Private Communications
June 14, 2012 8:48 AM Subscribe
Internet Hall of Fame member Phil Zimmerman (previously), creator of PGP, has announced a new venture providing secure communications.
The new company brings Zimmerman and Jon Callas together again, along with some former Navy Seal's as co-founders. The intent is provide secure voice, email, video, and text. Unlike the free PGP, they intend to charge $20/month for the service. In an interview with CNET, Zimmerman states: ""I'm not going to apologize for the cost. This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory." They state unequivocally that there will be no back doors in the product, which might run them afoul CALEA. Mr. Zimmerman is no stranger to such controversial positions.
The new company brings Zimmerman and Jon Callas together again, along with some former Navy Seal's as co-founders. The intent is provide secure voice, email, video, and text. Unlike the free PGP, they intend to charge $20/month for the service. In an interview with CNET, Zimmerman states: ""I'm not going to apologize for the cost. This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory." They state unequivocally that there will be no back doors in the product, which might run them afoul CALEA. Mr. Zimmerman is no stranger to such controversial positions.
Pepsi t2X6DKRSuVMeVperrX9R5ZDJgfq4b3284QTdl2FA
posted by jquinby at 8:53 AM on June 14, 2012 [4 favorites]
posted by jquinby at 8:53 AM on June 14, 2012 [4 favorites]
Zimmerman really should have figured out this secure communications thing before his bond hearing.
So sorry! I'll just show myself out....
posted by lord_wolf at 9:11 AM on June 14, 2012 [1 favorite]
So sorry! I'll just show myself out....
posted by lord_wolf at 9:11 AM on June 14, 2012 [1 favorite]
Until there is a lot more information, color me skeptical. What encryption algorithm are they going to use? Who/what/how has it been vetted? Will the code be open sourced? If not, how are you going to provide proof that no back doors exist?
It's one thing to say you're not going to have secure communications and no back doors, it's another to allow others to confirm or deny this independently.
posted by namewithoutwords at 9:14 AM on June 14, 2012 [4 favorites]
It's one thing to say you're not going to have secure communications and no back doors, it's another to allow others to confirm or deny this independently.
posted by namewithoutwords at 9:14 AM on June 14, 2012 [4 favorites]
Yes, we needs lots more information even if it's too long and we might not read it.
The article says they plan to use ZRTP.
posted by bdc34 at 9:19 AM on June 14, 2012 [1 favorite]
The article says they plan to use ZRTP.
posted by bdc34 at 9:19 AM on June 14, 2012 [1 favorite]
This is Zimmerman's third stab at this. His most recent being Zfone.Silent circle is using ZRTP, originaly used in Zfone.
posted by Ad hominem at 9:19 AM on June 14, 2012
posted by Ad hominem at 9:19 AM on June 14, 2012
Calyx is another effort to set up an ISP dedicated to protecting user privacy, info at the Calyx institute.
C-Net story.
Reddit thread.
posted by snuffleupagus at 9:35 AM on June 14, 2012
C-Net story.
Reddit thread.
posted by snuffleupagus at 9:35 AM on June 14, 2012
These tools all already exist for Android, Linux, Mac OS X, and Windows, but not afaik iOS. Android has them all packaged nicely by guardianproject.info, but obviously that initial setup phase where all the Google application copy all your data hurts. Ideally, you should begin with a fully open source distribution like Ubuntu or Cyanogen Mod, configure it for defaulting to secure operations, simplify routing Google, etc. applications through a VPN, etc.
posted by jeffburdges at 9:42 AM on June 14, 2012
posted by jeffburdges at 9:42 AM on June 14, 2012
gais gais this is supr sekret trust uz!
we haz navy cats werkin on ur safe communcashun!
wat u doan liek binary bloopies? no bakfurs silly gais!
posted by Foci for Analysis at 9:43 AM on June 14, 2012 [1 favorite]
we haz navy cats werkin on ur safe communcashun!
wat u doan liek binary bloopies? no bakfurs silly gais!
posted by Foci for Analysis at 9:43 AM on June 14, 2012 [1 favorite]
Selling encryption software to people is a losing business. First off, the people who really care about this demand open source, on every single part on the system, from client to server to protocol. They probably won't trust any service on a remote provider, especially because your security could disappear the second a warrant is issued. So how do you make money on a service that must be locally installed, and must be open sourced. It was the same problem PGP had.
