whistle.im

whistle.im is an instant messenger developed in Germany for smartphones and PCs . The service has now been discontinued.

Encryption method

Both the browser and Android apps use hybrid , i. H. asymmetrical paired with symmetrical encryption using the RSA process with 2048 bit keys and the AES process with random 256 bit keys in CBC mode. However, since the actual cryptography library cannot be viewed, no check can be made with regard to the correct implementation of this procedure (see criticism )

privacy

In contrast to other applications, the Android app requires relatively few authorizations. For example, no authorization is required to access the contacts stored on the smartphone and only a fictitious ID and password are required to use the application. In addition, the developers have disclosed those data that are at least temporarily stored on the servers in a privacy policy.

criticism

An examination of the several weeks old beta version by Falk Garbsch from the Chaos Computer Club revealed considerable security flaws to which the developers responded within three days with a security update, which Garbsch generally welcomes, but continues to be skeptical because the developers merely responded to his criticism and the defects found would only be the tip of the iceberg. Furthermore, the security gaps were not openly communicated to the users, there is only an entry in the press kit.

Another point of criticism expressed by Garbsch was that the statement "Our cryptography is open source " on the website is misleading. Some of the calls to functions of the cryptography library are available as source code, but not the library itself or the main application. The developers then placed the already published code under the GPL license in September 2013 , so that it has also met the requirements for free software since then . The criticism remains justified insofar as only the license has been changed, the code affected by the criticism is still not published.

Individual evidence

1. ↑ Encrypted WhatsApp competitor comes from Germany. In: Golem. Retrieved August 18, 2013 . 
2. ↑ Encryption Mechanism ( Memento of the original from May 6, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / github.com
3. ↑ "We don't even want to know who is writing"
4. ↑ Privacy Policy ( Memento of the original from March 3, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / github.com
5. ↑ "Whistle.im is 'Fuckup as a Service'"
6. ↑ whistle.im: FaaS - Fuckup as a Service
7. ↑ whistle.im: Messenger faces the CCC criticism
8. ↑ whistle.im: New messenger from Germany with very strong encryption (update) ( Memento of the original from August 18, 2013 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / t3n.de
9. ↑ Commit "Now licensed under GPLv3" ( Memento of the original dated December 14, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / github.com