Fort Knox: Encrypted calls, SMS and chat hosted out of Iceland

[vonstauff]

To all open source, decentralized, privacy minded bitcoin lovin cryptogeeks out there:

There's a new encrypted communications service hosted out of Iceland that I started using with some friends last week. So far, I'm loving it.
They offer encrypted phone calls, SMS and chat with file transfers for Android based smartphones. I have a buddy that only uses iPhones, and even he was able to use their secure service.

The best part is they don't seem interested in collecting your private info unlike most other companies out there. And that's a refreshing change. All you need to give them is an email address.

And, of course, they accept Bitcoins and Litecoins, among other payment options.

If anyone's interested in protecting their privacy and preserving anonymity, check them out at https://www.fortknox.is

I've emailed them and asked if they would consider a special discount for the bitcoin community since it fits in well with their service.
Hopefully I'll get back a positive response soon. If so I'll post the info here.

[1715024452]

1715024452

[1715024452]

1715024452

[empoweoqwj]

And how do we know we can trust them? Not being cynical, just every seems to be funded by the NSA these days

[digititus]

so, ZRTP phone calls and Jabber/OTR, all of which are already free to use (OSTEL.co or Redphone) and and a plethora of free Jabber services. Why would I pay for this? i'm not against such services, i just don't see the 'value.'

Too much use of words 'military' and 'weapon.' Grow up people. This is communications your selling, not a war.

[empoweoqwj]

so, ZRTP phone calls and Jabber/OTR, all of which are already free to use (OSTEL.co or Redphone) and and a plethora of free Jabber services. Why would I pay for this? i'm not against such services, i just don't see the 'value.'

Too much use of words 'military' and 'weapon.' Grow up people. This is communications your selling, not a war.

Sounds like the OP is "connected" to the service as well .... reads like a press release.

[vonstauff]

so, ZRTP phone calls and Jabber/OTR, all of which are already free to use (OSTEL.co or Redphone) and and a plethora of free Jabber services. Why would I pay for this? i'm not against such services, i just don't see the 'value.'

Too much use of words 'military' and 'weapon.' Grow up people. This is communications your selling, not a war.

Sounds like the OP is "connected" to the service as well .... reads like a press release.

No, I'm not "connected" to the service. I'm simply a user. I couldn't care less if anyone signs up or not.

As for the value question, I agree that technically savvy people can probably roll their own infrastructure. But remember that 99% of the people out there are not technically savvy, which is why it's great to see these services popping up to make them accessible to the other 99% that have no privacy protections.
The fact that it is open source means, to me, that you don't have to blindly trust them like all other commercial "secure communications" offerings out there. You can actually inspect the source code yourself if you have the necessary technical skills.

[digititus]

But remember that 99% of the people out there are not technically savvy.......
You can actually inspect the source code yourself if you have the necessary technical skills........

Non-tech savvy can inspect the source code?? 
Why would you have to 'roll your own' service, when there are already others providing the same services for free?

[vonstauff]

But remember that 99% of the people out there are not technically savvy.......
You can actually inspect the source code yourself if you have the necessary technical skills........

Non-tech savvy can inspect the source code?? 
Why would you have to 'roll your own' service, when there are already others providing the same services for free?

The non-tech savvy can have someone they trust and know vet the code for them. Obviously they can't do it themselves.
Regarding rolling your own, what makes you trust the free services more than the commercial ones? Because in the final analysis it always boils down to trust. If you don't trust their service (doesn't matter if it's free or commercial), your only option is to roll you own. Provided you know how, of course.

There's obviously a market for these services or else how do you explain the success of a company like Silent Circle? (which is American, by the way...and still it seems many people are willing to pay for privacy even though there are comparable free services, as you point out)

[digititus]

With ZRTP and Jabber/OTR, you don't need to trust the operators. They merely act as a conduit for data.
I didn't say I didn't trust this new service (I know nothing about them). It appears I wouldn't need to trust them (see above). Just pointing out that the same services are already provided by "trusted" organizations (Guardian Project for example) for "free." The eye rolling was for the contradiction. Non-tech savy source code inspectors. That just made me laugh.

Silent circle does provide a very similar service, but is run and backed by trusted individuals, some of whom created the crypto used in these services. They also provide a robust data service required to operate a 'professional' service. Fort Knox have no trust or experience to compare.

Think I'll stick with my free services 

[moni3z]

If anybody's interested you can run your own Ostel server in Iceland, with VPN encrypted connections so the SRTP encrypted calls are tunneled directly to the relay servers and to whoever you are calling (who also has the same custom app compiled to use your server) that way you have encrypted padding on the SRTP calls and it would make it difficult to find out who is calling who though of course local carriers can just look for any persistent VPN connections to IS though that's not clear evidence you're calling each other.

Even though you technically don't have to worry about a middle man service listening in with end-to-end encryption, you do need to worry about what kind of app these guy's are using (no info given), does it allow remote updates, is their crypto engineering sound or full of holes, is there a MITM going on to monitor metadata of calls to see who is talking to who, and finally is my entire phone platform secure because there's no point in spending a lot of money on secure voIP when any federal or criminal malware can get into the baseband or application platform and monitor silently before the app even has a chance to encrypt the voice or message.

After crypto.cat mess, and the auditing of all Android Gstore apps that found 80% of them using flawed engineering you should ask these questions before trusting anything. Personally I would just use regular free Ostel servers, building my own client provided by their source without modifications and then purchase a persistant VPN to multiple different countries/regions so whoever is in your superleague of evil they all show different connections and local carriers cannot do any meta analysis. The Ostel servers themselves act as a sort of mix, with connections being relayed/bounced it would be difficult to prove who is calling who as they just see half a million connections being bounced everywhere. Same goes for Redphone, although you have to use a real phone number for Redphone meaning if somebody in your league of evil is caught their address book gives up the entire network whereas Ostel uses aliases.

Moxie has also looked over Ostel/Guardian app code, and Matthew Green and others so at least somebody credible has casually reviewed it. As for Gibberbot I would not use a jabber server that wasn't .onion because of TLS being a stack of complex shit. It would be better to pin the certs of your own jabber server to the app or even better just torify your own XMPP server implementation on a VPS somewhere. Orbot (Tor in Android store) has pretty seamless integration with Gibberbot or Chatsecure whatever they call it now.

[vonstauff]

Nice post moni3z. 

That's a lot of information you provide there. You seem to confirm my previous assertion that if you're technically savvy you don't need to pay for these types of services because you can roll your own.
I was thinking of an analogy for the bricks and mortar world. I thought of the clothes analogy: While theoretically it would be much cheaper if we would all just make our own clothes from cloth we buy in the flea market, the reality is that most people are happy to pay a professional to do it for them so all they have to worry about is wearing the clothes, not making them. I think the analogy applies here too. You could (theoretically, if you have moni3z's know how) set up your own secure network and applications, or you could just buy the same service from others. It's a question of talent, money, time and personal choice.

Anyway, if anyone is interested, the FortKnox guys replied to my email and have authorized me to share their coupon code with the bitcoin community.
If you use the coupon code satoshi at checkout, you'll get 15% off all products, on top of whatever other discounts they already offer.

[empoweoqwj]

Nice post moni3z. 

That's a lot of information you provide there. You seem to confirm my previous assertion that if you're technically savvy you don't need to pay for these types of services because you can roll your own.
I was thinking of an analogy for the bricks and mortar world. I thought of the clothes analogy: While theoretically it would be much cheaper if we would all just make our own clothes from cloth we buy in the flea market, the reality is that most people are happy to pay a professional to do it for them so all they have to worry about is wearing the clothes, not making them. I think the analogy applies here too. You could (theoretically, if you have moni3z's know how) set up your own secure network and applications, or you could just buy the same service from others. It's a question of talent, money, time and personal choice.

Anyway, if anyone is interested, the FortKnox guys replied to my email and have authorized me to share their coupon code with the bitcoin community.
If you use the coupon code satoshi at checkout, you'll get 15% off all products, on top of whatever other discounts they already offer.

Keep up with the sales pitch ..... even though you have no connection with the seller as you said