Silent Circle – Military Level Encryption Brought to Your Phone

My phone started to ring. Was it really who I thought it was? The display said that the connection was secure but I had to be certain. We verbally verified that we were seeing the same two random words (secure authentication string) on our phones.

“skydive amulet”

The green “Secure” text appeared so we knew there was no one listening. This technology isn’t just for spooks. This is a $20 a month service you can sign up for today.

Yesterday, an app for the iPhone (Android coming soon) was released that promised to protect your privacy when calling and sending texts. Silent Circle uses TLS and ZRTP protocols to encrypt packets of your phone call across the Internet making each call secure.

http://youtu.be/txISfd-pROo

It costs $20 a month (with different plans available) and all of the data from your phone goes through a custom built encrypted network, the Silent Network, providing you with a secure line.  Check out their site for a full rundown on the capabilities of the Silent Network.

The Silent Phone app handles the call side while Silent Text app encrypts and secures your text messages. In the Silent Text app, you’re even able to set a duration for the visibility of that specific text. Once it hits the time you designate, the message “burns” and disappears.

Silent Circle is  careful to spell out what they do and don’t do. Of course, it’s worth noting that you have to use your best judgement when using the apps. If you are in a public place, people can still eavesdrop on your conversation.

While we are still trying out the app, the one thing that caught my eye is that the iOS app isn’t made for the larger screen of the iPhone 5. That’s probably just a problem for early adopters but it’s something I noticed right off the bat.

Does it Really Work?

While we consider ourselves a fairly techy crew at ITS, some of the specifics with this app and network are a bit foreign to us. We asked someone with more security knowledge to weigh in on Silent Circle:

“It’s a proprietary system, which means that nobody knows the real workings of it. The only choice is to trust that the company does what they claim they do, never makes any mistakes and always does the right thing. For a piece of software that is just a fun toy, that may ok, but for security software, it’s unacceptable.” As the Free Software Foundation said, “Proprietary security software is an oxymoron — if the user is not fundamentally in control of the software, the user has no security.” [0]

Furthermore: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.”[1]

[0] https://www.fsf.org/blogs/community/dear-microsoft-fsf.org-is-not-a-gambling-site
[1] https://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity

Until we get some further time behind this app to test it, we leave you with this appropriate web comic from XKCD:

Update: Some questionable practices have been brought up that are worth your time to read. Follow along through this comment thread on GitHub for the back and forth conversation.