Yes, I agree that's more transparent. I've added an endnote, and linked to it from the place where the edit was made.
Hmm. You seem to be right. Article corrected there to reflect that Signal is using empty GCM messages. I must have still had the old situation of TextSecure in my head when I wrote that. Nice to know re the reason…
As the previous links from STRATFOR etc. prove, Google is deeply embedded in the security/intelligence apparatus. That part is definitely willing and beneficial to both parties. Of course, they're going to make changes…
And Google became a PRISM partner in 2009, as the slides here from the Snowden collection prove: https://search.edwardsnowden.com/docs/PRISMUS-984XNOverview2...
On this: https://wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html there are links on that page that point out multiple e-mails from the STRATFOR leaks and other files that point to Google being deeply embedded with the…
True, they are rare. On another unrelated project I'm working together with Bill Binney, the cryptographer who wrote ThinThread at NSA. That's all I can currently say about it.
I see I haven't replied yet to your first point: here goes. Of course clearly an alternative has to be at least cryptographically secure. I fully agree with you on that. I'm not recommending something that isn't, and…
One thing I wanted to add, regarding the tech: of course I do that in cooperation with other people some of who are indeed trained cryptographers.
Regarding qualifications: I spent years building secure technology (publication platforms, websites) for whistleblowers including Ed Snowden himself (I built his official website (https://edwardsnowden.com) for the…
Agree. I'm not a cryptographer and never claimed to be either. -- and I think it would be difficult to mistake me for a hipster. For one, I don't have that snazzy majestic beard.. Anyway, on to the point. :) Yes, the…
Hi there! The Giphy thing is what set me off writing the blog post in the first place. Maybe I should've expanded a bit more on that in the article. As far as I can tell, the idea is that requests to the Giphy API gets…
Just a quick look, but this is the PackageManager.java file: https://android.googlesource.com/platform/frameworks/base/+/... for the Android base framework. It has the checkSignatures() abstract definition and some…
Hi, author here. I don't think LibreSignal or indeed Signal will ever be the dominant mobile messenger out there. There's simply a lot of inertia to fight against. It's the same reason why it's hard to convince e.g.…
Yes, I agree that's more transparent. I've added an endnote, and linked to it from the place where the edit was made.
Hmm. You seem to be right. Article corrected there to reflect that Signal is using empty GCM messages. I must have still had the old situation of TextSecure in my head when I wrote that. Nice to know re the reason…
As the previous links from STRATFOR etc. prove, Google is deeply embedded in the security/intelligence apparatus. That part is definitely willing and beneficial to both parties. Of course, they're going to make changes…
And Google became a PRISM partner in 2009, as the slides here from the Snowden collection prove: https://search.edwardsnowden.com/docs/PRISMUS-984XNOverview2...
On this: https://wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html there are links on that page that point out multiple e-mails from the STRATFOR leaks and other files that point to Google being deeply embedded with the…
True, they are rare. On another unrelated project I'm working together with Bill Binney, the cryptographer who wrote ThinThread at NSA. That's all I can currently say about it.
I see I haven't replied yet to your first point: here goes. Of course clearly an alternative has to be at least cryptographically secure. I fully agree with you on that. I'm not recommending something that isn't, and…
One thing I wanted to add, regarding the tech: of course I do that in cooperation with other people some of who are indeed trained cryptographers.
Regarding qualifications: I spent years building secure technology (publication platforms, websites) for whistleblowers including Ed Snowden himself (I built his official website (https://edwardsnowden.com) for the…
Agree. I'm not a cryptographer and never claimed to be either. -- and I think it would be difficult to mistake me for a hipster. For one, I don't have that snazzy majestic beard.. Anyway, on to the point. :) Yes, the…
Hi there! The Giphy thing is what set me off writing the blog post in the first place. Maybe I should've expanded a bit more on that in the article. As far as I can tell, the idea is that requests to the Giphy API gets…
Just a quick look, but this is the PackageManager.java file: https://android.googlesource.com/platform/frameworks/base/+/... for the Android base framework. It has the checkSignatures() abstract definition and some…
Hi, author here. I don't think LibreSignal or indeed Signal will ever be the dominant mobile messenger out there. There's simply a lot of inertia to fight against. It's the same reason why it's hard to convince e.g.…