You can't sell a service, can't sell an application*, and the only people who wouldn't care enough about the above also don't care enough to spend money securing their communications. About the only way I could see this being effective is if they did some kickstarter like thing.
*Technically you can sell an open source application. Technically.
posted by zabuni at 10:11 AM on June 14, 2012 [4 favorites]
You can't sell a service, can't sell an application*, and the only people who wouldn't care enough about the above also don't care enough to spend money securing their communications. About the only way I could see this being effective is if they did some kickstarter like thing.
*Technically you can sell an open source application. Technically.
posted by zabuni at 10:11 AM on June 14, 2012 [4 favorites]
And note when I say people I mean individuals. There is still plenty of money in selling encryption to the military industrial complex and other large organizations who have enough money to have custom kit. Maybe human rights groups, but it's not like that's where the money is.
posted by zabuni at 10:13 AM on June 14, 2012
posted by zabuni at 10:13 AM on June 14, 2012
I think the plan may be to lower the barrier to entry low enough that people who jist kinda care will pay. People who will trust Zimmerman based on the fact that he has been doing this for decades and a couple Navy Seals because Navy Seals kick ass.
Maybe preparedness types who are worried about Obama but don't care about Open Source. Maybe they just want to sell to drug dealers.
posted by Ad hominem at 10:25 AM on June 14, 2012
Maybe preparedness types who are worried about Obama but don't care about Open Source. Maybe they just want to sell to drug dealers.
posted by Ad hominem at 10:25 AM on June 14, 2012
jquinby: "Pepsi t2X6DKRSuVMeVperrX9R5ZDJgfq4b3284QTdl2FA"
I just ran a hash collision attack on that...
It's "Blue" for everyone who was curious.
posted by symbioid at 11:17 AM on June 14, 2012 [5 favorites]
I just ran a hash collision attack on that...
It's "Blue" for everyone who was curious.
posted by symbioid at 11:17 AM on June 14, 2012 [5 favorites]
The Internet Hall of Fame is brand new as of one month ago. I'd give it a couple years to see how meaningful it becomes. The problem I see there were so many inductees in the first year, at that rate it will quickly dilute prestige.
posted by stbalbach at 12:07 PM on June 14, 2012
posted by stbalbach at 12:07 PM on June 14, 2012
Oooh, we should campaign for Nyan Nyan Cat inclusion in the Internet Hall of Fame?
posted by jeffburdges at 1:12 PM on June 14, 2012
posted by jeffburdges at 1:12 PM on June 14, 2012
You know, Callas and Zimmerman are pretty much exactly the people I would want to run something like this, and the proposal must have been pretty tempting to get Jon out of Apple so quickly (or maybe Apple isn't as attractive on the inside).
The hard part is making sure it can still work well if Callas and Zimmerman are no longer involved. Open protocols are good, decentralised control too, but that's not all that's needed. PGP took a bit hit by being bought up, and it took a while for GPG to replace it. Whisper System's work was great, but being bought up by Twitter set back adoption (and the services themselves.)
You need to be trustworthy (or make trusting you irrelevant), offer a commercially valuable service, and be replaceable. It's very hard to be all three.
posted by ntk at 6:04 PM on June 14, 2012
The hard part is making sure it can still work well if Callas and Zimmerman are no longer involved. Open protocols are good, decentralised control too, but that's not all that's needed. PGP took a bit hit by being bought up, and it took a while for GPG to replace it. Whisper System's work was great, but being bought up by Twitter set back adoption (and the services themselves.)
You need to be trustworthy (or make trusting you irrelevant), offer a commercially valuable service, and be replaceable. It's very hard to be all three.
posted by ntk at 6:04 PM on June 14, 2012
« Older Radio Free Gunslinger | Sea. No Evil. Newer »
This thread has been archived and is closed to new comments
posted by tilde at 8:51 AM on June 14, 2012