person:moxie marlinspike

  • Binance’s $1bn fund and its first step into institutional investing
    https://hackernoon.com/binances-1bn-fund-and-its-foray-into-institutional-funds-98b02f9d2e19?so

    Today, Binance, one of the largest cryptocurrency exchanges, announced plans to establish a US$1 billion fund. Ella Zhang, head of Binance Lab, announced in an online conference. Per Techcrunch’s report about the fund,“[The] ‘Community Influence’ fund, which will be denominated in Binance’s BNB coin, will be aimed at nascent startups and also funds themselves…Binance is looking to back funds with at least $100 million in capital and, of course, a focus on blockchain and crypto. The firm will also launch a Binance Ecosystem Fund which it said will include 20 partners. [Previously], it led a $30 million investment in MobileCoin — a startup that’s advised by Moxie Marlinspike, the founder of encrypted messaging app Signal and Open Whisper Systems — and it is establishing an incubator that will (...)

  • LibreSignal
    https://fdroid.eutopia.cz

    Why have Signal, TextSecure and RedPhone been renamed?

    Moxie Marlinspike apparently doesn’t like the idea of independent builds of TextSecure and RedPhone so much, that he started with legal threats on Twitter. Independent builds of TextSecure have been therefore renamed to TextLibre and RedPhone to PhoneLibre.

    Latest TextSecure for Android has been merged with RedPhone and is now Signal. Independent builds of Signal have been renamed to LibreSignal.

    Application IDs are still the same, so you will not lose data after upgrade.
    Motivation

    My primary motivation for creating this repository has been the absence of TextSecure private messenger from the official F-Droid repository. TextSecure has already been included in F-Droid for a brief time in the past, but Moxie Marlinspike (author of TextSecure) didn’t like this and demanded it to be removed. TextSecure is Free Software (licensed under GPL), so F-Droid maintainers didn’t have to remove it, but nevertheless they did.

    There has been big discussion about it (issue #127), but simply told, Moxie is not open to arguments and wants TextSecure to be distributed only via Google Play. He already locked this discussion. This is unacceptable for me, because applications installed from Google Play can be silently updated without user knowing about it, e.g. to version with hidden backdoor.

    TextSecure still needs Google Play Services (because it uses Google Cloud Messaging), but you don’t need Google Account and Google Play cannot silently update app that has been installed outside of Google Play store. Hopefully in the future, it will be possible to use official TextSecure client without Google Play Services (see issue #1000 - Websocket support, unfortunately Moxie also locked this discussion).

    For now there is unofficial TextSecure fork by JavaJens, which already uses WebSocket instead of GCM and therefore doesn’t need Google Play Services. You can install it from my experimental F-Droid repository.

    Signal (aka TextSecure), développé par Open Whisper System, est une application centralisée de messagerie instantanée très similaire à Whatsapp dans son fonctionnement. Mais l’application et le serveur sont libres et open-source. De plus, les clients intègrent by design un chiffrement de bout en bout. Ce qui en fait l’application de messagerie instantanée la plus aboutie, facile d’utilisation par n’importe qui et avec à priori un bon niveau de confidentialité.

    Cependant l’application officielle de Signal pour Android dépend du service de notification Google Cloud Messaging. Ce service nécessite l’installation de la bibliothèque Google Play Service sur son mobile, qui elle n’est pas open-source.

    LibreSignal est un fork de Signal débarrassé de la dépendance à Google Cloud Messaging. Il repose sur les websockets (implémentés par le serveur officiel). Il permet ainsi de communiquer avec l’ensemble des utilisateur de Signal, même ceux ayant (pas) choisi l’installation du mouchard Google ou ceux utilisant iOS.

