oh noes
I at times wish to communicate securely and privately. Terrorists also wish to communicate securely and privately. Oh dear what am I (besides another El Reg AC drone)?
Messaging app LINE has introduced end-to-end encryption, with secure chat messaging available on all version of the software, including the desktop version, and turned on by default on Android. LINE boasts that it has become the first messaging app to offer end-to-end encryption across multiple devices and platforms with the …
Just remember one thing you absolutely need to do on your way to Gitmo... establish a religion for better treatment. I suggest the 4B's: Beach, BBQ, Beer, and (cabana) Babes or (cabana) Boys.
This will require them to provide you with extensive time on the beach, eating BBQ, drinking Beer and being serviced by the appropriate "B" person as practicing member of this religion. The added benefit is that whole Marine contingent will probably convert to the same religion post-haste.
Be careful because you may have other suspicious characteristics. The NSA has established that terrorists put on their trousers one leg at a time. How about you? Sharing just one trait may be coincidence, but two or more and it becomes very damning evidence - plenty sufficient to justify emptying a magazine of bullets into the back of your head as a restraining measure while further enquiries are carried out into your activities ...
"The NSA has established that terrorists put on their trousers one leg at a time".
Hey! They stole my research topic for the next Ig award! Though mine involves a wider population who can wear both trousers and skirts :) Plus I can sell their person data to the highest bidder - they did read the the fine print on the contracts.
There's lots of (possibly) secure chat apps about; but the real problem is compatibility...you need someone at the other end who is 1) running the same kit as you and 2) competent enough to have all the right bits switched on. Conversely, the most popular apps are the least trustable: Microsoft's first act after buying Skype was to make it all run through a central server; *Facebook* paid *$19 Billion* for WhatsApp and so on.
The closest to secure and universal (that I know about) is XMPP (Jabber-alikes) with OTR; but not enough people use it for it to be that useful in the real world. There are other options (ChatSecure and the like); but they're all trying to lock you into their ecosystem
Good point (in general). Although, despite Reg referring to this as "proprietary," from a quick glance at the overview it looks like a perfectly ordinary RSA public key scheme. So you're still a twat
;D
While there may be some validity to your point of view and possibly many would agree; I feel moved to issue a rebuttal: Go fuck your hand, fatso.
:D
Yeah, you're right. RSA; but with proprietary code driving it; which would be the worrying part. Also another locked-in system that isn't compatible with anything else, I expect.
Reg Reader....playing the odds.
Actually this is a worse system because it's the server's keys doing the encryption/decryption; rather than the user's keys. Apart from maybe stopping your ISP reading it; I fail to see the point; and it's definitely not end-to-end. Whoever owns (or pwns) the LINE server can read everything.
Doesn't matter - all done through their server and using their (proprietary) software on the user's machines. They can relay what they like to each user.
The only secure use of a central sever in an encrypted messaging system is addressing (ie, this is where this user is now...IP address or whatever). Anything else is suspect.
Even that use of a central sever is insecure for both end points. This is a perfect setup for CALEA. The central server simply points the end points to servers under its control and hands that servers public key and it works just like any other MITM unless you both inspect and validate each other's certificate. (And that is not totally secure. We just had some CA's issue bogus certificates again!)
First rule of cryptography: unless it's open source, freely examinable by anyone, it's almost certain to be Snake Oil. Even doing it 100% mathematically correct, the tiniest error in the algorithm means no security. 100% algorithmically correct, the tiniest hardware problem flaw means no security. And none of these need be true today, the cryptography could go TITSUP in the next five minutes, or be good for the next decade or so.
Crypto is hard.
Sorry running long but when I see a company trying to sell something like this where lives may literally be in the balance, ... I can't stand by and watch. When they open it up for inspection by professionals then I might buy in.
Thinking about it, AC, my rebuttal may have been a bit harsh. Insult volleys can be fun; but it's about 300% less funny (and less fun) if one of the participants are AC and the other isn't...double that if the volley jumps comment threads. I should have just said that, instead of reflexively replying with my favourite "get off my lawn" insult. Splendid insult though it is; is may just possibly be a smidgeon over the top in context, so apologies if I made your monocle fall out.
Wouldn't be surprised to find that this had been bankrolled by the security services. Even IF it's not back-doored (and that's a very big IF), they'll probably just take note of all the phones that do download this then treat them with much more interest than usual. Probably upto and including putting spyware on the phone and getting the conversation before it's encrypted. All you'd do by installing this is guarantee that MI6 will read it all.
If you see and download an end-to-end encrypted chat app how do you know it is really E2E secure?
Maybe it has man-in-the -middle built in.
Maybe it is really just some vanilla chat app that runs right through an NSA filter.
Maybe all the keys you type in just do nothing.
The only way to know is to have the app audited. And who do you trust to do that?
Yet another "solution". Yawn. Not interested until there has been an independent assessment.
Oh, by the way, normally it is a condition of a telco license that you are able to provide intercept facilities. I'd be interested to hear from someone who could check if that is also the case in Japan.
For most people email and other electronic messaging is as open as a postcard to a technically competant peeper. Just do not say anything you would not the world and his dog to know.
it would be nice to think commercial messaging would have some security but a lot does not.
This has always been the case and is likely to remain so while encryption remains too difficult for the ordinary person (i.e., not IT literate).
So why are the authorities blathering on about Security, gods knows - probably another distraction from the other civil liberties they are downgrading?
mines the one with the enigma machine in the pocket