McAfee chap is back in crypto-wrap chat app back flap Antivirus pioneer and one-time fugitive John McAfee has backed Chadder, a new instant-messaging app for smartphones that promises "the highest degree of security and privacy." The app is being marketed by Future Tense Central, a J.McAfee-owned company that claims to be headquartered in Silicon Valley, although McAfee himself …
OK, then let me help you by just checking how careful they are with client privacy.(stripped down answer for clarity):
$ dig futuretensecentral.com mx
;; QUESTION SECTION:
;futuretensecentral.com. IN MX
;; ANSWER SECTION:
futuretensecentral.com. 600 IN MX 0 mx1.balanced.homie.mail.dreamhost.com.
futuretensecentral.com. 600 IN MX 0 mx2.balanced.homie.mail.dreamhost.com.
The company as well as their email path is entirely US based, which means they have as much chance to withstand a legal request for data as Lavabit and Silent Circle had, i.e. none whatsoever.
Ergo, do not trust. Next!
Why am I not surprised it's a privacy app? Sounds like the kind of thing a person prone to paranoia might want to use.
It may or may not be cocaine related, just that a lot of major coke-heads get quite paranoid, and a lot of megalomaniacs (who name products after themselves) who come into money might get a taste for the gak. Pure speculation, mind.
Encrypting end-point to endpoint is technically a violation of the USA PATRIOT Act, which requires service providers to have at least one location where the Feds can get an unencrypted data stream. So one of two things will happen: Either he will need to expatriate in order to get out of the reach of the US (Because he can't comply with warrants for customer data) or he is colluding with the Feds and the messages exist unencrypted or unencrypted somewhere (Which begs the question, so why exactly is he storing the messages in the first place?).
Simply re-designing the app so that the messages are purely p2p rather than going through servers would fix everything though.
There is nothing 'simple' about 'purely p2p' ....
The servers *have to* store the (encrypted) messages, because they have to receive them and then forward them. So for a few milliseconds the messages are 'stored' on the server. Wether or not the messages then get deleted is not mentioned, but it wouldn't make much sense to keep them.
a - the servers ARE in the US
b - p2p is not a guarantee for privacy or security. It may make it harder, but it's actually by design impossible to control where traffic goes, which means you're only one BGP update away from a data grab.
I'd avoid this as much as I have everything else that has come from Silicon Valley.
Secure encryption is only possible when the key is longer than the message.
During WW II "Die Rote Kapelle" used for its daily radio transmissions from Brussels to the Kremlin an antiquarian unpublished roman as its codebook.
It is unclear how Chadder shares its key(s), how they are generated and what they are.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
