Teleguard: Swiss Made Safe Messaging

I think the Swiss Made Safe Messaging is suspect to those who know about backdoors. In fact the Swiss sold “encrytped” crypto phones with backdoors baked in as a business model. You paid to get spied on:<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Crypto_AG" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Crypto_AG</a>

&quot;The&quot; Swiss made secure messaging app (which already has brand recognition and some meaningful adoption within Switzerland) is Threema (no affiliation, and I&#x27;m using Signal - just comparing to Threema because &quot;Swiss made&quot; seems to be what this app is trying to make their main selling point).<p>This app has &quot;1,000+&quot; installs on the Play store (Threema: &quot;1,000,000+&quot;), and doesn&#x27;t use phone numbers as IDs, i.e. it&#x27;s only useful if you for some reason want to migrate all your friends to a brand new chat app that nobody else has heard about, and that has no really unique selling points, and thus little chance of building meaningful network effect (which is critical for chat apps, because a chat app without people to talk to is useless). As a result, it seems unlikely to be successful and thus unlikely to be supported (or exist) long term.<p>It seems to be a poorly thought out attempt to jump onto the wagon train far too late and get users trying to flee WhatsApp. Due to the network effect, adding choice is likely to help only the incumbent (WhatsApp) by making it harder for any of the alternatives to reach critical mass.<p>The crypto design is also highly questionable: They say they&#x27;re using &quot;SALSA 20&quot;, which is a low level primitive (comparable to e.g. AES), not a complete protocol. Advertising primitives shows little understanding of the actual problems in cryptographic practice, and thus a significant risk that not enough work went into designing the protocol around it, resulting in something that is insecure overall.

Raises the more interesting question of what is sufficient collateral for a developer to make a secure messenger.<p>Before Snowden&#x2F;Poitras&#x2F;Greewald, we trusted Moxie Marlinspike mostly because of his dreadlocks and some conference appearances. Very, very, few people understood what a ratchet was, let alone read the code. We trusted founders Jan and Brian of WhatsApp I think because they wrote t-filez. Security is in many ways cultural and aesthetic as it is technical. SILC was a thing for people legitimately being spied on by their governments in the pre-occupy anti-globalization movement - and then suddenly it wasn&#x27;t.<p>I want a product like this to succeed, so why snark about these perfectly nice seeming people&#x27;s new tool? Because security has serious consequences. We don&#x27;t need to tell anyone what we need privacy for, but I think we&#x27;re still lacking a clear &quot;for what,&quot; to evaluate privacy technologies against.<p>The threat we need to build privacy tools against is essentially suburban-bourgeois and mob governance. When you look at old &quot;alternative&quot; culture, or why people still go to things like burning man today, it&#x27;s to engage in what are essentially aesthetic communities of desire and to be free of political oversight and surveillance. The criteria I would propose for a secure messenger is that it can create a private perimeter to facilitate the freedom of something like burning man for a community of users. If it isn&#x27;t designed to create that kind of growth, it&#x27;s a reaction with a limited horizon and just bargaining with the inevitable.<p>Personally I think a privacy product that is for everyone is necessarily for no one. Maybe this is the one that gets used by the next burner-level community to emerge, but the conversation about what-for will be the thing that drives the adoption of it.

People from Switzerland are probably the most patriotic in the world after those from USA. If it&#x27;s made in Switzerland, you can be sure &quot;Swiss-made&quot; is prominent and there&#x27;s a white-on-red cross somewhere visible.<p>But, honest question, is there such thing as the &quot;Swiss guarantee&quot; in tech?<p>What have the Swiss ever done for us, in computer science, to demand such respect just by mentioning the place of origin as certificate of trust?

This website is awfully light on details. Is it open source? Is there a whitepaper on the encryption used? Does it have e.g. forward secrecy? At the moment there&#x27;s no reason why you might want to use this over e.g. Signal or Wire, both of which use well-studied encryption schemes.<p>Also -- &quot;Complex encryption system for all transmitted data&quot; does not seem like a particularly good thing.

