albeertoni's comments

albeertoni | 12 years ago | on: The New TextSecure: Privacy Beyond SMS

Intercept legislation that applies to makers of non-interconnected (i.e., doesn't touch the PSTN) chat functions is extremely unlikely. I'm guessing whisper falls into that category.

I use Silent Circle myself, but I assume on Whisper you can't just type in a normal mobile number and have the chat message go to the right person. If you can, then those chats at least are subject to intercept, and maybe the other chats (whisper-whisper chats) are too. I don't remember how all those rules shake out/how courts have decided.

albeertoni | 12 years ago | on: Just Delete Me

Next step: form letters that make a formal request for the deletion of all information related to you.

Won't work either but, like this, it's a nice start.

albeertoni | 12 years ago | on: Court Opinion Finding NSA Surveillance Unconstitutional to be released

A small step toward some sort of transparency, I hope!

albeertoni | 12 years ago | on: Obama to Offer Plan Meant to Ease Concerns on Surveillance

It's hard to find something to say that isn't hopeless and nihilistic, so I'll just say this: it's disappointing to see someone who used to be a professor of constitutional law ignore the obvious dangers to free speech of a set of programs and secret laws that he himself oversees.

albeertoni | 12 years ago | on: Obama to Offer Plan Meant to Ease Concerns on Surveillance

"Okay, but seriously guys this time we're telling the truth."

albeertoni | 12 years ago | on: NSA loophole allows warrantless search for US citizens' emails and phone calls

Schneier linked to a study that might explain why some people don't seem concerned about their information being collected for secret government programs.

http://www.schneier.com/blog/archives/2013/07/secret_informa...

Of course, there's also the "I've done nothing wrong, I have nothing to hide,"-type folks, and people who are generally authoritarian too.

albeertoni | 12 years ago | on: Silent Circle shuts down email service

Session negotiation in silent phone is P2P, it's a ZRTP session with keys negotiated by DH exchange.

albeertoni | 12 years ago | on: Ask HN: do you trust your "secure email" now?

Not especially. As others have mentioned, email leaks metadata and the existing protocols are such that it would be impossible to secure them reasonably.

Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.

It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.