I'm not saying you should purposefully select US technology in order to avoid surveillance, just that "hosted or made in Switzerland" messaging in privacy tools isn't very meaningful, and takes advantage of an emotional reaction in prospective customers, not a rational one.
Plus, if you're not an American citizen, you have no rights so far as three-letter agencies are concerned, whether your data is stored in the US or elsewhere.
The choice is between data stored in the US, where data can be obtained through legal means or hacking, and data stored elsewhere, where it can only be obtained through hacking.
But as a smart approach, for folks ie in Europe, US is a big no-no if security is a concern.
Switzerland has strict data protection laws, that’s why some companies are established there and pushing that branding (also, low taxes).
Crypto_AG (founded in 1952) was part of secret US/West German government project.
Are you claiming that Andreas Wiebe, Hulbee AG, Swisscows AG are also working for the US government?
Are they not using the “Swiss” brand as a pretext to convey safety and imply security?
OP is pointing out a clear and recent example that the “Hey this is Swiss” therefore must be “safe, secure, reliable” is no longer the truth.
https://www.swissinfo.ch/eng/business/no-official-outcry-in-...
Given this precedent, there's good reason to believe it would happen again. There is not reason to believe that the people behind Teleguard today would be in favor, but there is good reason not to become wedded to the service given the risk that it may change hands or be operated similarly to Crypto AG down the road.
> The goal of the system is to monitor both civil and military communications, such as telephone, fax or Internet traffic, carried by satellite.
This app has "1,000+" installs on the Play store (Threema: "1,000,000+"), and doesn't use phone numbers as IDs, i.e. it's only useful if you for some reason want to migrate all your friends to a brand new chat app that nobody else has heard about, and that has no really unique selling points, and thus little chance of building meaningful network effect (which is critical for chat apps, because a chat app without people to talk to is useless). As a result, it seems unlikely to be successful and thus unlikely to be supported (or exist) long term.
It seems to be a poorly thought out attempt to jump onto the wagon train far too late and get users trying to flee WhatsApp. Due to the network effect, adding choice is likely to help only the incumbent (WhatsApp) by making it harder for any of the alternatives to reach critical mass.
The crypto design is also highly questionable: They say they're using "SALSA 20", which is a low level primitive (comparable to e.g. AES), not a complete protocol. Advertising primitives shows little understanding of the actual problems in cryptographic practice, and thus a significant risk that not enough work went into designing the protocol around it, resulting in something that is insecure overall.
Before Snowden/Poitras/Greewald, we trusted Moxie Marlinspike mostly because of his dreadlocks and some conference appearances. Very, very, few people understood what a ratchet was, let alone read the code. We trusted founders Jan and Brian of WhatsApp I think because they wrote t-filez. Security is in many ways cultural and aesthetic as it is technical. SILC was a thing for people legitimately being spied on by their governments in the pre-occupy anti-globalization movement - and then suddenly it wasn't.
I want a product like this to succeed, so why snark about these perfectly nice seeming people's new tool? Because security has serious consequences. We don't need to tell anyone what we need privacy for, but I think we're still lacking a clear "for what," to evaluate privacy technologies against.
The threat we need to build privacy tools against is essentially suburban-bourgeois and mob governance. When you look at old "alternative" culture, or why people still go to things like burning man today, it's to engage in what are essentially aesthetic communities of desire and to be free of political oversight and surveillance. The criteria I would propose for a secure messenger is that it can create a private perimeter to facilitate the freedom of something like burning man for a community of users. If it isn't designed to create that kind of growth, it's a reaction with a limited horizon and just bargaining with the inevitable.
Personally I think a privacy product that is for everyone is necessarily for no one. Maybe this is the one that gets used by the next burner-level community to emerge, but the conversation about what-for will be the thing that drives the adoption of it.
no, that’s exactly wrong in ways that really matter, distracting us from real threats to free and fair living, which are exertions of power by large organizations (including governments) and wealthy (influential) people (including politicians).
the focus on the capitol disturbance is exactly this kind of distraction as well, trying to vilify the relatively powerless while the real ‘villains’ (to satirize) ratchet up their hold on power and insulate themselves further from consequences and answerability to their constituent stakeholders.
we should not be looking askance at each other, but rather askance at anyone trying to garner power and influence. the balance of power has no lasting stable mode so we as citizens must keep tabs on power. the last 50+ years has been a slow neglect of that duty, allowing ourselves to be distracted by all the new shinies.
Not because experts had reviewed the design and found it good? (Serious question, I don't know what the exact timeline looked like, i.e. when people were trusting the apps vs. when reviews became public)
But, honest question, is there such thing as the "Swiss guarantee" in tech?
What have the Swiss ever done for us, in computer science, to demand such respect just by mentioning the place of origin as certificate of trust?
In general flag-bearing, however, the US might just beat out Switzerland but I doubt either are at the top of that list.
There are parts of Switzerland that are extremely conservative - think deep American south but more. Women's right issues are far backwards than the deepest of US south. Women in gained the right to vote in federal elections in 1971 in Switzerland.