So... why not contribute to Matrix? Or why would anyone get this instead of Swiss-made Threema? Which was audited, has a web version (even if it&#x27;s super crappy), has contact discovery, and is open source. I can not find a single advantage of Teleguard (even the name, it just reminds me of Telegram) over either Matrix or Threema. Or perhaps Wire if you don&#x27;t care about Amazon handling your data.<p>The faq for &quot;why use this&quot; says it uses the best crypto ever: salsa20. That isn&#x27;t better or worse than aes in terms of security and it&#x27;s also missing a few components (surely they haven&#x27;t reinvented digital signatures using a stream cipher). And they say it complies with the law, like okay yeah that sounds pretty standard.<p>Frankly, it looks shady. No profit model, inconsistent text styles, weird reasons given for why it should be better, a brand name whose abbreviation conflicts with an established competitor (seems like a throwaway name), no source code &#x2F; f-droid release, handful of downloads on Google Play Store, and claiming with a straight face that literally no user data is stored - what, does it not store incoming chat messages until my device comes online? It just isn&#x27;t true.<p>Don&#x27;t know if this is a Show HN (it&#x27;s not labeled as such) or just someone who randomly found it, but I&#x27;d be curious to hear from the developers what the thought process is here.<p>Edit: checking out the company behind it, they have paid privacy products. I guess it&#x27;s not as shady as it first seemed, but it&#x27;s also not quite ready for launch given the competition&#x27;s state of maturity. It&#x27;s a hard market to get into I think, it might make more sense to fork Signal and make it use usernames and European servers to at least have something to work off of.

After Crypto AG [1], does &#x27;Swiss made&#x27; really still have the same positive connotations it used to?<p>I&#x27;m so over any sort of branding that proclaims the superiority of one nation over others. [2]<p>If we really wanna give credit, why not list the actual names of the engineers that came up with the encryption mechanisms?<p>Same goes for Apple&#x27;s <i>&#x27;Designed in California&#x27;</i> etc.<p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22297963" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22297963</a><p>[2] <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=VRh925Is_1U" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=VRh925Is_1U</a>

No links to source code, no mention of open source, even in the FAQ.<p>Did I miss it, or is this a wholly proprietary thing?

To achieve effective end to end encryption, you need:<p>1. All cryptographic keys controlled by the users.<p>2. Some way to confirm you are actually connected to who you think you are connected to.<p>3. A way to confirm that the code you are running is not leaking keys&#x2F;content.<p>I could not find a claim for any of these. But Telegard still claims end to end encryption as a feature. They could of just left things with how trustworthy they are and called it a day but they just had to check all the marketing boxes.

A bit like @newscracker, I&#x27;m on the lookout for a messaging app that works for me. @motohagiography addresses the privacy claims by asking good privacy for what.<p>I&#x27;ve discussed nothing on a conf&#x2F;video call or exchanged messages that are so sensitive as to absolutely require encryption. There are no absolutes in security anyway. Sorry, but I&#x27;m sublimely unparanoid at my national government reading my emails. While I could probably be accused of being a member of the metropolitan elite (c.f. suburban-bourgeoise), I&#x27;ve never said in real life or written online anything to threaten anyone.<p>Instead, @Barrin92 argues that the concern is leakage to allow corporate use of that data. I agree with the concern, but contend that regulation is the answer. I don&#x27;t believe I&#x27;ve received targeted ads based on the content of my inbox, yet my inbox arrives over unencrypted SMTP. A special case can&#x27;t be claimed for messaging. The problem isn&#x27;t weak regulation, the problem is that messaging apps are largely in the hands of few -- and not interoperable.<p>Jabber and SIP aren&#x27;t in the hands of a single company and for me, the direction of travel has to be federated across autonomous providers along the lines of interoperability.<p>I haven&#x27;t tackled any of my acquaintances about it but suspect that the remainers from the defection from WhatsApp that Facebook provoked include a fair number that take a &quot;out of the frying-pan and into the fire&quot; or &quot;better the devil you know&quot; stance moreso than inertia.<p>There isn&#x27;t money in it in the sense of the unwelcome TeleGuard HN spam. But, rather than banging-on about encryption, espionage, and elites, what those with the resources need to do is to use them to help democratise messaging.

I&#x27;m constantly on the lookout for newer and&#x2F;or different messaging applications. This one is good because it doesn&#x27;t rely on a phone number. But it&#x27;s still yet another centralized system. There isn&#x27;t enough information on how this service doesn&#x27;t store user data (or metadata) and still manages to connect them (in contrast, Signal has many blog posts and documentation about how it minimizes data collection).<p>In the FAQ, there&#x27;s this:<p><i>&gt; Which operating systems are supported?<p>&gt; TeleGuard supports all Android devices with version OS 5.0.3+ and all iPhone devices with at least iOS 9.0+.</i><p>It&#x27;s good to support a few older versions of operating systems, but I don&#x27;t think a messenger can promise security or privacy if it supports operating systems that are quite old by mobile standards and aren&#x27;t getting security updates for a long time. Wikipedia says that Android 5&#x27;s latest release was nearly six years ago (April 21, 2015) and that of iOS 9 as 17 months ago (July 22, 2019). Supporting iOS seems kinda ok, but supporting that Android version looks quite bad.<p>I also judge websites by what they say and how they say it. In the FAQ, after the answer for &quot;07. Edit Profile&quot;, there&#x27;s a list of bullet points that looks like a to do list for additional FAQs that haven&#x27;t been completed:<p>• Send media<p>• Forgot password?<p>• How is TeleGuard financed?<p>• Registration<p>• Add contacts from the phone list<p>• What kind of encryption does TeleGuard use?<p>I don&#x27;t think this is ready for prime time yet.

Let&#x27;s throw this in the mix! <a href="https:&#x2F;&#x2F;www.secuwine.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.secuwine.com&#x2F;</a> Under Norwegian and European laws and regulations

Closed source, unclear what protocol is used. They mention SALSA 20 which is good, but that&#x27;s probably just channel encryption. No details on how session keys are derived.

Took me a minute to realize this wasn&#x27;t related to the Telegard BBS. I didn&#x27;t see the &quot;u&quot; in the name at first, and I was wondering what the Swiss had to do with old BBS software.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Telegard" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Telegard</a><p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;OpenTG" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;OpenTG</a>

Thank God. I had 39 messaging systems on my phone, I didn&#x27;t like the odd number. Now we&#x27;re good. Until next week.

Can someone give me a TL;DR 30,000ft view of why Teleguard is better than what are arguably the &quot;market leading&quot; Swiss alternatives, namely Threema and Wire ?

Does this app have <i>any</i> USP?

Wow those peoples completely missed Crypto Ag and Opensource.<p>DONT trust Swiss enc. Products<p>BTW: I&#x27;m Swiss

Crypto AG. <a href="https:&#x2F;&#x2F;archive.is&#x2F;d6z6l" rel="nofollow">https:&#x2F;&#x2F;archive.is&#x2F;d6z6l</a>

That famous swiss encryption...

<a href="https:&#x2F;&#x2F;teleguard.com&#x2F;en#faq" rel="nofollow">https:&#x2F;&#x2F;teleguard.com&#x2F;en#faq</a><p><i>we are not subject to the data protection laws of the EU &#x2F; USA and do not have to pass on any data, but GDPR-compliant.</i><p>Wat.<p>If they&#x27;re not subject to EU laws, they&#x27;re not subject to GDPR. Is this a joke?

This looks good. Just sent you my resume.

Why is Swiss Made better for ethics?<p>These are the same folks that looked the other way on Hitler (and in fact were his preferred banking location) and recently sold a phone with a backdoor while claiming it was private.<p>The Swiss are extremely systematic, which makes them great at banking, but ethical? Not sure about that.