"Deleted from our server" assumes the user has no understanding of data forensics.
We really need TextSecure on iOS soon to stop the proliferation of all of these silly privacy apps. There needs to be a strong cross-platform alternative.
TextSecure is very open about the crypto protocol and provides details that independent researchers can evaluate. It's also made by a well-known expert that we trust to do it right.
Wickr is pretty shady about their protocol.
They also make me uneasy because they use the term "military-grade encryption" a couple times on their site. This is a pretty common snake-oil security term...so it makes me uneasy since the protocol details are nowhere to be found.
Does Path have any interest at all in making money so they can, ya know, become a real business? Or are they just another participant in the big-VC social network app ponzi scheme?
I addressed this in another comment, but the ability to message businesses that they are rolling out in the summer would be their gateway to actually making money (businesses want to hear feedback about themselves but there aren’t many solutions that address this well yet).
This is all public though. Given Path is a "private" social network then if businesses can resolve issues without getting into a public mess, talking to the customer in a private tunnel in a sense, it’s easier to diffuse situations.
Path acquired a company that deals only in business feedback and say they’re rolling out their tech - even if they don’t plainly say it - in the summer (check the bottom of the talk page).
Just because they’re dealing with private social networks now doesn’t mean they can’t tap into another market, especially now when the private social network thing doesn’t seem to be working out for them.
I think the reasoning they are shooting for 24 is because their application seems to be based around contextual conversation. Having a retention period of zero pretty much eliminates context.
Apps like Snapchat, deleting the message as soon as it's viewed, wouldn't work when you want to apply a ton of context in the conversation. Too often I'm having a "conversation" on Snapchat but it's more like small snippets of text and a lot of me questioning what the other person said a few hours ago.
They're referring to retention on the server, not the phone I believe. The phone could store the message indefinitely even if the server didn't. The server just needs to hold it long enough for your device (devices?) to download it.
If they really took privacy seriously they wouldn't be able to decipher the message even as it passed through their servers. There are already apps that make end-to-end encryption user friendly (Telegram comes to mind).
Even iMessage uses end-to-end encryption. It's a pretty poor sign if it's less secure than the service already built into the phone.
(And yeah I know iMessage isn't open source and so this is difficult to verify, but "Talk" isn't open either. Apple published a big PDF about how they do encryption - if this were proved to be false it would destroy all trust in Apple forever, so I believe what they say.)
tl;dr: "Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data."
Interesting, did not know that. Apple is still in a position to MITM the transaction if they wanted though (Telegram provides a key visualization that can be compared offline to prevent this)
>When someone starts an iMessage conversation with you, they fetch your public key(s) from Apple’s servers. Before that message leaves the sender’s device, it’s encrypted into something that only your device knows how to decrypt.
From the article, that's the part where Apple could MITM the communication, because public keys retrieved from Apple would be automatically trusted. They can just silently inject an extra public key for which they have the private key. That said, it seems like the protocol at least has forward secrecy, meaning that if they didn't inject a bad key when the message was sent, there's not much they can do later to decrypt the message (unless they have a backdoor that allows them to force your phone to send them its private key)
What if the other phone is off at the time? You kind of need a server to act as a buffer. No reason why it couldn't be client side encrypted though... iMessage does that.
You'd use a basic store/forward protocol. Sender sends message to a zero-knowledge server. If the sender has no network the encrypted message is stored locally, on the client device until the server can be reached.
Similarly, the recipient polls the server for new messages only when online. Any messages accumulated by the server since the last sync are downloaded. That's the easy part. More interesting is the key exchange that needs to take place between sender and recipient for them to exchange messages securely. The idea being that both parties each create a public/private key pair for each other, and then use each others public key to encrypt the symmetric key that decrypts messages.
Straight-forward enough. The problem here is when you want to exchange messages with Bob, you need to know that you have the real Bob's public key, and not an imposter's key. While an in-person, meatspace exchange will give you the assurance you need, that's not always practical.
That's a funny way of spelling "we will give all your data to the NSA".
If they really cared about my privacy, then their app would encrypt the data on the way out and automatically decrypt it by the receiver, so that any information on their servers would be unreadable. Oh and their app would also be open source.
Does anyone know the reasoning behind this? Off the feature list, it seems like it has little more to offer than Whatsapp, and easy worse platform support..
They also acquired TalkTo, a startup that lets you chat to business. The ability to talk to your friends using Talk is just a trojan horse to connecting you with businesses later on, where real money would be made.
Next time you are out, check out what most people are doing on their phones. SMS dominates usage so much. Most people don't use desktop chat outside of tech
I don't own a smartphone and I use SMS a lot. But I barely use online chat system nowadays (MSN/AIM used to be the rage within my peers circle but it's now gone and fb chat or g+hangout didn't replace it).
http://www.theverge.com/2013/4/30/4286090/path-is-spamming-a...