0 Members and 1 Guest are viewing this topic.
Pirate Bay founder Peter Sunde is working on a new messaging platform that will be impossible to spy on, even by the people who operate the network. Using end-to-end encryption in combination with a user-friendly interface, Heml.is hopes to cater to the demands of millions of privacy-concerned Internet users. “In this day and age we can’t do without encryption,” Sunde tells TorrentFreak.Over the past month the PRISM scandal has dominated the news, with many people calling for stronger privacy protections as a result.While it may not come as a complete surprise that nearly all communication on the Internet is monitored and stored, the revelations have brought talks about encrypted communication to the mainstream.One new startup that hopes to lead the way in the next generation of encrypted communication tools comes from Pirate Bay founder Peter Sunde. The former Pirate Bay spokesman is no newcomer when it comes to encrypting traffic as he is also connected to the privacy-focused VPN service iPredator. However, with his latest project he hopes to take things to the next level.Sunde and two friends are currently working hard on Heml.is (“secret” in Swedish), a spy-proof messaging App for both iOS and Android. Aside from its pretty looks, all messages will be encrypted so no one except the sender and recipient will be able to read their contents.
For now Heml.is remains purely slideware. The intended user interface looks pretty in the above publicity video, but what's more important is whether the application will be truly secure. Sunde et al promise to carry out "audits from trusted third parties on our platforms regularly, in cooperation with our community", but it's unclear whether this will include peer review of the software itself: the cryptography involved may somehow be flawed.After all, the security bugs recently found in chat tool Cryptocat are a reminder of how subtle errors in pseudo-random number generators and other crucial code can render a program insecure: Cryptocat created weak key pairs, which left its group chat feature vulnerable to eavesdropping for months if not years.It is understood Heml.is will be built on a foundation of proven technologies, such as Extensible Messaging and Presence Protocol (XMPP) with PGP. Messages will be deleted from the service's central computers after they are delivered, we're told. "Messages will only be stored on our end until they have been delivered to the recipient. We might add support for optional expiry times to messages, in which case messages would be stored until they had been delivered or they expire. Whichever comes first," the trio stated.Secure mobile messaging applications, such as Silent Circle, and protocols, such as OTR (Off-the-Record Messaging, an instant messaging encryption system), already exist. Sunde and co argue there's a gap in the market for a privacy-protecting app that's nonetheless easy to use. The programmers highlight the usability shortcomings of OTR that they aim to address with a more user-friendly app" QuoteEven though we love OTR it’s not really feasible to use in a mobile environment. The problem is that OTR needs both parties to be online for a session to start, but a normal phone would not always be online. It would not work at all for offline messages neither.[/b]The developers of Heml.is acknowledge that the app is only secure providing the smartphone running the software is clean of malware and not compromised in some other way. The same limitation applies to every phone messaging app we've come across, including Silent Circle.It's not clear where Heml.is's servers will be based as yet, although the developers have naturally ruled out the US as a possibility. "Our goal with HemlisMessenger is to give a safe alternative to SMS, MMS, WhatsApp, Kik etc. Technology and jurisdiction matters, we know both," Sunde said in a Twitter update on the project.Sunde - who helped start up the wildly popular file-sharing website Pirate Bay - has some form in developing privacy-protecting internet technologies in the shape of the his consumer-focused iPredator VPN, which has been running for five years. However Swedish online payment services provider Payson recently stopped handling requests to pay for iPredator VPN and four other similar services in Sweden using either Mastercard or Visa card payments. The issue, which means iPredator VPN customers need to go through the chore of paying using either bank transfer or Bitcoin, remain unresolved, according to the latest update from iPredator.
Even though we love OTR it’s not really feasible to use in a mobile environment. The problem is that OTR needs both parties to be online for a session to start, but a normal phone would not always be online. It would not work at all for offline messages neither.