I'm starting to look through the code right now. A scroll through their open source page indicates they're using libsodium, which is a good sign that they avoided most of the foot-cannons alluded to on this page: <a href="https://gist.github.com/tqbf/be58d2d39690c3b366ad" rel="nofollow">https://gist.github.com/tqbf/be58d2d39690c3b366ad</a>
Is Semaphor focused on group chat (Slack) or are there plans to support private communications (text, audio, video) like Wire? Unlike Signal, Wire allows registration with only an email address (via <a href="http://app.wire.com" rel="nofollow">http://app.wire.com</a>) and does not force you to upload your contacts to their server.<p>Article: <a href="http://arstechnica.com/business/2016/03/go-ahead-make-some-free-end-to-end-encrypted-video-calls-on-wire/" rel="nofollow">http://arstechnica.com/business/2016/03/go-ahead-make-some-f...</a><p>Security: <a href="https://www.documentcloud.org/documents/2756350-Wire-Security-Whitepaper.html" rel="nofollow">https://www.documentcloud.org/documents/2756350-Wire-Securit...</a><p>Code: <a href="https://github.com/wireapp/wire" rel="nofollow">https://github.com/wireapp/wire</a>
Good luck to them.<p>After helping make a slack-style client-side encrypted productivity app (<a href="https://balboa.io" rel="nofollow">https://balboa.io</a>) that has been on life-support for the last 2 months, I have a lot of respect for people that attempt to make this space more secure.<p>It's not easy.<p>A few lessons learned that may be useful to others:<p>1. Most businesses and consumers are ok with their data being available to companies like Slack and Google because they trust these companies. They feel that regardless of reality, their data is safer with Google or Slack because those companies have a lot more to lose if they fail.<p>2. The SME space for productivity apps is pretty much the same as the consumer space. You're going to be competing with Google. SMEs are actually really cheap and scrappy: they don’t spend money on non-bottom line affecting stuff. If you want to sell security to them, it has to be essentially free<p>3. Reputation is more important than (or at least AS important as) your technical chops. You're asking people to trust you. You can show that you are competent by demonstrating a mastery of the technology, but that may not be enough to show that you are also trustworthy.
SpiderOak describes this as "Collaboration and messaging for teams." It seems like it's for (for-profit) business teams and not for personal "teams" or groups or non-profits/social groups. I guess the pricing model mentioned in the article is to get businesses that use Slack or Hipchat or other system.<p>I don't like SpiderOak's pricing models in general because of how it seems to oversell and upsell services. For personal teams/groups, there are free services like Telegram (awesome user experience that keeps improving at a fast pace but poorer homegrown crypto with normal messages stored in plaintext on the servers) and Signal (great crypto but awful user experience, slow and buggy app and slow and unreliable message delivery).