Cyph – A cryptographically secure messaging and social networking service
25 points by nikolay 8 days ago | 10 comments
  • woofcat 8 days ago |
    How is this any different than the other 1,000 "encrypted chat" solutions?
    • nikolay 8 days ago |
      This has been used by doctors and is not free - this is how I found it.
      • rightisleft 7 days ago |
        My doctor can barely use a mouse let alone comment on surveillance technology
  • Halian 8 days ago |
  • jazzyjackson 8 days ago |
    I was intrigued by the claim that they are secure by virtue of their patented tech, so I looked up the patent

    https://patents.google.com/patent/US9906369B2

    Sounds like a trust on first use scheme so that you get a public key from the distributor, and use that to verify the application bundle on subsequent use. I actually do like this because it solves for a paranoia I have with password managers, in that they can claim all they want that decryption happens clientside but they're serving me a JavaScript bundle and how am I supposed to believe that isn't changed on the fly via supply chain attack? So at least this adds a step that the application code that is delivered from the server must be signed by the author.

    Edit: client is source-available (nonfree), I actually hadn't come across npm verify, so thanks for that

    https://github.com/cyph/cyph?tab=License-1-ov-file

    • buu700 8 days ago |
      Exactly! And just to clarify, the `verify` script is a Cyph feature that I added to allow comparing a local reproducible build against the production build, not a general npm feature. Running `npm run verify` in any random JS project won't do anything unless the project happens to have a script configured with that name.
  • proxynoproxy 7 days ago |
    “Cyph is the only encryption app that is secure to use in a web browser, thanks to our patented WebSign technology.”

    Run, don’t walk away from vendors making these claims.

    • nikolay 7 days ago |
      Maybe their claim is a bit more valid than those of other systems with equally bold claims [0].

      [0]: https://www.cyph.com/websign

      • antisocialist 7 days ago |
        It may be valid against closed source apps, but I don't see how it can be more secure than build-and-self-host OSS apps for private messaging.
      • proxynoproxy 7 days ago |
        IMHO their claim is invalidated by appeal to patents. Patents are a sure fire way to ensure that even the most clever of cryptographic constructions is never used in the real world.

        Open is better than closed. Non-patented encumbered is better that encumbered.