tptacek

Jesse Hertz, one of the authors of the audit report and presumably the lead of the project, is fantastic. But this is an extremely silly story. Random messaging apps have security audits like these all the time. What does it mean to "pass" one? I don't know, and I cofounded the team Jesse works for!

The more interesting story here is about OTF. OTF is an offshoot of Radio Free Asia and is funded directly by Congress. For the past 5 years or so, they've been funding audits of all the open source crypto applications, from Signal to Cryptocat (don't use Cryptocat).

I'm surprised I don't hear nice things about OTF more often. They're doing more to improve consumer crypto security than a lot of other organizations.

narrowrail
Have you never been paid to 'audit' the code and/or architecture of a company's operations? It's not my forte, but I assumed some process of the sort was occurring.

Anyway, beyond OTF, do you have any opinion on Ricochet (the project theoretically under discussion), it seems to be a project with admirable goals and an interesting take (though I'm not interested in 'real-time' messaging):

https://github.com/ricochet-im/ricochet