I haven't done a thorough review of it by stand by my at-a-glance review from 2014 on Schneier's blog:<p>"And it's written in a risky language using shoddy libraries on platforms NSA etc. have 0-days and automated attack systems for. I'm sure that this combination will be "really hard" for NSA to penetrate. ;)"<p>Goes for any strong attackers. Yet, with better interface and more security review, an app like it might protect from the lesser attackers or snoops that are still worth stopping (see "who uses Tor?"). Moreover, might be a better baseline than existing apps providing similar functionality. The main thing that will continually kill this app's security, also similar ones, is it's so complex that describing functionality and errors states is already quite a chore. Making a security argument... more so or impossible.<p>The best bet is probably a system like Freenet: asynchronous, low response time requirements, and F2F. So much easier to protect such systems. Already has a lot of services built on it. The approach would be a thorough, no-hold-barred review of the protocol by pro's as we've seen with Tor. Whatever survives the review is implemented in a native language with strong assurance activities for implementation and interfaces, including covert channel analysis. Mutually-distrusting, geographically-diverse, and ideologically-loving-privacy types to be the early nodes in public network for bootstrapping. Might even implement it on top of Tor or I2P.<p>Anyway, there's not much hope for strong anonymity or security if the app is complex and uses high-risk components/platforms. Just isn't happening. Sacrifices must be made. Both software market and FOSS communities have almost all shown they're not willing to make them. So, it will remain a niche with few solutions that are any good.