PGP founder creates secure voice mobile app, bets people will pay for privacy

PGP creator Phil Zimmerman has launched Silent Circle, an encrypted phone-call app for Android and iOS. The service will likely cost $20/month, for which Zimmerman does not apologize: "This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory" (from CNet).

Silent Circle's planned debut comes amid recent polls suggesting that Internet users remain concerned about online data collection (or at least are willing to tell pollsters so), with Facebook topping health insurers, banks, and even the federal government as today's No. 1 privacy threat. Yet even after a decade of startups that have tried to capitalize on these concerns, consumers spending their own money remain consistently difficult to persuade that paying for privacy is worth it.

Zimmermann hopes to overcome this reluctance by offering a set of services designed from the start to be simple to use: encrypted e-mail, encrypted phone calls, and encrypted instant messaging. (Encrypted SMS text messages are eventually planned too.)

Silent Circle | Worldwide Private Encrypted Communications (via O'Reilly Radar)


  1. lol @ ”
    with Facebook …as today’s No. 1 privacy threat. ”

    You put your info into FB, and then want privacy? If you walk down the street nude, you can’t ask people to not look at your ‘privates’.

    1. Since FB is increasingly becoming a requirement for web participation, that should be: If you walk down the street, you can’t ask people to not look at your ‘privates’.

      1. If Facebook is a requirement for web participation, then the concept of privacy itself has been overthrown and we have bigger problems than data collection.

        1. It’s not a requirement but one-by-one apps that you used to be able to sign up with via their own login systems and now becoming FB sign-up only (not even OAUTH2) – Spotify being a case in point.

          Yes, people always have the option not to use them but if Spotify went FB-login only I’d have to seriously think about creating a FB account for the first time.

          1. IMDb, for example, moved its news comments to FB about a year ago and then moved the Daily Poll there a few months back.

          2.  I got really tired of the LA Times telling me “See what news your Facebook Friends are reading today!” after snarfing my Facebook session cookies and checking my FB data (after they switched their commenting system to FB.) 

            I logged out of Facebook, trashed all its cookies, and only connect to it from a separate browser profile in a separate virtual machine now.  And there are a lot of other news sites I don’t use commenting at any more for the same reason.

          3.  Purt sure that if you want Spotify now, you MUST sign in thru FB. You might be like me and those others who signed up early. Now, I would NEVER throw money at Spotify. They signed on with evil.

          4. I’m kind of alarmed how many organizations are willing to outsource control of their webcontent/costumer communications to a single large company…when they can’t export that content and info back out…and one with a terrible track record to boot. It’s a devil’s bargain, and I’ve got a feeling that it’s going to lead to a lot of regrets.

        2. My local police department (Victoria, BC) posts pictures of stolen property in the hopes of returning it to its rightful owner.  They do this via their Facebook page rather than their website.

    2. I can’t even reply to an article in my small town newspaper because I refuse to use FB. So much for freedom of speech.

        1.  So time to boycott FB before it takes over our lives. And don’t get me started on the FB for kids that looms largely in our future.

    3. I don’t use Facebook at all yet Facebook still collects stuff about me via their Like-Buttons spread across the internet. 

      1.  You, good sir, need the Firefox (+Safari and other browsers, too!) extension known as Ghostery.

        1. Yeah, I’m actually not that concerned,  since I already disabled a lot of tracking stuff via proxies and /etc/hosts, but I’m reasonably tech savvy.   Also, tracking by government is still a much more pressing problem and much harder to fight.

          The majority of the users who stay clear of Facebook don’t even know that they can and do get tracked nonetheless.

          1.  “Also, tracking by government is still a much more pressing problem and much harder to fight.”

            Seriously?  You think there’s actually a difference between being tracked by a corporation and being tracked by a government?

            Since corporations are mostly just small governments themselves that require the cooperation of larger governements to even exist, much less do business, I don’t think that you can make a case that there’s much of a difference.  If the government in question demands access to the data that a corporation has on you, they’re going to get it.

    4. I hate stupid, smug answers like this. It amounts to nothing more than “haha, SUCKER!” as a way to dismiss valid criticisms of what facebook is doing and has done. You know what? That people can, will, and have been taken advantage of, that occasionally they fall for a bad deal…that does not make it okay. And people make mistakes. We’re not experts on everything all the time.

      To say nothing of the fact that it’s really easy to say it when you came late to the game. When I first joined facebook? I was 20 and in college.  It was called “thefacebook” and it was some nifty new website for college students a few of my friends (all frequent early adopters) bugged me to try.  The privacy policy was fairly standard. “We won’t share your info with anyone else, except anyone we may choose to, like advertisers, and we can change these terms at any time and they apply retroactively.”  And once they were noticeably evil, it was much too late, and you were opted in whether you liked it or not.

      So yeah, the whole “if you want privacy don’t walk down the street naked” is a bullshit answer, and a bullshit analogy, because it’s not just one website, it’s a whole system geared towards stripping away privacy rights.  There’s something wrong with the system when normal, every day tasks  (e.g. work and social communications, commerce, transportation, etc etc) require waiving all right to privacy. And it’s an important discussion to have.