    Pour l’utilisation de SMS chiffrés de bout en bout en rappellera l’existence pour Android de SMSSecure :
    https://smssecure.org
    https://f-droid.org/repository/browse/?fdid=org.smssecure.smssecure
    https://github.com/SMSSecure/SMSSecure

    #Android #Cryptographie #F-Droid #Fork_(développement_logiciel) #Google_Cloud_Messaging #Messagerie_instantanée #Off-the-Record_Messaging #Principe_de_bout-à-bout #Signal #TextSecure

  • Moxie Marlinspike >> Blog >> A Saudi Arabia Telecom’s Surveillance Pitch
    http://www.thoughtcrime.org/blog/saudi-surveillance

    Ce rasta est une « tronche » dans le domaine de la sécurité informatique (https://en.wikipedia.org/wiki/Moxie_Marlinspike). Il livre un témoignage hallucinant de ses discussions avec des contacts saoudiens recherchant ses services pour les aider à surveiller les applications mobiles telles que Twitter Mobile, Whatsapp, Viber, Line.

    Ci-dessous, sa conclusion :

    Really, it’s no shock that Saudi Arabia is working on this, but it is interesting to get fairly direct evidence that it’s happening. More to the point, if you’re in Saudi Arabia (or really anywhere), it might be prudent to think about avoiding insecure communication tools like WhatsApp and Viber (TextSecure and RedPhone could serve as appropriate secure replacements), because now we know for sure that they’re watching.

    • Le cas est évoqué dans l’article ci-dessous, la compagnie Mobility prétend ’ne pas communiquer avec les "hackers"

      Saudi’s Mobily Denies Asking For Help To Spy On Customers » Gulf Business
      http://gulfbusiness.com/2013/05/saudis-mobily-denies-asking-for-help-to-spy-on-customers

      Saudi’s Mobily Denies Asking For Help To Spy On Customers
      A software engineer claimed that the company had asked him to build surveillance tools to intercept customers’ messages on Twitter.

      Saudi Arabia’s No. 2 telecom operator Mobily denied claims by a software engineer that the company had asked him to build surveillance tools to intercept customers’ messages on Twitter and other services.

      Matthew Rosenfield, who uses the pseudonym Moxie Marlinspike, published emails on his blog purporting to be from Mobily which included a request for help in intercepting traffic over applications such as Twitter, Whatsapp, Viber and Line.

      Marlinspike said the company wanted to be able to monitor or block mobile data on these applications and that Mobily had provided him with design documents to produce computer code – known as SSL certificates – that the company could use for interception.

      Marlinspike said on the blog he declined to help.

      Mobily, formally known as Etihad Etisalat and an affiliate of the United Arab Emirates company Etisalat, said the contents of the blog post, which have whipped up a storm of comments on social media, were false.

      “Mobily or its employees never communicated with the author of this blog,” the company said. “Mobily communicates with information security companies only based on legal and lawful requirements. We never communicate with hackers. Moreover, it is not our job to spy on customers.”

      The Saudi telecom regulator issued a vaguely worded directive in March warning that many web-based communication tools such as Whatsapp, an instant messaging service and Viber, a phone and messaging service, broke local laws.

      It ordered the Kingdom’s three operators Mobily, Saudi Telecom Co and Zain Saudi, to ensure they comply. The regulator, the Communications and Information Technology Commission (CITC), did not say which laws it was referring to.

      CITC has not said how long operators would be given to adhere to the rules or what action would be taken if they failed to do so.

      However, local media have reported that telecom companies had been asked to tell CITC whether they were able to monitor such applications.

      CITC was not immediately available for comment on Wednesday.

      Marlinspike is the co-founder of Whisper Systems, a company that makes software to improve security and privacy for smartphones and other mobile devices and which was acquired by Twitter in 2011.

      In an email to Reuters, Marlinspike said he thought Mobily contacted him because of his expertise in SSL certificates.

      He declined to provide copies of the emails purported to be from Mobily. His blog states he received emails from Yasser D. Alruhaily, executive manager of the Network & Information Security Department at Mobily.

      A Yasser Alruhaily is listed on social networking website Yatedo with a similar job title.