Open Whisper Systems

This article is about an open-source software project. For the Twitter subsidiary, see Whisper Systems.
Open Whisper Systems
Mission statement Our mission is to make private communication simple.[1]
Commercial? No[2]
Type of project Free and open-source software, Encryption software, Mobile software
Products RedPhone, Signal, TextSecure
Location San Francisco, CA
Owner Supported and owned by community[1]
Founder Moxie Marlinspike[3]
Key people Moxie Marlinspike, Christine Corbett Moran, Frederic Jacobs, Jake McGinty, Tyler Reinhard, Lilia Kai, Rhodey Orbits[1][4]
Established 21 January 2013
Funding Grants and donations
Website whispersystems.org

Open Whisper Systems is a nonprofit software group[3] that develops collaborative open source projects with a mission to "make private communication simple".[1] The group was established in 2013 and consists of a small team of dedicated grant-funded developers, as well as a large community of volunteer open source contributors.[1] Open Whisper Systems is funded by a combination of donations and grants, and all of its products are published as free and open-source software under the terms of the GNU General Public License (GPL) version 3.

History

Background

Security researcher Moxie Marlinspike and roboticist Stuart Anderson co-founded a startup company called Whisper Systems in 2010.[5][6] The company produced proprietary enterprise mobile security software. Among these were TextSecure and RedPhone.[7] They also developed a firewall and tools for encrypting other forms of data.[5]

In November 2011, Whisper Systems announced that it had been acquired by Twitter. The financial terms of the deal were not disclosed by either company.[8] Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.[9] Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the 2011 Egyptian revolution.[10]

Twitter released TextSecure as free and open-source software under the GPLv3 license in December 2011.[5][11][12][13] RedPhone was also released under the same license in July 2012.[14] Marlinspike later left Twitter and founded Open Whisper Systems.[2]

Establishment

Open Whisper Systems' website was launched in January 2013.[15]

In his keynote speech at SXSW 2014, NSA leaker Edward Snowden praised Open Whisper Systems' applications for their ease-of-use.[16]

Toward the end of July 2014, Open Whisper Systems announced Flock, a private contact and calendar cloud sync, and plans to unify its RedPhone and TextSecure applications as Signal.[17] These announcements coincided with the initial release of Signal as a RedPhone counterpart for iOS.

In October 2014, the Electronic Frontier Foundation (EFF) included TextSecure, RedPhone, and Signal in their updated surveillance self-defense guide.[18] In November 2014, all three received top scores on the EFF's secure messaging scorecard, along with Cryptocat, Silent Phone, and Silent Text.[19]

On November 18, 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the protocol used in TextSecure into each WhatsApp client platform.[20] Open Whisper Systems asserted that they have already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon.[21] WhatsApp confirmed the partnership to reporters, but there was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined.[22]

On December 28, 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed RedPhone on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[23][24]

In March 2015, Open Whisper Systems released Signal 2.0 with support for TextSecure private messaging on iOS.[25][26]

Funding

Open Whisper Systems is funded by a combination of donations and grants. The project has received financial support from, among others, the Freedom of the Press Foundation,[27] the Knight Foundation,[28] the Shuttleworth Foundation,[29] and the Open Technology Fund,[30] a U.S. government program that has also funded other privacy projects like the anonymity software Tor and the encrypted instant messaging application Cryptocat.

Open Whisper Systems uses an automated system called BitHub to distribute small donations appropriately among contributors. The system "accepts Bitcoin donations and allocates them into a single pool of funds" and "distributes the Bitcoin donations from that pool to anyone who commits to [Open Whisper Systems'] repositories".[31][32]

Active projects

AxolotlKit

AxolotlKit is a free implementation of the Axolotl encryption protocol. It is designed to be a drop-in library that can be easily integrated into existing projects. The implementation is written in Objective-C and is publisher under the GPLv2 license.[33]

BitHub

BitHub is a service that will automatically pay a percentage of Bitcoin funds for every submission to a GitHub repository.[34]

Flock

Flock is a service that syncs calendar and contact information on Android devices. Users have the ability to host their own server. The software is published under the GPLv3 license.[35]

