Snowden triggers flood of Crapware [was: Gruveo, more secure skype?]

grarpamp grarpamp@gmail.com
Wed Jul 23 14:24:22 PDT 2014


On Wed, Jul 23, 2014 at 2:29 PM, Cypher <cypher@cpunk.us> wrote:
> On 2014-07-22 23:24, unixninja92 wrote:
>>
>> Recently found Gruveo[1]. Allows easy video and audio calls similar to
>> cryptocat. Unfortunately not open source and makes no mention of being
>> audited. Otherwise looks very interesting and promising. It tries to
>> use P2P to make calls, and if it fails, then it will go through their
>> servers. Uses WebRTC for end to end encrypted audio and video chat.
>> They claim they don't keep any logs that could identify users.
>>
>> So the question is, is this an NSA honey pot or something that might
>> actually be trustworthy? It seems at least a bit more
>> secure/trustworthy than skype to me.
>
>
> Why even consider closed alternatives when you have things like Jitsi[1]
> available? It's open source, does secure voice, video, and text, and runs on
> just about any platform (including Android).
>
> [1] www.jitsi.org

> Eugen says...
> RetroShare has quite good P2P audio. It's not properly audited though,
> caveat emptor.

Ditto. Though it will take some time not just for the open source
community to pick which projects to audit under limited resources,
but to even develop a real auditing framework within itself to do that
under. It's a huge undertaking and responsibility in its own right.

Further, what's with crap like gruveo.com, goldbug.sf.net [1], protonmail.ch,
and so many more (especially the 'Look, we just solved Email encryption'
crowd)? And of the partly open hw/sw stack vendor types like BlackPhone?
What are we, some free debunkment service for shills, charlatans, closed source,
browser/app/phone loaded crypto/exec environments provided by the service
provider instead of reasonably disinterested third parties, keys disclosed,
Web3.0, looks like a phone, junk?

Sure, ok, it's good that we are, but the dearth of CrapWare and ProCrap
analysts and marketers popping up out there lately is ridiculous. And I'm
not laying down a universal CrapWare blanket, some of the stuff we see
is pretty good, but simply fails to clearly, publicly, and obviously state
to its users what risks their model does not cover. That's lack of
care, obliviousness, lying, or profiteering... so it lands itself back in
Crap territory.

To quote OP... not open source.. not audited.. central servers.. webrtc..
'no' logs.. and a shiny link for grins... and then claims it 'looks very
interesting and promising'. WTF, really? I appreciate innocent questions,
but the answer (or at least our response) should be obvious, from those
parameters alone, to someone who's been around for a while.

Though the makeup of their lists is perhaps not yet complete/ideal,
you'd be better off picking anything from prism-break.org, yes say Jitsi,
than this type of Crapware.

We should make prism-locked.org just to list all the junk out there.

It's good to have more crypto used in the world, but let's at least
try to make and promote strong and open solutions.


[1] I and others have been displeased with their, shall we say,
'community involvement'.
As with the attempts at parallel compilation and auditing of Truecrypt,
has anyone attempted that with their code? Tried to contact them?
Seen any presentations? Know who they are? Open development? Etc?

People say OpenPGP and crypto is hard for user adoption, no
gui's for grandma, etc. So when potentially interesting gui tools
appear, it's a shame many of them choose to draw these questions
and thus seriously limit and tarnish their forward prospectus.

At least Gruveo appears to have already answered those
questions.



More information about the cypherpunks mailing list