Confiden and Cyphr #434
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#434
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I was wondering why or what parts of the criteria’s haven’t been met for acknowledging Cypher and Confide Messengers on the website.
Furthermore why haven’t we acknowledged SnapChat, since last I checked it has encryption built in.
Encryption as in HTTPS? Afaik Snapchat is a privacy nightmare. https://www.youtube.com/watch?v=XC55FLfRzkY (not sure how legit this is, haven't seen any other source mention it but WeAreChange should be good enough, you can verify what he says yourself though)
You lost me at the “Encryption as in HTTPs?”, but I will check out the Snapchat video. Also I misspelled Cipher. It should be Cyphr. If your wondering why I have this either messengers it’s to test out later when i travel of which ones work better than WhatsApp, because is some countries WhatsApp’s quality is poo4. So I’m going to test the best decentralized and non-decentralized apps just for my experiment knowledge
You don't really expect any end to end encryption in Snapchat, do you? I don't really expect any more security than mere TLS.
I don't visit here often but just look at the main page of this project reveals:
Software Criteria
-Open Source
-Cross-platform
-Easy to use
-Privacy respecting
There can be exceptions if no software is available that meet the criteria.
So open-source & privacy respecting? Can't find it their support section of their website: All it yields is https://support.goldenfrog.com/hc/en-us. Not be confused with http://www.getcypherapp.com/. I also tried to find their Github page or project but it wasn't there. So we can't verify what they say here is how it works: https://www.goldenfrog.com/cyphr/how-cyphr-works
As for Snapchat, sure you can use Wireshark and see that it uses TLS but that doesn't tell us anything outside of they are using HTTPS when connecting to their servers. Again, their "security" report is not there because they probably aren't using end-to-end encryption (aka client). If they were they would advertise it since it's essentially a marketing strategy. You can check their privacy policies, which say they will use as much information to personalize your experience https://www.snap.com/en-US/policies/. If they were using end to end encryption, some of this information from https://www.snap.com/en-US/privacy/privacy-policy/ could not be collected and then sold back to third-party advertisers. For the HTTPS argument, are they implementing forward-secrecy, certificate pinning, etc, which help it ward off from attacks from man-in-the-middle. At the end of the day, security and privacy work together: the more security there is, the more private the communication, and the less data can be collected on it. But since they collect a lot of data, we can assume they are just using industry base line security. Also is it open-source? Nope, so we can't verify anything except just ask questions.
O ok. Also I was just wanting to let you guys know I’m a total rookie in terms of the whole TLS and the Wireshark stuff. However once you guys teach about this or share your knowledge I should be able to grasp it all.
It's not open source. As the source is proprietary and closed, it may have some backdoor to ease the work of Switzerland police. While that's not a bad feature when criminals are involved, it makes the following statements - from a review - false:
or
They may be honest - or not - we can't tell without access to Cyphr source code.