RedPhone

RedPhone

RedPhone is a free and open-source encrypted voice calling application for Android. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to set up an end-to-end encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and uses push notifications to preserve the user's device's battery life while still remaining responsive.[36] RedPhone calls are compatible with Signal calls on iOS.[2] All calls are made over a Wi-Fi or data connection and are free of charge, including long distance and international.[32]

All RedPhone calls to other RedPhone users and to Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the user's communications are generated and stored at the endpoints (i.e. by users, not by servers). The encryption implements forward secrecy.[19]

RedPhone and Signal have a built-in mechanism for verifying that no man-in-the-middle attack has occurred. During a call, the apps display two words on the screen. If the words match on both ends of the call, the call is secure.[32][37]

The software is published under the GPLv3 license.[36]

Signal

Main article: Signal (software)
Signal

Signal is a free and open-source encrypted voice calling and instant messaging application for iOS. Signal communications are compatible with RedPhone and TextSecure on Android. It uses end-to-end encryption with forward secrecy and deniable authentication to secure all communications to Signal, RedPhone, and TextSecure users.[26][19]

Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize latency.[2]

The software is published under the GPLv3 license.[38]

TextSecure

Main article: TextSecure
TextSecure

TextSecure is a free and open-source encrypted messaging application for Android.[39][40] TextSecure can be used to send and receive SMS, MMS, and instant messages.[41] TextSecure instant messages are compatible with Signal messages on iOS. It uses end-to-end encryption with forward secrecy and deniable authentication to secure all instant messages to TextSecure and Signal users.[40][42][43][19]

The software is published under the GPLv3 license.[39]

TextSecure-Server

TextSecure-Server is the software that handles message routing for the TextSecure data channel.

Client-server communication is protected by TLS.[44] Communication is handled by a REST API and push messaging (both GCM and APN).[45] Support for WebSocket has been added.[46]

The software is published under the AGPLv3 license.[45]

