Zimmermann's Silent Circle Now Live

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

Now, with centralized user tracking!

[Animats]

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.

You cannot subscribe to good crypto

[betterunixthanunix]

How many times will subscription approaches to crypto have to fail before people understand that it does not work? It failed with Hushmail, and it will almost certainly fail here.

Re:Now, with centralized user tracking!

[pnot]

Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.

The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.

"But why trust the skilled individuals?", you may ask. Answer: because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code. At any rate it's a more sensible strategy than "assume that Zimmerman is both infallible and incorruptible".

Re:Now, with centralized user tracking!

[phantomfive]

He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever.

Then you don't pay attention enough.

Re:Now, with centralized user tracking!

[martin-boundary]

The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.

Yes. Let me just add a nitpick. It is necessary that *any* user can *initiate* an independent audit of the code he personally received.

Merely trusting a community of experts who choose to publish their audits as they please is another form of argument from authority. It's a slippery slope to a world where the source code is only available to qualified experts, since there would be no point in making it available to nonqualified individuals.

Instead, the point of open source is that any user can hire an expert of their choosing, to work on source code as given to them (not source code the expert downloaded from a presumably equivalent source). AND THE PROBABILITY THAT SOME USERS ACTUALLY DO SO MUST BE STRICTLY POSITIVE.

because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code.

Like nearly everybody, cryptographers tend to act in the best interests of their employers. That is why it is necessary for random users to hire such cryptographers every once in a while, as outlined above.

We cannot trust that the usual employers won't keep quiet about the findings for selfish reasons, eg large companies like Microsoft or Google sitting on discoveries until they can create and deploy a patch.