We wrote about Heml.is a while back, they are building a message app where no one can listen in, not even themselves. They claim that they would rather close down the service before letting anyone in. In this post-Snowden-and-PRISM aftermath, this is super interesting. With other messaging apps such as WhatsApp getting hacked, secure email storage shut down and iMessages potential privacy gaps, it would seem, that there is a need for these kind of secure services, or at least the technology they are building.
Heml.is is built on top of proven technologies, such as XMPP with PGP. They are aiming to make the app as user friendly as possible so as to remove the high threshold that is usually associated with encryption software and services. They are claiming that so far they haven’t ran into any problems.
I caught up with co-founder Linus Olsson to find out how it’s going for them.
It seems like a lot of the Snowden-Prism-aftermath has died down, what are the best ways users can protect themselves?
Things always cools down after a while but the discussion is still rather noisy, we would say. Speaking about how users can best protect themselves, it’s a bit dangerous to even talk about ‘the best ways’, and it’s still a jungle of choices. Sites like Prism Break are a great start, but firstly, people need to read up on what actually is happening. Without understanding what you want to “protect” yourself from, it’s very hard to make any great choices.
Should Swedish companies and users bring home their data from the US and other surveillance countries?
Many countries reserve the right to monitor data and traffic that passes through their borders, so that’s something to keep in mind. This in itself is one of the core problems today, as so many services are built using 3rd party products, that are necessarily not all based in the same country.
Not using foreign cloud services for storing data is a good start. In fact, trying not to use cloud services at all, is probably even better.
You claim that using cloud services can be a security risk – what advice do you have for companies that are using these technologies, want to scale, concerned about security BUT don’t have the resources to NOT use these cloud technologies?
Then there is only one thing. Know what you are actually doing. Understand what you “give away” and the consequences of this for your company and your customers.
Remember that a formula one car built out of bamboo might be dirt cheap and fast as hell, but when it crashes it would be better to not have bought it at all.