See also


References

  1. 1.0 1.1 1.2 1.3 1.4 Open Whisper Systems. "Open Whisper Systems". Retrieved 2015-05-01.
  2. 2.0 2.1 2.2 2.3 Andy Greenberg (29 July 2014). "Your iPhone Can Finally Make Free, Encrypted Calls". Wired. Retrieved 18 January 2015.
  3. 3.0 3.1 Franceschi-Bicchierai, Lorenzo (18 November 2014). "WhatsApp messages now have Snowden-approved encryption on Android". Mashable. Retrieved 23 January 2015.
  4. Open Whisper Systems. "People". GitHub. Retrieved 24 January 2015.
  5. 5.0 5.1 5.2 Garling, Caleb (2011-12-20). "Twitter Open Sources Its Android Moxie | Wired Enterprise". Wired.com. Retrieved 2011-12-21.
  6. "Company Overview of Whisper Systems Inc.". Bloomberg Businessweek. Retrieved 2014-03-04.
  7. Andy Greenberg (2010-05-25). "Android App Aims to Allow Wiretap-Proof Cell Phone Calls". Forbes. Retrieved 2014-02-28.
  8. Tom Cheredar (November 28, 2011). "Twitter acquires Android security startup Whisper Systems". VentureBeat. Retrieved 2011-12-21.
  9. Andy Greenberg (2011-11-28). "Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems". Forbes. Retrieved 2011-12-21.
  10. Garling, Caleb (2011-11-28). "Twitter Buys Some Middle East Moxie | Wired Enterprise". Wired.com. Retrieved 2011-12-21.
  11. Chris Aniszczyk (20 December 2011). "The Whispers Are True". The Twitter Developer Blog. Twitter. Archived from the original on 24 October 2014. Retrieved 22 January 2015.
  12. "TextSecure is now Open Source!". Whisper Systems. 20 December 2011. Archived from the original on 6 January 2012. Retrieved 22 January 2015.
  13. Pete Pachal (2011-12-20). "Twitter Takes TextSecure, Texting App for Dissidents, Open Source". Mashable. Retrieved 2014-03-01.
  14. "RedPhone is now Open Source!". Whisper Systems. 18 July 2012. Archived from the original on 31 July 2012. Retrieved 22 January 2015.
  15. "A New Home". Open Whisper Systems. 2013-01-21. Retrieved 2014-03-01.
  16. Max Eddy (11 March 2014). "Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff". PC Magazine: SecurityWatch. Retrieved 2014-03-16.
  17. "Free, Worldwide, Encrypted Phone Calls for iPhone". Open Whisper Systems. 29 July 2014.
  18. "Surveillance Self-Defense. Communicating with Others". Electronic Frontier Foundation. 2014-10-23.
  19. 19.0 19.1 19.2 19.3 "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 2014-11-04.
  20. Jon Evans (2014-11-18). "WhatsApp Partners With Open Whisper Systems To End-To-End Encrypt Billions Of Messages A Day". TechCrunch. Retrieved 2014-11-19.
  21. "Open Whisper Systems partners with WhatsApp to provide end-to-end encryption". Open Whisper Systems. November 18, 2014. Retrieved November 18, 2014.
  22. "Facebook’s messaging service WhatsApp gets a security boost". Forbes. 18 Nov 2014. Retrieved 21 Nov 2014.
  23. SPIEGEL Staff (28 December 2014). "Prying Eyes: Inside the NSA's War on Internet Security". Der Spiegel. Retrieved 23 January 2015.
  24. "Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" (PDF). Der Spiegel. 28 December 2014. Retrieved 23 January 2015.
  25. Micah Lee (2015-03-02). "You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone". The Intercept. Retrieved 2015-03-03.
  26. 26.0 26.1 Megan Geuss (2015-03-03). "Now you can easily send (free!) encrypted messages between Android, iOS". Ars Technica. Retrieved 2015-03-04.
  27. "Open Whisper Systems". Freedom of the Press Foundation. Retrieved 18 January 2015.
  28. "TextSecure". Knight Foundation. Retrieved 5 January 2015.
  29. "Moxie Marlinspike". Shuttleworth Foundation. Retrieved 14 January 2015.
  30. "Projects". Open Technology Fund. Retrieved 14 January 2015.
  31. Marlinspike, Moxie (16 December 2013). "BitHub = Bitcoin + GitHub. An experiment in funding privacy OSS.". Open Whisper Systems. Retrieved 23 January 2015.
  32. 32.0 32.1 32.2 Jon Evans (29 July 2014). "Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone". TechCrunch. AOL.
  33. Open Whisper Systems. "AxolotlKit". GitHub. Retrieved 1 April 2015.
  34. Open Whisper Systems. "BitHub". GitHub. Retrieved 14 January 2015.
  35. Open Whisper Systems. "Flock". GitHub. Retrieved 14 January 2015.
  36. 36.0 36.1 Open Whisper Systems. "RedPhone". GitHub. Retrieved 14 January 2015.
  37. "Exactly how does Zfone and ZRTP protect against a man-in-the-middle (MiTM) attack?". The Zfone Project. Retrieved 25 January 2015.
  38. Open Whisper Systems. "Signal-iOS". GitHub. Retrieved 14 January 2015.
  39. 39.0 39.1 Open Whisper Systems. "TextSecure". GitHub. Retrieved 26 February 2014.
  40. 40.0 40.1 Molly Wood (19 February 2014). "Privacy Please: Tools to Shield Your Smartphone". The New York Times. Retrieved 26 February 2014.
  41. DJ Pangburn (3 March 2014). "TextSecure Is the Easiest Encryption App To Use (So Far)". Motherboard. Retrieved 14 March 2014.
  42. Moxie Marlinspike (24 February 2014). "The New TextSecure: Privacy Beyond SMS". Open Whisper Systems. Retrieved 26 February 2014.
  43. Martin Brinkmann (24 February 2014). "TextSecure is an open source messaging app with strong security features". Ghacks Technology News. Retrieved 26 February 2014.
  44. Frosch, Tilman; Mainka, Christian; Bader, Christoph; Bergsma, Florian; Schwenk, Jörg; Holz, Thorsten. "How Secure is TextSecure?" (PDF). Horst Görtz Institute for IT Security, Ruhr University Bochum. Retrieved 4 November 2014.
  45. 45.0 45.1 Open Whisper Systems. "TextSecure-Server". GitHub. Retrieved 22 April 2015.
  46. Open Whisper Systems. "Why do I need Google Play installed to use TextSecure on Android?". Retrieved 2014-03-13.

External links

Wikimedia Commons has media related to Open Whisper Systems.