Indiegogo: "super-encrypted Quasar IV superphone"
 

Quoting http://engadget.com/ on this as I'm a lazy duck :p

You can read more about the campaign on http://www.indiegogo.com/projects/qsalpha-quasar-iv


Own opinion: screen looking nice - Jolla get Sailfish running on it by default :D

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Not that it should be able to do anything, that we couldn't *if* Neo900 appears - maybe quazar could do some things faster, *if* they're going to use some specialized-for-encryptions CPU additions.

But, frankly that part about, "secure storage in the cloud" - what are they smoking? If they're doing product for secure-freaks, they shouldn't use such "snake oil" terms, as it makes them look less professional in eyes of potential customers.

When your data is on some funny server you don't control, somewhere on the net, it is *never* secure. Anytime, gov. guys may demand access, and you will never know it. Not to mention secret, but mandatory backdoors (germany and USA anonymizers, anyone?).

/Estel

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Well, not totally accurate - they can provide client (device) server (cloud) software that can use strong encryption - both of data transportation and storage - access to such data is irrelevant as it is assumed to be strongly encrypted.

Generally - this is probably a software solution and therefore can be implemented in N900 too - even without the server side software. encryption of data can be executed on the device itself, and using a regular cloud storage server.

There is a lot of buzz around "data protected devices/services" since the news about NSA came - as this subject cannot be understood by the majority of simple smartphone users, it is easy to sell solutions using magic words.

do we have data/drive encryption applications for the N900 with 512/1024 bit keys? i know truecrypt's best encryption (which I use) uses 256bit...

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

To be fair, if the encryption key/password/whatever never leaves your phone, and they're just storing the encrypted data directly in the cloud, then it's only slightly less secure than your physical phone itself. Yes, a government could get the data, and you should always assume their bruteforcing abilities are way better than a normal attackers, but if the encryption algorithm is good and it's encrypted/decrypted phone-side only, even if they get it it should in theory take them a decently long time to crack it.

After all, there has been at least one case where the FBI for instance gave up trying to crack a password to a computer that was full-disk encrypted and made a court compel the suspect to type in his own passphrase. Sure, you ARE sacrificing a layer of security, but what remains is still substantial.

But yeah, I really really hope they encrypt/decrypt it ONLY phoneside and nowhere else (and are upfront that you are sacrificing a layer of security when using cloud storage). If they fail to do so, then like you say, it is snake oil peddling.

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Absolutely true (your's and impeham's points) - maybe I should be more precise about it. Of course, if you encrypt something on your device (using strong methods), and put it in *encrypted* form somewhere in the net, if should be safe - even if you use "compromised" services, like some google storage.

What concerns me, is "encrypted in the cloud" - it doesn't sound lice normal storage where you put encrypted files, but rather, like some thing that does encrypting on server-side.

But, maybe, I'm just making wrong assumptions here - they're so vague about it, that it may mean ~anything.

/Estel

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

From the information available on their security environment I cannot see there's anything new really, pretty trivial stuff masked with a lot of buzzwords. Nothing new, nothing that I have not implemented myself or could not implement if I so decided, using open source tools.

Nothing there that convinces me they could not implement a nice backdoor for NSA themselves.[*]

And hey, ninjas for godssake, let's put there something now that will sure impress everybody, huh?? :D

[*] There's this basic axiom that you should never trust any security framework that is not transparent to you, and I really mean that. What it boils down to is you have to implement it yourself for best results...

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Yea, that ninja thing is silly. It have as much to encryption, as sofa to electric chair. Unless it actually electroduce user upon entering wrong lock code ;)

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Maybe we can haz a Jolla "other half" devoted to all things crypto-related? ;-P

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

Actually, I think a ninja is quite appropriate. The main characteristic of a ninja is not karate or whatever cr@p Hollywood is selling, but leaving no trace. Many ninjas multiple identities, sometimes complete with two families that did not know about each other, all part of the plan to be able to disappear at a drop of a hat.

That does not make any of the points raised in this thread any less relevant, of course. Quite the opposite. Entrusting your sensitive data to the "secure" cloud? "Hey, NSA, pichlo has some sensitive data *here*!"

Re: Indiegogo: "super-encrypted Quasar IV superphone"
 

ROFL, secure cloud storage.