Stikked

Global-WAN

From Burly Eider, 10 Years ago, written in Plain Text.
URL http://geopaste.scratchbook.ch/view/2a97c855
Embed
Download Paste or View Raw
  1. Global-WAN differs in that:
  2.  
  3.   1. its encryption is compliant and unbreakable forever
  4.   2. no metadata (who/where/when) is available to anyone
  5.   3. security not delegated to US open-source cryptography
  6.      operating-systems, script engines, HTTP servers and
  7.      VoIP servers (and all recurringly expose users to new
  8.      critical security breaches, year after year).
  9.  
  10. With Enigmabox, "your IP is your identity", which is the
  11. only thing needed to track people, the cryptography is
  12. taken from an open-source library made in an US university
  13. and Microsoft documented its design in 2006.
  14.  
  15. Enigmabox relies on SIP phones from Grandstream, which
  16. describes itself as a "surveillance specialist" based in
  17. the USA:
  18.  
  19. http://www.grandstream.com/index.php/products/ip-video-surveillance
  20.  
  21. In contrast, Global-WAN lets you use regular phones (just
  22. a micro and a loudspeaker, which any ability to send data
  23. on the Internet).
  24.  
  25. Unsurprisingly, almost everything is done wrong by
  26. Enigmabox - at least from a security point of view.
  27.  
  28. The open-source project used by Enigmabox is named 'cjdns':
  29.  
  30. https://github.com/cjdelisle/cjdns/blob/master/doc/security_specification.md
  31.  
  32. 1. it uses a (vulnerable) US cryptographic library
  33. 2. it relies on (vulnerable) public-keys for key-exchange
  34. 3. it relies on backdoored runtimes (NodeJS, Python, Perl)
  35.     and "off-the-shelves" Operating Systems
  36.  
  37. The public-key crypto is weakened by using a 16-byte hash
  38. of the user IPv6 address (further identifying users and
  39. easing key-recovery).
  40.  
  41. The 'password' method is presented as safe while it can't
  42. match the cryptographic entropy requirements. That's a
  43. lot of 'accidental' incoherences for people so concerned
  44. by the security of their users.
  45.  
  46. Partners are hosted by Cloudflare (a commercial CDN) so
  47. someone is paying the bills (in addition to the costs of
  48. the R&D) for the pleasure of tracking Enigmabox users.
  49.  
  50. Microsoft Research (not a privacy fan) documented the
  51. design used by Enigmabox... in 2006:
  52. http://research.microsoft.com/pubs/75325/virtualring.pdf
  53.  
  54. Finally, if you look at the prices (and purchase page)
  55. then its look & like is very similar to Global-WAN's
  56. page:
  57.  
  58. http://enigmabox.net/en/order/
  59. http://global-wan.ch/en/register.html
  60.  
  61. But, unlike Global-WAN, they offer to get payments in
  62. Bitcoins (that Global-WAN presents as a trap aimed at
  63. tracking people - something recently confirmed by a
  64. university in Belgium).
  65.  
  66. This makes you wonder who came first, and to do what:
  67.  
  68. Enigmabox.net domain has been registered in June 2013
  69. TrustLeap.com domain name was registered in Nov. 2007.
  70.  
  71. It took us 7 years of R&D to make Global-WAN because
  72. we have rewritten everything in order to deliver real
  73. security.
  74.  
  75. Clearly not the case of Enigmabox.
  76. --
  77.  
  78. Pierre Gauthier
  79. CEO and President
  80.  
  81. http://twdi.ch/
  82. http://global-wan.ch/
  83.  
  84. Paradiesli 17, CH-8842 Unteriberg SZ, Switzerland
  85. Tel +41 55 414-2093, Fax +41 55 414-2067

Reply to "Global-WAN"