person:moxie marlinspike

Binance’s $1bn fund and its first step into institutional investing
▻https://hackernoon.com/binances-1bn-fund-and-its-foray-into-institutional-funds-98b02f9d2e19?so

https://cdn-images-1.medium.com/proxy/1*bpwLHuOZyFX-_HI7o20ZVw.png

Today, Binance, one of the largest cryptocurrency exchanges, announced plans to establish a US$1 billion fund. Ella Zhang, head of Binance Lab, announced in an online conference. Per Techcrunch’s report about the fund,“[The] ‘Community Influence’ fund, which will be denominated in Binance’s BNB coin, will be aimed at nascent startups and also funds themselves…Binance is looking to back funds with at least $100 million in capital and, of course, a focus on blockchain and crypto. The firm will also launch a Binance Ecosystem Fund which it said will include 20 partners. [Previously], it led a $30 million investment in MobileCoin — a startup that’s advised by Moxie Marlinspike, the founder of encrypted messaging app Signal and Open Whisper Systems — and it is establishing an incubator that will (...)

LibreSignal
▻https://fdroid.eutopia.cz

Why have Signal, TextSecure and RedPhone been renamed?

Moxie Marlinspike apparently doesn’t like the idea of independent builds of TextSecure and RedPhone so much, that he started with legal threats on Twitter. Independent builds of TextSecure have been therefore renamed to TextLibre and RedPhone to PhoneLibre.

Latest TextSecure for Android has been merged with RedPhone and is now Signal. Independent builds of Signal have been renamed to LibreSignal.

Application IDs are still the same, so you will not lose data after upgrade.
Motivation

My primary motivation for creating this repository has been the absence of TextSecure private messenger from the official F-Droid repository. TextSecure has already been included in F-Droid for a brief time in the past, but Moxie Marlinspike (author of TextSecure) didn’t like this and demanded it to be removed. TextSecure is Free Software (licensed under GPL), so F-Droid maintainers didn’t have to remove it, but nevertheless they did.

There has been big discussion about it (issue #127), but simply told, Moxie is not open to arguments and wants TextSecure to be distributed only via Google Play. He already locked this discussion. This is unacceptable for me, because applications installed from Google Play can be silently updated without user knowing about it, e.g. to version with hidden backdoor.

TextSecure still needs Google Play Services (because it uses Google Cloud Messaging), but you don’t need Google Account and Google Play cannot silently update app that has been installed outside of Google Play store. Hopefully in the future, it will be possible to use official TextSecure client without Google Play Services (see issue #1000 - Websocket support, unfortunately Moxie also locked this discussion).

For now there is unofficial TextSecure fork by JavaJens, which already uses WebSocket instead of GCM and therefore doesn’t need Google Play Services. You can install it from my experimental F-Droid repository.

Signal (aka TextSecure), développé par Open Whisper System, est une application centralisée de messagerie instantanée très similaire à Whatsapp dans son fonctionnement. Mais l’application et le serveur sont libres et open-source. De plus, les clients intègrent by design un chiffrement de bout en bout. Ce qui en fait l’application de messagerie instantanée la plus aboutie, facile d’utilisation par n’importe qui et avec à priori un bon niveau de confidentialité.

Cependant l’application officielle de Signal pour Android dépend du service de notification Google Cloud Messaging. Ce service nécessite l’installation de la bibliothèque Google Play Service sur son mobile, qui elle n’est pas open-source.

LibreSignal est un fork de Signal débarrassé de la dépendance à Google Cloud Messaging. Il repose sur les websockets (implémentés par le serveur officiel). Il permet ainsi de communiquer avec l’ensemble des utilisateur de Signal, même ceux ayant (pas) choisi l’installation du mouchard Google ou ceux utilisant iOS.

Pour l’utilisation de SMS chiffrés de bout en bout en rappellera l’existence pour Android de SMSSecure :
▻https://smssecure.org
▻https://f-droid.org/repository/browse/?fdid=org.smssecure.smssecure
▻https://github.com/SMSSecure/SMSSecure

#Android #Cryptographie #F-Droid #Fork_(développement_logiciel) #Google_Cloud_Messaging #Messagerie_instantanée #Off-the-Record_Messaging #Principe_de_bout-à-bout #Signal #TextSecure

Moxie Marlinspike >> Blog >> A Saudi Arabia Telecom’s Surveillance Pitch
▻http://www.thoughtcrime.org/blog/saudi-surveillance

http://www.thoughtcrime.org/images/portrait-mini.jpg

Ce rasta est une « tronche » dans le domaine de la sécurité informatique (►https://en.wikipedia.org/wiki/Moxie_Marlinspike). Il livre un témoignage hallucinant de ses discussions avec des contacts saoudiens recherchant ses services pour les aider à surveiller les applications mobiles telles que Twitter Mobile, Whatsapp, Viber, Line.

Ci-dessous, sa conclusion :

Really, it’s no shock that Saudi Arabia is working on this, but it is interesting to get fairly direct evidence that it’s happening. More to the point, if you’re in Saudi Arabia (or really anywhere), it might be prudent to think about avoiding insecure communication tools like WhatsApp and Viber (TextSecure and RedPhone could serve as appropriate secure replacements), because now we know for sure that they’re watching.