      1. +like
        Hey, I wasn’t there at the start, but I spent time on FB. And I wasn’t talking about the sneaky EULA changes – although admittedly I never made that clear. Your criticism is valid.

        I was referring to the fact that when one has an FB account (I killed mine a couple of years ago) and isn’t critical or aware of what’s happening, that it’s very easy to “upload your life” or “walk naked down the street”. Every photo uploaded, every event is commented on and gone to, every like is liked, every photo in which you are tagged, every song you have listened to, every status update – all of these add up to walking down the street naked if you are doing it with great enough frequency. 

        To be honest, I’m a little ashamed that my greatest hope – apart from the fighting that ppl like Cory (and I to a lesser impact, and you I’d imagine) do  – is that websites die. Beebo, MySpace, Friendster etc – the web moves on. It wont happen overnight, but it might happen.

        I certainly don’t think the conversation should stop at any level – but I think it needs to encompass an education focus as well – to call out the emperor (my friends) for being naked. People sometimes need to be shocked out of the groove they are in. 

  2. If I were involved in activity for which I needed PGP encrypted phone calls, I don’t know that I would trust someone to run a service to keep my information safe from subpoena or illegal government interception.  Every component needs to live on the endpoints or it seems suspect.

    1. The website says there are no backdoors. I would like him to answer one question: when the government shows up with a subpoena, what can they get? 

  3. Ouch. Someone really needs to tell their rep that something can’t be “very unique” and the fact that he used to be a Nacy SEAL ex-sniper doesn’t mean he knows anything about encryption tech.

    Also the most telling line in their promo video is “the level of security meets Department of Defence federal government standards” which, at least to me, indicates that it’s more likely to have an in-built back door than just be made illegal.

    The website also says it will be running over “our secure custom-built network”. Sure, I’ll trust there’s no-one with a black-box in that either.

    Of course the biggest obvious problem for this kind of thing is that you need the infrastructure on both ends and since Google makes it’s money partly be scanning your email don’t expect that any time soon.

    It’s great in theory but in practice I won’t hold my breath. It’ll be interesting to see what Bruce Schneier has to say about it.

    1. You might want to brush up on your history a bit. Here’s a starting point: “PGP creator Phil Zimmerman.” I can’t say he hasn’t gone rogue, but asking Bruce about Phyl’s crypto is about like asking Andre Agassi about Venus Williams’ tennis. Not a bad idea, but we’re talking about peers here, not an expert evaluating some schmoe. 

      1. Oh, also, Mr. Zimmerman is likely just re-packaging his (oldie but goodie) PHPPhone app with larger key sizes. Which is to say, he’s written this same app before. Hopefully, the infrastructure is just a keyserver and low-latency remailer-type network, and the protocol and client source code will be available for inspection.

      2. C’mon – I’m hardly putting down Mr Zimmerman who has a world-class tech security history.  Have a look at the corporate video on the website and then come back and comment on the other guy in it. I don’t think anyone is going to mistake Mr Zimmerman for a Navy SEAL.

        Your right – their infrastructure might just be keyservers and a nice low-latency network but they’re not going to let us see it so we’ll never know.

      3. Navy Seals don’t impress me much either, but if it works for their market, whatever.  

        Having both Phil Zimmerman and Jon Callas in the company, on the other hand, is highly impressive.  PGP was “Pretty Good Privacy” – it wasn’t technically perfect, it wasn’t the easiest thing to use back then, and Phil got thrown into the role of patent lawsuit target and export control law target, civil liberties hero, threat to the FBI/NSA/KGB, and software development company founder.  Jon has serious cryptography and programming chops and has been a critical player in several generations of PGP companies as well as other well-known computer companies.  And both of them understand the importance of making their products open so that everybody can evaluate any potential security flaws (unlike, say, Skype), and getting serious testing done on it. 

        I don’t know if the product will do things that I want to do in ways that will make me want to subscribe, but I trust them to do seriously good security and at least reasonable usability, and they’ll have thought very carefully about the “what can the government get with a subpoena” problem.  (My guess, by the way, is that they won’t ever have any private keys, and they’ll have done something to address traffic analysis, but I don’t know where they’ll make the tradeoffs between convenience/responsiveness and hardness against traffic analysis, which is a hard problem.)

    2. Ouch. Someone really needs to tell their rep that something can’t be “very unique”

      Really? Just about every object is unique, not being 100.0000000…% identical to the next most similar object. Each of the Cheerios “Os” is unique, but not very, whereas a real, live 20,000 lb unicorn would be very unique. There are degrees to which things are one of a kind.

      /anti-pedant pedant

      1. “There are degrees to which things are one of a kind.”    Get the hell outta here with that crap, Hegelian. 

         Until “they” change the definition, unique means ONE of a kind.  There is no possible way to be pretty unique, sort of unique, very unique, or any other modifier of unique. 

        The English language:  love it or leave it. 

        1. It sounds to me like describing ways to be “pretty unique, sort of unique, very unique, or any other modifier of unique” is EXACTLY what Hegelian just did, and you’re kinda just ignoring him.