Switzerland is also small, the size of SF Bay Area (~ 7 million people). Most people don't realize how small Switzerland is - not in land area, but in many other aspects.
There is also some friction with Germany when it comes to culture and customs. The Swiss pride themselves to speak Swiss-German. Never suggest buying a German watch or you're going to get nasty reactions :-)
Last but not the least, Switzerland has declined to be part of the EU and majority of the people are against joining it. There are a lot of parallels than differences between Brexit philosophy and Swiss sovereignty.
Also -- "Complex encryption system for all transmitted data" does not seem like a particularly good thing.
The faq for "why use this" says it uses the best crypto ever: salsa20. That isn't better or worse than aes in terms of security and it's also missing a few components (surely they haven't reinvented digital signatures using a stream cipher). And they say it complies with the law, like okay yeah that sounds pretty standard.
Frankly, it looks shady. No profit model, inconsistent text styles, weird reasons given for why it should be better, a brand name whose abbreviation conflicts with an established competitor (seems like a throwaway name), no source code / f-droid release, handful of downloads on Google Play Store, and claiming with a straight face that literally no user data is stored - what, does it not store incoming chat messages until my device comes online? It just isn't true.
Don't know if this is a Show HN (it's not labeled as such) or just someone who randomly found it, but I'd be curious to hear from the developers what the thought process is here.
Edit: checking out the company behind it, they have paid privacy products. I guess it's not as shady as it first seemed, but it's also not quite ready for launch given the competition's state of maturity. It's a hard market to get into I think, it might make more sense to fork Signal and make it use usernames and European servers to at least have something to work off of.
I'm so over any sort of branding that proclaims the superiority of one nation over others. [2]
If we really wanna give credit, why not list the actual names of the engineers that came up with the encryption mechanisms?
Same goes for Apple's 'Designed in California' etc.
Did I miss it, or is this a wholly proprietary thing?
https://www.washingtonpost.com/graphics/2020/world/national-...
1. All cryptographic keys controlled by the users.
2. Some way to confirm you are actually connected to who you think you are connected to.
3. A way to confirm that the code you are running is not leaking keys/content.
I could not find a claim for any of these. But Telegard still claims end to end encryption as a feature. They could of just left things with how trustworthy they are and called it a day but they just had to check all the marketing boxes.
I've discussed nothing on a conf/video call or exchanged messages that are so sensitive as to absolutely require encryption. There are no absolutes in security anyway. Sorry, but I'm sublimely unparanoid at my national government reading my emails. While I could probably be accused of being a member of the metropolitan elite (c.f. suburban-bourgeoise), I've never said in real life or written online anything to threaten anyone.
Instead, @Barrin92 argues that the concern is leakage to allow corporate use of that data. I agree with the concern, but contend that regulation is the answer. I don't believe I've received targeted ads based on the content of my inbox, yet my inbox arrives over unencrypted SMTP. A special case can't be claimed for messaging. The problem isn't weak regulation, the problem is that messaging apps are largely in the hands of few -- and not interoperable.
Jabber and SIP aren't in the hands of a single company and for me, the direction of travel has to be federated across autonomous providers along the lines of interoperability.
I haven't tackled any of my acquaintances about it but suspect that the remainers from the defection from WhatsApp that Facebook provoked include a fair number that take a "out of the frying-pan and into the fire" or "better the devil you know" stance moreso than inertia.
There isn't money in it in the sense of the unwelcome TeleGuard HN spam. But, rather than banging-on about encryption, espionage, and elites, what those with the resources need to do is to use them to help democratise messaging.
In the FAQ, there's this:
> Which operating systems are supported?
> TeleGuard supports all Android devices with version OS 5.0.3+ and all iPhone devices with at least iOS 9.0+.
It's good to support a few older versions of operating systems, but I don't think a messenger can promise security or privacy if it supports operating systems that are quite old by mobile standards and aren't getting security updates for a long time. Wikipedia says that Android 5's latest release was nearly six years ago (April 21, 2015) and that of iOS 9 as 17 months ago (July 22, 2019). Supporting iOS seems kinda ok, but supporting that Android version looks quite bad.
I also judge websites by what they say and how they say it. In the FAQ, after the answer for "07. Edit Profile", there's a list of bullet points that looks like a to do list for additional FAQs that haven't been completed:
• Send media
• Forgot password?
• How is TeleGuard financed?
• Registration
• Add contacts from the phone list
• What kind of encryption does TeleGuard use?
I don't think this is ready for prime time yet.
DONT trust Swiss enc. Products
BTW: I'm Swiss
we are not subject to the data protection laws of the EU / USA and do not have to pass on any data, but GDPR-compliant.
Wat.
If they're not subject to EU laws, they're not subject to GDPR. Is this a joke?
These are the same folks that looked the other way on Hitler (and in fact were his preferred banking location) and recently sold a phone with a backdoor while claiming it was private.
The Swiss are extremely systematic, which makes them great at banking, but ethical? Not sure about that.
But both of those tropes might very well be a little stuck in the last century imho.
