Confiden and Cyphr #434

New Issue

2018-04-09T06:54:11Z

g-monk commented

2018-04-09 06:54:11 +00:00

(Migrated from github.com)

I was wondering why or what parts of the criteria’s haven’t been met for acknowledging Cypher and Confide Messengers on the website.

g-monk commented

2018-04-09 06:57:53 +00:00

(Migrated from github.com)

Furthermore why haven’t we acknowledged SnapChat, since last I checked it has encryption built in.

ghost commented

2018-04-09 11:12:05 +00:00

(Migrated from github.com)

Encryption as in HTTPS? Afaik Snapchat is a privacy nightmare. https://www.youtube.com/watch?v=XC55FLfRzkY (not sure how legit this is, haven't seen any other source mention it but WeAreChange should be good enough, you can verify what he says yourself though)

👍 1

g-monk commented

2018-04-09 14:55:58 +00:00

(Migrated from github.com)

You lost me at the “Encryption as in HTTPs?”, but I will check out the Snapchat video. Also I misspelled Cipher. It should be Cyphr. If your wondering why I have this either messengers it’s to test out later when i travel of which ones work better than WhatsApp, because is some countries WhatsApp’s quality is poo4. So I’m going to test the best decentralized and non-decentralized apps just for my experiment knowledge

You lost me at the “Encryption as in HTTPs?”, but I will check out the Snapchat video. Also I misspelled Cipher. It should be Cyphr. If your wondering why I have this either messengers it’s to test out later when i travel of which ones work better than WhatsApp, because is some countries WhatsApp’s quality is poo4. So I’m going to test the best decentralized and non-decentralized apps just for my experiment knowledge![GitHawk Upload by g-monk](https://i.imgur.com/SeoclJI.jpg)

ghost commented

2018-04-09 15:21:38 +00:00

(Migrated from github.com)

You don't really expect any end to end encryption in Snapchat, do you? I don't really expect any more security than mere TLS.

dnguyen01 commented

2018-04-09 15:59:58 +00:00

(Migrated from github.com)

I don't visit here often but just look at the main page of this project reveals:

Software Criteria
-Open Source
-Cross-platform
-Easy to use
-Privacy respecting
There can be exceptions if no software is available that meet the criteria.

So open-source & privacy respecting? Can't find it their support section of their website: All it yields is https://support.goldenfrog.com/hc/en-us. Not be confused with http://www.getcypherapp.com/. I also tried to find their Github page or project but it wasn't there. So we can't verify what they say here is how it works: https://www.goldenfrog.com/cyphr/how-cyphr-works

As for Snapchat, sure you can use Wireshark and see that it uses TLS but that doesn't tell us anything outside of they are using HTTPS when connecting to their servers. Again, their "security" report is not there because they probably aren't using end-to-end encryption (aka client). If they were they would advertise it since it's essentially a marketing strategy. You can check their privacy policies, which say they will use as much information to personalize your experience https://www.snap.com/en-US/policies/. If they were using end to end encryption, some of this information from https://www.snap.com/en-US/privacy/privacy-policy/ could not be collected and then sold back to third-party advertisers. For the HTTPS argument, are they implementing forward-secrecy, certificate pinning, etc, which help it ward off from attacks from man-in-the-middle. At the end of the day, security and privacy work together: the more security there is, the more private the communication, and the less data can be collected on it. But since they collect a lot of data, we can assume they are just using industry base line security. Also is it open-source? Nope, so we can't verify anything except just ask questions.

I don't visit here often but just look at the main page of this project reveals: Software Criteria -Open Source -Cross-platform -Easy to use -Privacy respecting There can be exceptions if no software is available that meet the criteria. So open-source & privacy respecting? Can't find it their support section of their website: All it yields is https://support.goldenfrog.com/hc/en-us. Not be confused with http://www.getcypherapp.com/. I also tried to find their Github page or project but it wasn't there. So we can't verify what they say here is how it works: https://www.goldenfrog.com/cyphr/how-cyphr-works As for Snapchat, sure you can use Wireshark and see that it uses TLS but that doesn't tell us anything outside of they are using HTTPS when connecting to their servers. Again, their "security" report is not there because they probably aren't using end-to-end encryption (aka client). If they were they would advertise it since it's essentially a marketing strategy. You can check their privacy policies, which say they will use as much information to personalize your experience https://www.snap.com/en-US/policies/. If they were using end to end encryption, some of this information from https://www.snap.com/en-US/privacy/privacy-policy/ could not be collected and then sold back to third-party advertisers. For the HTTPS argument, are they implementing forward-secrecy, certificate pinning, etc, which help it ward off from attacks from man-in-the-middle. At the end of the day, security and privacy work together: the more security there is, the more private the communication, and the less data can be collected on it. But since they collect a lot of data, we can assume they are just using industry base line security. Also is it open-source? Nope, so we can't verify anything except just ask questions.

g-monk commented

2018-04-10 13:40:53 +00:00

(Migrated from github.com)

O ok. Also I was just wanting to let you guys know I’m a total rookie in terms of the whole TLS and the Wireshark stuff. However once you guys teach about this or share your knowledge I should be able to grasp it all.

Atavic commented

2018-12-19 16:58:52 +00:00

(Migrated from github.com)

It's not open source. As the source is proprietary and closed, it may have some backdoor to ease the work of Switzerland police. While that's not a bad feature when criminals are involved, it makes the following statements - from a review - false:

Golden Frog manages the network to deliver all of your messages so no third party has access to them.

or

Cyphr servers are located in Switzerland for maximum user privacy and protection.

They may be honest - or not - we can't tell without access to Cyphr source code.

It's not open source. As the source is proprietary and closed, it may have some backdoor to ease the work of Switzerland police. While that's not a bad feature when criminals are involved, it makes the following statements - from a review - false: > Golden Frog manages the network to deliver all of your messages so no third party has access to them. or > Cyphr servers are located in Switzerland for maximum user privacy and protection. They may be honest - or not - we can't tell without access to Cyphr source code.

This repo is archived. You cannot comment on issues.