Vice has me very cautious these days in general, as well: https://tobacco.ucsf.edu/disney-fox-hearst-time-warner-tied-...
https://github.com/Spark-Innovations/SC4
It's based on TweetNaCl, libsodium's smaller sibling. It can run standalone, i.e. no server required.
No group chat yet, but that's a relatively straightforward extension. I have two-party chat working in private beta. (Chat does require a server, though.)
I'm inclined to agree with that assessment.
> But if you don't trust them
Trust, but verify.
IIRC they were discussing hiring a friend of mine (whose knowledge in software security is something I respect greatly).
We really wanted to use the pure go implementation, but it doesn't cover as much functionality. Detached signatures for example.
Article: http://arstechnica.com/business/2016/03/go-ahead-make-some-f...
Security: https://www.documentcloud.org/documents/2756350-Wire-Securit...
I'm dying for an app that eventually does three things:
1. Secure. A few of them exist
2. UX. I love Telegram, shame it doesn't fit item #1
3. Temporary. I actually really love Snapchat's ephemeral images and/or messaging. Telegram does a good job at this with auto destructing messages.. but it saves images on the system[1], and i don't trust it removing from the cloud in a timely manner. And of course, Telegram fails #1.. making temporary communication all the more troublesome.
[1]: This may be limited to certain systems, such as Android. But yea, don't save an image of an important document in a "secret" chat on Android.. it saves it to your filesystem.
No UX complaints here. I don't think it has ephemeral messages, but you can delete per-contact history of end-to-end encrypted msgs. There's a neat doodle/whiteboard feature. The surprising killer feature of Wire has been the quality of audio, which may be due to their hiring of former Skype engineers, http://www.wired.com/2015/08/wire-declares-war-on-terrible-c...:
"You know that vague hissing noise that’s omnipresent during your phone calls? It’s called “comfort noise,” and it’s totally artificial. It’s placed there so that when you hear those brief moments of silence between each speaker’s vocalizations, you don’t think the call has disconnected. In Wire, there’s none of that; it’s actually a little jarring, not hearing anything at all when no one’s speaking ... a Wire group call is also set up in a sort of virtual space. Sound comes through the app in stereo—you really need a headset to experience it—and the app’s post-processing is able to delay it by a few milliseconds in one ear or the other. The effect is that even though you’re all on a call, it will always sound like Mary’s sitting on your left, Mike is right in front of you, and Stephanie is a few seats over to the right. Your brain doesn’t have to re-identify a voice every time it starts speaking."
2. It's similar. Visually distinct the UX is close enough to what people are used to from other IM apps, I would say.
3. Not. We've experimented with this internally but so far have not decided to release ephemeral aspect to public. Not enough demand. As someone else commented - you can delete content from your devices (syned across if you're logged in from more than one), but content will remain on other people's devices.
After helping make a slack-style client-side encrypted productivity app (https://balboa.io) that has been on life-support for the last 2 months, I have a lot of respect for people that attempt to make this space more secure.
It's not easy.
A few lessons learned that may be useful to others:
1. Most businesses and consumers are ok with their data being available to companies like Slack and Google because they trust these companies. They feel that regardless of reality, their data is safer with Google or Slack because those companies have a lot more to lose if they fail.
2. The SME space for productivity apps is pretty much the same as the consumer space. You're going to be competing with Google. SMEs are actually really cheap and scrappy: they don’t spend money on non-bottom line affecting stuff. If you want to sell security to them, it has to be essentially free
3. Reputation is more important than (or at least AS important as) your technical chops. You're asking people to trust you. You can show that you are competent by demonstrating a mastery of the technology, but that may not be enough to show that you are also trustworthy.
I don't like SpiderOak's pricing models in general because of how it seems to oversell and upsell services. For personal teams/groups, there are free services like Telegram (awesome user experience that keeps improving at a fast pace but poorer homegrown crypto with normal messages stored in plaintext on the servers) and Signal (great crypto but awful user experience, slow and buggy app and slow and unreliable message delivery).
One of the things we tried to accommodate is that teams can be paid for by the individual members instead of one entity having to foot the whole bill. This was one of the common complaints we saw about Slack, where large communities enjoy using it but had no way to pay for better service.
You can use Semaphor for free just like Slack, with limited historical content retention.
Also, for what it's worth, I use Signal daily for personal messaging, and my own experience with it has been great. We think of Semaphor and the team/business context as as having pretty different requirements (and therefore somewhat different underlying crypto structures) than individual messaging. The biggest differences are about message retention and what happens when you want to invite a new member to an established conversation.
It seems like the personal plan pricing is high, considering that "personal" use as such may not be high volume or high storage in general for such an application. But that's just a thought without any information, and as such, not useful. It may be easier to judge it after knowing what it provides in every tier.
My comment on pricing was based on the pricing model you have for the backup service, which is highly nonlinear with a very high jump between tiers to push people to buy into a larger one. The plans at 30GB and 1TB remind me of Dreamhost and oversold plans (not that it's wrong business wise, but it doesn't seem fair from the customer's point of view).
