So I'll assume at the very least you are changing your encryption keys and signature atleast once a month. So given the root of this question and saying email + pgp via email and not on device is the baseline for threat level, and not end all be all of security. Well, if the mobile number hinders OPsec, Which like I am telling everyone going into the 2020 election, it actually does, considering bee lost 160m voter data files with 80k data points each for lack of info/ops. It's really up to you and what you feel is your opsec plan. Also I prefer an open source application when dealing with security. Personally I lean towards Signal as my opsec plan does not call for the person I'm chatting with to not know my phone number. Signal has no software restrictions due to paid tiers, Wickr does.īoth of these apps have great reputations as secure messengers. They indicate that all data sent is encrypted and they don't know how you use your account except for the date the account is created, the date you last logged on, and the type of device you installed the app on. Wickr's privacy policy indicates that they only store messages for 6 days to ensure delivery. They can't tell who sent it even if they wanted to. Signal has what's called sealed sender which means that because of the way the encryption is employed, the server only knows who a message is addressed too. The server only knows the smallest amount of metadata possible about you. Signal does not keep any messages on its servers after delivery. This is usually considered to be more anonymous than a phone number Wickr allows for username and password login. This also means that it might be easily tied to your physical person. All you need is to share numbers and the app does the rest. This means it's a identifier that has a low entry barrier for your social circle. Signal uses a phone number as your unique identifier. But that's a personal bias.īetween Signal and Wickr I will highlight some of the comparisons that stand out to me. For me I like a company being transparent in how they create the app and how they make it run to help gain my trust. Personally I don't see much benefit to an app being closed over open. However there is always the counter argument about licences. Services like Wickr have a paid aspect and if the app is fully open, it might be easier for people to replicate and use in other ways that don't gain the company money. I don't see many companies actively using closed source as an argument for security but rather to protect intellectual property and financial gain. Also it means that if someone does find a vulnerability, it might remain in the source code for a long period of time depending on how often a company performs code audits. Many will argue that this is not really security and that it hinders the trust factor for a sensitive app (such as a secure messaging app). This is often referred to as security through obscurity. Also your enemies won't know how your app operates as easily to find flaws. Being able to see how it handles your data (and that it handles it correctly) makes a user trust it more than a closed system where the user is not sure if a backdoor, spying mechanism, or other fault exists.Ĭlosed source proponents will argue that closed source makes it harder to break into because the code is harder to obtain (reverse engineering). Open source also makes people feel like they can trust the application. The theory is that because anyone can go through the source code there are more people who would spot issues and report them. Open source relies on the "many eyes" to guard against failure or bugs. In response to the open source vs closed source debate here are some aspects I would consider:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |