug in there? :) also other items in there seem dubious. some less. ;) -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

On 4/11/15, grarpamp wrote:

On Fri, Apr 10, 2015 at 10:13 AM, stef wrote:

...

On Fri, Apr 10, 2015 at 10:44:02AM -0300, hellekin wrote:

...

http://libreplanet.org/wiki/GNU/consensus/Secure_Messaging_Scoreboard

...

grarpamp, what you say about goldbug in there? :)

Serious reservations about goldbug ethics, thus goldbug itself. Do own research, start search: cypherpunks goldbug

Now that's an understatement :) grarpamp, you did such good work exposing that bullshit, a link to the last thread is definitely in order: https://www.mail-archive.com/cypherpunks@cpunks.org/msg05277.html My favourite new term from that thread is rysiek's "bullshit bingo". Ordinarily I'd have serious concerns about anyone who slaps together a list without any checking, but this appears to be an FSF wiki page. So I've been an FSF member for years, and can log in at FSF proper, but cannot log in on the wiki page. I've emailed FSF to find out what's going on here... they definitely need a column for "important links" and some other disclaimer(s) like "this page is updated by volunteers, FSF takes NO responsibility for the veracity, validity or verily any verifying verbatim about any virulent item below"; or something. Cheers Zenaan

How does one go about getting on this list? I think Confidant Mail qualifies. It uses GPG end to end, and encrypts the metadata in transit. On 4/10/2015 6:44 AM, hellekin wrote:

On 04/10/2015 03:59 AM, Seth wrote:

...

https://github.com/sweis/crypto-might-not-suck/blob/master/README.md

*** When EFF launched the Secure Messaging Scoreboard, lynX and I were a bit pissed that they even mentioned proprietary solutions, so we made an alternate list:

http://libreplanet.org/wiki/GNU/consensus/Secure_Messaging_Scoreboard

== hk

My software goes through Tor hidden services (or exit node if necessary) and sets up a TLS session inside that. The From address of the mail only exists inside the encrypted envelope, which only the recipient can open. If someone had a global view of the Tor nodes, they might be able to track a particular message via timing, but going through Tor prevents mass surveillance by a passive observer. Mike On 4/10/2015 12:28 PM, Cathal (Phone) wrote:

Metadata includes who speaks to who, which can only be hidden by obfuscation in a mixnet, public-message-boards that recipients pull randomly or fully from, or similar ways of removing means of connecting endpoints.

On 10 April 2015 20:08:04 GMT+01:00, Mike Ingle wrote:

How does one go about getting on this list? I think Confidant Mail qualifies. It uses GPG end to end, and encrypts the metadata in transit.

On 4/10/2015 6:44 AM, hellekin wrote:

On 04/10/2015 03:59 AM, Seth wrote:

https://github.com/sweis/crypto-might-not-suck/blob/master/README.md

*** When EFF launched the Secure Messaging Scoreboard, lynX and I were a bit pissed that they even mentioned proprietary solutions, so we made an alternate list: http://libreplanet.org/wiki/GNU/consensus/Secure_Messaging_Scoreboard == hk

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Dnia piątek, 10 kwietnia 2015 12:08:04 Mike Ingle pisze:

How does one go about getting on this list? I think Confidant Mail qualifies. It uses GPG end to end, and encrypts the metadata in transit.

Also, Tox seems in order, too. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Dnia sobota, 11 kwietnia 2015 11:39:42 piszesz:

...

Also, Tox seems in order, too.

are these claims verified?

By briefly looking at the code and not finding any obvious WTFs. Sadly, that's a lot more than most crypto snakeoil stuff can offer these days... Obviously it would be great to have a proper audit of Tox's code, and to have the protocol properly defined, but as far as seven rules of snakoil are concerned: - it is free software - doesn't run in the browser - the user generates and exclusively owns the private encryption key - does not use marketing-terminology like "cyber", "military-grade" While the threat model isn't explicitly defined, I think it is pretty clear -- threat being eavesdropping on communication *in transit*; it does not provide anonymity, nor does it promise to do so. It implements forward secrecy, and by default does not save conversation logs. Now: - there are experimental versions for Android and Jolla (and possibly other smartphones); but hey, there are GnuPG and OTR clients for those platforms too; - one might say that it neglects general sad state of host security pretty much in the same way as OTR or GnuPG do. So, for a list of crypto projects that *MIGHT* not suck, I think it's worth a look and/or mention. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147