          You take that prescriptivist “Webster is God” attitude to any serious linguist and you’ll get laughed right out of their office. Words change. Languages vary and evolve. If there’s a linguistic niche open — and I think Hegelian at least made it quite clear that there is — something will surely fill it.

          And I guess Lynne Truss and her million tedious larvae will surely be there, just like the Latin-obsessed Victorian pedants of old, to tell us we’re “communicating wrongly” (in precisely those stuffily and awkwardly correct terms no doubt), even when everybody of sense and imagination can discern quite clearly what we’re saying. 

          In short: git yer rascally pedant hide on the next carriage return outta Dodge, Mister Jake. The things y’all’re sayin’ don’t matter no-how.

          1.  Well… ya done got me there Ms/Mr Rezeya.  I guess I was just hangin on to  the outmoded definition of the word unique.  My bad.  Irregardless, I’m all for the evolution of  the whole language thing. 

          1. That’s great that you want that but I don’t think the eventual course of the economic system is under your control.  Things that once cost a bundle are free now.  In addition I don’t know what you’re going to be able to charge people for when AI gets scarily competent.

          2. Well, those of us who choose to work at places like Mozilla (I do) actually do think it may be under our control, at least in regards to the Internet.

          3. And they aren’t “free” because something is still being bought and sold. It just happens to be you. If you look at something on the net and can’t figure out what the product is (when it comes to money), it is because YOU are the product.

        1. I’m guessing it’s just a blip. Between things like Kickstarter and the Humble Bundles (which displace what would historically been shareware, and thus represent an increase in prices) and looming energy issues (in a couple months, ask Germany and Japan how shutting down the nuke plants worked), paying is going to be pretty viable.

    1.  I think your statement would lead to some form of anarchy. And I don’t think that’s where the world really wants to go. Money is an ancient concept that at least made perfect sense way back when. It is really hard to carry, say, a large flock of sheep around with you for barter purposes. Money, best as I can tell, started to become highly abstract when the concept of checking arrived, I think around the time of Newton. For decades, I’ve thought about the concept and the best description I have ever come up with is borrowed:  It’s a consensual hallucination. I used to delight in asking college Econ majors to define money for me. Invariably, they would end up describing coinage, not money. We’ve moved way beyond coinage and into a highly abstract concept that just simply will not abide  by rules. At least, we don’t really know the rules since money is a purely chaotic system. Still, I don’t think the idea is going away anytime soon. People are willing to go with SOME sort of exchange system because anything else would be, well, nuts.

        1. Somebody’s been watching In Time a little too much :P  I’m only half joking however, as I definitely see your point.  Money is a real world conversion result of effort to worth.  Your effort is your time and your resources.  Worth is simply what that time and those resources mean to someone else.  

        2.  95%. What money really is is a representation of energy; if you buy something with it, you are buying the energy that went into making/finding/selling that thing (or, at least, what the other person SAYS is involved).

    1.  You don’t have to pay. It’s just, the lesser-known encryption things out there require some wrestling to get into shape. It’d be more accurate to say you’re paying for someone to set up/maintain your private channel for you.

  4. Hey, CALEA is still on the books. I don’t trust their “no back doors” statement. Because either they’re wrong, or they have a very clever plan on hoodwinking law enforcement.

  5. Neat ideas, but I think at $20 / month it is steep. I might use a PGP voicemail / voice communication app, but  that’s more than I pay per month for my phone anyway. How many calls a month do I make that it would be catastrophic if bugged? not many. If they divided that down to about $1/week/phone, still a decent revenue stream, they’d have more uptake. I suspect most people would view guaranteed privacy as a luxury rather than necessity – doesn’t seem worth $240 a year since the tech. is probably quite simple. Maybe some competition would drive the price down anyway. Interesting rationale, that since you’re not the product you pay to use the service…

  6. $20 /month…a service? why?
    i could see an app which costs money once and encrypts your email, sms, and phone calls (essentially just gets between them encrpyting on the fly, if someone gets it on the other end and doesnt have the means to decrypt it they get garbage) still run the issue of key negotiation but id rather have that than trust someone elses service to it.

  7. $20/mo per device? It doesn’t help much if the guy on the other end isn’t also using it. So if I want to talk to my immediate family members over encrypted channels with this, I’m looking at $100/mo? No thank you. I’ll just learn comanche.

    1. That right there is the issue, isn’t it?

      I already use TextSecure for my SMS messages.  My wife is the only other user I know – but that’s alright because (1) it was free (a modest one-time cost would have been OK too), and (2) it communicates transparently with others who don’t use it.

      But this service – I’m not going to pay $20/month for it until many of the people I regularly phone also use it; and nor are many of the people I regularly phone.  Who wants to be an early adopter of a program that may evaporate ($20/month gets you nothing) or that may eventually get widespread traction ($20/month gets you nothing more than the people who adopted much later)

  8. This sounds like something big dumb corporations will pay for. Like GPG vs. commercial PGP, regular people won’t buy it.

Comments are closed.