Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin
Show HN: ChatSecure iOS v3.0 (OTR + Tor + XMPP) (chatsecure.org)
74 points by chrisballinger on Jan 5, 2015 | hide | past | favorite | 28 comments


If you are so concerned about privacy and security, why use an iOS device at all?

Note: I am not trolling. It is a serious question. I mean, probably no one would be using ChatSecure if it were not Free Software, rightly, because nobody could audit its source code, but then isn't it a security/privacy issue using it on top of a completely closed platform?


Because there's a tradeoff between 'privacy and security' and 'convenience', and most people like to fall somewhere in the middle.

It's like locking your doors on your house. Sure, a burglar could break the door down, smash a window, follow you around and steal your keys, etc., but it adds a level of security and precaution that keeps some of the bad guys out while not being insanely inconvenient.

I care about the privacy and security of my home, but I'm not going to live in a bunker.


A closer analogy would address a group controlled by a few which has the resources to install people (whom believe that are doing good things) into positions that have access to your private keys. It's more like there is an automatically updated encrypted manifest of your house available. The bunker analogy is bad unless you think we should meet in the middle on infosec. At some point, this same conversation will be about hardware inside our heads, we already use these devices like second brains.


Yeah, my housecleaner, dogwalker, and certain other people have keys.

I run the risk of them deciding to one day loot everything I own, and yet, I realize that the convenience of the services they provide is worth that minimal risk.

Same case with my cell phone.


Most people don't choose their devices like a developer would and instead focus on things like ease of use (or the best marketing campaign). Just because a platform doesn't offer completely perfect theoretical security and privacy, users should still have access to tools that can help.


1. You are using the device you already have

2. You know that for non-experts the free software distinction is pointless because almost nobody actually audits the installed binaries either way

3. You value the security benefits from iOS's more restrictive app sandbox and mandatory code auditing.

(That last is not an Android slam – both policies have their merits but the net effect is that Android has more malware than iOS because there are multiple ways to get code onto the device and the vast majority of users can't meaningfully make security decisions)


It is clear that there really is no iOS's mandatory code auditing. If there was, there would be no iOS apps that pose as one app but are actually an other (like emulators).

There is some auditing, but it isn't fool proof and for developers it is a huge pain in the butt.

And there are multiple ways to get code on an Android device, but by default only the play store is enabled. You need to go into settings and accept multiple warnings to sideload apps.


> It is clear that there really is no iOS's mandatory code auditing. If there was, there would be no iOS apps that pose as one app but are actually an other (like emulators).

If you believe that, you need to do some research first. Many people have verified that apps are flagged for using private APIs, certain syscalls, trying to access certain file paths, etc. Nobody's claiming that Apple has solved the halting problem or that static analysis can't be bypassed (see e.g. http://www.news.gatech.edu/2013/07/31/georgia-tech-uncovers-...) but static analysis + even limited runtime monitoring is a lot more than than the disastrous status quo for the desktop world.

> And there are multiple ways to get code on an Android device, but by default only the play store is enabled. You need to go into settings and accept multiple warnings to sideload apps.

This is exactly why I noted the users’ inability to make security decisions reliably. That doesn't mean Android is bad or that the iOS model lacks drawbacks – it's just an explicit tradeoff: J. Random Hacker loses the ability to install an app on iOS without going through the app store process so J. Random Phisher can't convince someone to install their app for free games/movies/coupons/porn/alleged security benefits/etc. Given that has already happened to non-trivial numbers of people, I can understand why they made that decision even if I'm not completely comfortable with the implications.


That way lies the path of not having a smartphone.

All smartphones on the market involve some level of closed source - whether that's the baseband, the graphics blob, the chipset, the ROM, the firmware, or the complete operating system. Any of these could theoretically intercept the voice from the microphone / speaker, encode it and ship it on some back channel to the Five Eyes.

At that point it's simply a matter of where you draw the line between paranoia (that the NSA are reading your thoughts and have compromised everything) / idealism (e.g. RMS) and ease of use.


Even if you don't use iOS, you may wish to communicate (relatively) securely with those who do.


Good point. Until we control of the baseband it's somewhat moot what smartphone you use.

Anyone working on an open LTE stack? I'm looking for the donate link @ http://bb.osmocom.org/trac/ ...


Great to see this finally get out there, it's been awesome to watch this project develop!

This is also a particularly good release write-up, big ups to the team for writing about all of the components that have gone into this new release.


We in Actor.im tried to build tor-enabled messaging (on better and faster protocol), but for working tor engine need to download 1-3mb files every 4 hour period. So, this became useless in mobile environment. Tor need to do step forward to mobile before we can really use it.


I was excited about the possibility of federated XMPP over mobile hidden services, mainly because of the built-in NAT traversal. It could make creating a "good enough" XMPP server as simple as buying a cheap Android phone, installing an app, and keeping it plugged in somewhere.


Would it be possible for TextSecure and ChatSecure to interoperate (at least with chats)? Or would that create too much pain for both groups to support each other as they (possibly) diverge in features?


I'd love to make this happen, but it won't be possible unless they support open federation, which is currently impossible when using your phone number as the identifier. I do plan to support Axolotl in conjunction with our provider-agnostic push solution, which could potentially provide a bridge between the two platforms.


I'd love to see Moxie review this!


I'd rather see Signal have text messaging enabled first ;)


Yeah me too ;)


Very excited for this, just from the GUI point of view it's a big step forward.


Fantastic work, Chris! It's really great to see that ChatSecure has such an ambitious roadmap.


Pretty excited about the hidden TOR xmpp functionality in this version, since NAT won't ever be an issue.


Why not use Signal?


Signal doesn't do messaging on iOS right now, only phone calls.


It will soon! After playing around with their latest Signal 2.0 beta that integrates TextSecure support, I honestly would recommend using Signal unless you specifically need Tor/OTR or want to host your own XMPP infrastructure.


Oh nice, I'd love to give the Signal 2.0 beta a go if you have any invites into the beta testing? :)


Does the fact that they use Tor make it more secure? It seems like the network has been getting hacked a lot lately.


It's not "getting hacked a lot". What you are talking about is probably just the take-down of a few hidden services with poor operational security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: