Encryption

CallProtector – Secured Encrypted Voice Calls Hopefully…

Ed: Todays pitch is a fundamentally great idea, however the thing that would scare the hell out of me if I were one of the target customers is the fact that you just can’t know if a provider and their app really has the security smarts they claim.

While this level of security in the hands of individuals may be used for nefarious business, there is also a legitimate use case to evade malicious Nation States who would seek to repress reporters and activists.

I guess what qualifies as a Malicious Nation State is actually just a matter of perspective, all States are malicious to someone.

Encrypting voice calls is in fact the ultimate mission critical security application for a reporter or political activist, if you get this wrong a knock at the door will come in the middle of the night.

Normally the first rule in security is don’t let anyone know anything about how your security strategy, technology and end points, however for marketing purposes this team has chosen to publicise the encryption and security methods they use.

I guess keeping quiet about their security stack isn’t going to help them in the case of a persistent attack from a nation state however I find it a little disturbing that they think this is a good idea to be very specific about their methods.

I note a few weird things about the company, it has both an English and German site, but is located in Monkok in Hong Kong and interesting location given the proximity to China and the fact that there is no constitutional or rule of law certainties.

Also the English is not fantastic on the page, there are spelling and grammar errors.

call-protect-text

It gets a little more disturbing, they list the use of 521 bit encryption (this is an odd/strange number, you would normally expect a multiple of 8 ie 512 bit) which as far as I could tell was not one of the listed key sizes on the Wikipedia entry for AES256.

Not to say that this isn’t a legitimate company and product, but I have to say that if the web copy is sloppy or factually incorrect there is no way I would trust my life to these guys and their security.

 

Startup Name CallProtector
What problem are you solving? Companies/journalists can communicate worldwide over their phones without being scared of someone listening to them.
What is your solution? We are encrypting your voice data with an algorithm for top secret military communication. Be safe on iOS and Android.
Target Market Companies, journalists
How will you make money? Subscriptions/Advertisement
Tell us about the market & founders, why is this a great opportunity? We are a young team of 2 developers from Austria who are normally developing enterprise applications for big companies. While developing for them we often got asked how to securely communicate on their iOS or Android devices. There was no good solution so we decided to develop one and 3 years later we are here.
Founders Names Michael Lukas
What type of funding has the company received? Bootstrap
Website https://www.callprotect.me/
Twitter Handle @CallProtector
[lc-response-form id=1]

Venux – Encrypted Comms Channels + Secure Storage

Regular readers will recall, I am keen for solutions which offer private citizens the option to protect themselves against hackers and their own Governments. Venux is offering both a person to person secure comms channel and secure file storage.

While Im keen on these solutions I wonder how a consumer assures themselves that the service they use is secure, merely using a service like this would seem to be like using a big honeypot where every hacker both private and State based would be trying to attack the users and the platform.

This sort of service is required, especially when constitutional protections or implied rights to privacy have no meaning anymore, we tend to think of hostile Governments being a developing world issue, but increasingly its a Western world problem as well.

If you want to understand why you need a service like this, look at the Fortinet World Threat Map and see the constant barrage of hacking attacks in real time.

Startup Name Venux
What problem are you solving? A big issue is the security and privacy of personal information. Reports of hack attacks and data breaches are constantly on the news. As the amount of digital data in the universe is growing, vulnerability of unencrypted data is growing. Another issue is the complexity of modern OS architecture which produces compatibility and stability issues, creates a loss in performance, and leaves systems vulnerable to attacks.
What is your solution? All of Venux’s products are based on their completely secure Venux Platform. Optimized to increase performance, the simple architecture makes it standards compliant, extremely efficient, lightweight, responsive and virus-free. The user interface design is intuitive and beautifully executed. The tools you use to browse the web, organize your files, play and share your media, communicate and collaborate have a simple, elegant and integrated look.
Target Market Venux will target anybody that does computing, with a particular focus on those who are seeking digital privacy. Anybody who communicates online, stores digital data, and shares information with others is always at risk, and therefore this segment will be the group that will benefit most from the company’s easy-to-use, all-in-one solution for daily computing.
How will you make money? We will employ the pay-as-you-go and add-on business models. Add-ons expand program functionality while bringing additional revenue streams. Our Add-ons are also competitively priced. The pay-as-you-go model gives users the freedom to make purchases only when they need to without any contracts. Customers can freely use the software and satisfied customers lead to word-of-mouth bringing in additional revenue.
Tell us about the market & founders, why is this a great opportunity? Venux doesn’t store user credentials or personal information and doesn’t use databases or servers. Venux will not have to store important information due to the Company’s proprietary technology, H.I.P.S.™. The Company’s unique encryption service hides information in plain sight, diminishing potential liabilities. Also, Venux offers AVPN (Anonymous Virtual Private Network) that serves competitive advantages in the market.
Founders Names Vlad Kruglyanky, Eugene Nosko
What type of funding has the company received? Angel
Website https://venux.com
Twitter Handle @venux_software
[lc-response-form id=1]

goTenna – Is this the beginning of NSA proof personal comms networks?

 

goTenna is a new class of internet-less comms device that doesn’t need the internet or the mobile phone network to communicate.

Launched in a pre-sales mode with two devices for $149 while they undergo FCC certification, it has managed to gain a massive media coverage in a few days.

goTenna3

goTenna3

gotenna 4

gotenna 4

goTenna

goTenna

There is an App which allows you to connect your mobile to your goTenna and talk to another or many goTenna users and features RSAS 1024 bit encryption and an option for your messages to self destruct (this is not your fathers Maxwell Smart self destructing device).

When you sign up you get the option to use your phone number or a randomly generated private user ID and here is where it gets interesting.

Maybe I have been watching too many US police shows but with a range of approximately 50 miles goTenna is a point to point encrypted comms solution which, if you ask me, looks like a great way to dodge NSA or police snooping by completely bypassing the existing networks (and their NSA collection points) and using encrypted RF to communicate directly.

Gotenna-Map.png

Although their pitch is aimed at Festival and concert goers where the existing network is overwhelmed and at Campers, hikers, skiers, boarders and bikers who spend a lot of time in remote wilderness (with the possibility of injury), if I was a sceptic I would say that this device is crying out to be used by the drug dealers, inside traders and terrorists of the world.

Its attractiveness lies in the fact that its not easy to intercept a point to point connection that bypasses existing comms infrastructure, especially if the system has been built to avoid being tracked.

If you are going to tap someones phone, you need to gain access to the infrastructure that carries the signal, this is conveniently available via the carriers, just take a firehose feed off at the exchange or switch, but if you use a solution that bypasses the carriers and carry out point to point transmission then the snooper has to firstly identify where you physically are (they have to be in range) and secondly be able to detect which transmission in a public spectrum is yours and thirdly decrypt it. This is not trivial.

Not to say that this is impossible for NSA spooks but it makes it tough to pin down when potentially you are on the move, you have no connection to the existing network, all the things that make you trackable in a normal situation.

Given there is a broadcast to all within range option, potentially this could also be used to trigger alerts to non identified listeners, so the receiving end point doesn’t even have to join the conversation, just receives a message (albeit unencrypted).

This feature is very good for the sporting types, especially if they fall down in the wilderness and need help.

I like the idea of a device that allows US citizens to exercise their constitutional rights without fear of being spied on by their own Government however you have to think that merely buying one would put you on a watch list and that most of their potential customers probably don’t own a snowboard and have never been past their city limits.