Silk Road forums

Discussion => Security => Topic started by: Pure Red Eye on July 11, 2013, 11:29 am

Title: Hemlis Encrypted Smart Phone App
Post by: Pure Red Eye on July 11, 2013, 11:29 am
This article is from the Independents website,

written by James Vincent.



Pirate Bay co-founder Peter Sunde has announced his plans for a new encrypted messaging app for smartphones named Hemlis (that's Swedish for secret).

The project has been created in a direct response to global concerns over online privacy and government snooping following the PRISM scandal. 

“All communication on today’s networks are being monitored by government and agencies and private companies,” says Sunde in a video introducing Hemlis. “The politicians are not going to stop it, they’re actually asking for more. That’s why we decided to build a messaging platform where no-one can spy on you, not even us.”

The app will use end-to-end encryption to secure users’ messages, though as the creators note on their website: “Nothing is ever 100% secure. There will not be any way for someone without access to your phone to read anything, but with access to your phone they can of course read the messages. Just as they can use any other app you have installed.”

The app will be free for messages only, and Sunde and his fellow co-founders promise that they won’t fund Hemlis via ads or selling data. Instead they will raise money by charging to unlock extra features like sending images.

The group is hoping to raise $100,000 initial seed money to fund the app, and at the time of writing have raised just under $40,000 from over 2200 backers in less than 24 hours.

Although encryption is certainly the key selling point for Hemlis, other over the top messaging apps (OTT) like WhatsApp have also generated success from their simple and clean user interfaces. Hemlis hopes to mimic this success by creating a “simple and beautiful user experience”.

Although Hemlis may ultimately prove a niche product, its early success indicates widespread interest. It certainly wouldn’t be the first privacy-centric tech product to benefit from news of the NSA and GCHQ’s snooping habits – anonymous search engine DuckDuckGo experienced a similar boom in interest after the revelations.
Title: Re: Hemlis Encrypted Smart Phone App
Post by: SelfSovereignty on July 11, 2013, 11:37 am
I have only this to say to Mr. Peter Sunde: "fuck you.  Thank you and good day."  You can't have a messaging app as simple and ubiquitous as WhatsApp and have it be secure.  Is it theoretically possible?  Well... yeah, sorta kinda -- but only in the same way that it's theoretically possible for me to never pay my power bill again and have them forget and just leave the power on.

TextSecure.  Free.  Open source.  Uses the OTR protocol, I believe.  The limitation?  Android only.  But it's as fucking simple as a stock messaging app.  Take your pick: security or so-easy-anybody-can-do-it.  I have yet to see or hear about a single program that got both right -- not a single fucking one.  I doubt his will be the first, but hey... I've been wrong before.
Title: Re: Hemlis Encrypted Smart Phone App
Post by: FartBomber on July 11, 2013, 11:48 am
This guy is capitalizing on the lack of information people have now about already viable options for secure messaging on mobile devices and the recent media attention for PRISM and other spy scandals. It will only lead to even more fragmentation of messaging apps and by the sound of it this app wont be even secure because the database in which the messages will be stored isnt encrypted.

Fuck you Peter Sunde
Title: Re: Hemlis Encrypted Smart Phone App
Post by: Nero on July 15, 2013, 11:01 pm
Can we get more input and opinion on this from more of our security guys? Astor? Kmfkewm perhaps?

I saw an article today about this. If it can do what they say, it'll be a blessing.

Why would they not encrypt their servers? Where did you hear this from FartBomber? Their website says the messages will be saved on the server until they are delivered or expire, but it says nothing about security. But what they do say is this:

 'The Fundamental benefits of Heml.is will be the app together with our infrastructure, which is what really makes the system interesting and secure.'

 That's on their website. It just wouldn't make sense for a security app start-up to not secure their server.
Title: Re: Hemlis Encrypted Smart Phone App
Post by: tbart on July 15, 2013, 11:28 pm
there was an article few weeks back about a new offering from a south african company called seecrypt - encrypting both voice calls as well as text msgs, both for Android and iPhones - obviously both ends have to have the app, which means both ends have to subscribe to their svc - iirc, the svc ran about $5 / month

part that bothered me, one of the owners of the company was a former US Secret Svc agent - i can't believe they haven't given the feds a back door

https://www.seecrypt.com/
Title: Re: Hemlis Encrypted Smart Phone App
Post by: SelfSovereignty on July 16, 2013, 10:27 am
Can we get more input and opinion on this from more of our security guys? Astor? Kmfkewm perhaps?

I saw an article today about this. If it can do what they say, it'll be a blessing.

Why would they not encrypt their servers? Where did you hear this from FartBomber? Their website says the messages will be saved on the server until they are delivered or expire, but it says nothing about security. But what they do say is this:

 'The Fundamental benefits of Heml.is will be the app together with our infrastructure, which is what really makes the system interesting and secure.'

 That's on their website. It just wouldn't make sense for a security app start-up to not secure their server.

What, my flippant, dismissive, adolescent, "I don't feel like bothering to really examine this but I kinda feel like being sort of a dick right now," comment didn't do it for you?  And I worked so hard on it, too...  :'(

If they can decrypt data, then the government can decrypt it too.  Encryption is basically useless if your enemy has the decryption method also.  In fact, in a way, it's worse than useless: it leads people to believe they're safe when they're anything but.
Title: Re: Hemlis Encrypted Smart Phone App
Post by: FartBomber on July 16, 2013, 11:47 am
Why would they not encrypt their servers? Where did you hear this from FartBomber? Their website says the messages will be saved on the server until they are delivered or expire, but it says nothing about security.

I was talking about the messaged stored on the recipients phone, because of this quote from the original article;
Quote
but with access to your phone they can of course read the messages

For example with the app Textsecure this is impossible making it better thenb Hemlis. As far as the messages which are saed on their servers, they are encrypted because the whole thing is build around PGP which facilitates end to end encryption.