Little bit off-topic but:<p>> respects freedoms and privacy of its users<p>It downloads the binary over http on <a href="http://ring.cx" rel="nofollow">http://ring.cx</a>, makes it susceptible to tampering. Is serving binaries over HTTP a GNU thing because the expectation is that you would check the signature?
While I'm sure it's well-intended, it does have a couple of fatal flaws.<p>* Lack of full forward secrecy means logged network logs can be decrypted in the future if an endpoint key is ever compromised.<p>* e2e encryption is optional, due to legacy SIP support. This is extremely dangerous as it will no doubt lead to false sense of security, with users assuming they're safe just because Ring is the program they're talking through.<p>Due to these two I cannot actually recommend it to anyone.<p>Note that Tox got these two right, and is a pretty active project which gets commits semi-daily, regardless of the nonsense about it being dead that some party seems to be spreading.
This appears to be something phone-related, not the Ring cryptography library written in Rust based on Boringssl. (<a href="https://github.com/briansmith/ring" rel="nofollow">https://github.com/briansmith/ring</a>)
The DHT system for identities is cool, but the thing that gets me is that they don't have support for SRTP with ZRTP, only SRTP with SDES. There's no perfect forward secrecy, and a bunch of other features that ZRTP has.<p><a href="https://www.silentcircle.com/products-and-solutions/technology/zrtp/#why-is-the-zrtp-protocol-better" rel="nofollow">https://www.silentcircle.com/products-and-solutions/technolo...</a>
Has ring improved much? I remember a few months back it used 28gb of background data over LTE (which was fine since I'm uncapped) on my phone, and was less stable than sflphone, which would randomly stop registering occasionally.<p>I can recommend pjsip though, very reliable so long as you read its docs before writing a script to leverage it.
There seems to be no browseable source code around, what are the implementation language(s)? I want to know whether the protocol implementations are written in a memory-safe language.
Is there a well-known discovery document or any other way to create shortcuts for the ringID? (i.e. mapping it somehow to web or email address) I doubt many fancy spelling ringIDs.
What's the advantage of being a GNU project these days? It seems like it ties you very strongly to the FSF's political opinions and in particular Richard Stallman's political opinions (e.g., eugenics) and restricts your technical decision-making options (e.g., limited plugin architecture, limited support for non-free OSes, mandatory support for things like GNUTLS), while not giving you very much in return - with the existence of GitHub and a wide variety of competitors, it's pretty easy to attract a healthy development community independent of GNU. What am I missing?