Trust Speakeasy, not its staff
At Speakeasy HQ, there is no-one going through your messages, looking for the rude bits and laughing at you. We won't collect blackmail for when you enter politics. We won't sell your chats in ten years' time to an HR company that's screening you for a job.
You can be sure of this with Speakeasy, because we encrypt your messages end-to-end. From the moment before a message leaves your phone, to the moment after it arrives on your friend's, the message is encrypted with time-proven OpenPGP encryption.
Even if we wanted to, we couldn't read your messages.
On the other hand, eavesdropping is entirely possible with chat options like Facebook, Google, SMS, Snapchat, Kik and the like, because the messages are decrypted on their servers, where data miners, governments and corrupt employees can get to them. And with Speakeasy, unlike with iMessages, Whatsapp, and Blackberry Messenger, you don't need to blindly trust that we're doing things competently and honestly with no backdoors—we'll be open source from launch.
That said, no security is perfect. If you think that the US/Chinese government or other powerful bodies will target you specifically, e.g. if you're a dissident, terrorist or child pornographer, then you probably shouldn't be relying on Speakeasy. Hell, you probably shouldn't even be using a mobile phone. (Or be breathing, if you're a terrorist or into child porn...)
Speakeasy aims to provide an opt-out from mass surveillance, not targeted surveillance.
While your message is in transit to your friend, we think it's pretty secure. The weakest points of Speakeasy are you, your friend, and your phones. If any of these ever get hacked, then it's game over for hiding what you're talking about.
So if you want to opt-out of mass surveillance of your message contents, we think Speakeasy is good enough. We think that even for the US government they would be hard to decrypt. Your messages will probably still go into the NSA's giant database, but in a form that can't be data mined for their content. But if you are an important target, then your adversaries will spend the extra time and effort to hack your or your friend's phone.
What we don't offer you (yet!) is anonymity. We only see your phone number in hashed form, but we can tell how many messages you are sending and to which users you are sending them. We won't sell this data, but the government is probably collecting it anyway. Also, if we are legally obliged to give a copy to someone, then we will. We are thinking about adding anonymity (using TOR), but this is a hard problem, and we want to develop a full feature set first.
Tips for using Speakeasy securely
- Check your contact's fingerprints
- Be careful with your phone backups
- Find a trustworthy phone and phone OS!
PGP implementation by Spongy Castle (rebadged Bouncy Castle)
Encrypting key: 2048-bit ElGamal, <2 month rotation
Signing key: 1024-bit DSA, 1 year rotation
Session key: CAST-5
Message protocol is pretty much XMPP/Jabber. The message payload is wrapped in a little extra XML that includes a separate timestamp, which is encrypted and signed.
Speakeasy silently ignores incorrectly encrypted/signed messages, or messages from unknown sources.
Not a walled garden
We're sick of all these chat services out there that require everyone to download an app specifically for that service. That's why we made yet another chat service! But we specifically chose not to be a walled garden. We're based on XMPP/Jabber, using standard encryption protocols. If you write a chat app and want your users to be able to talk to Speakeasy's users, then come on in.
This may change, particularly before launch.
|What we collect||Why we collect it||How we protect it|
|Your phone number (optional)||To let your friends find you automatically||Hashed1 before upload|
|Your contacts' phone numbers (optional)||To get their username and public key||Hashed1 before upload, and not stored on our servers|
|Your message contents||To pass it to your friend||Do you really have to ask at this point? It's PGP encrypted before being sent to our servers, and only your friend has the key. We delete the encrypted messages once they're delivered.|
|Your message metadata—who you're messaging and when||Our mostly-standard XMPP server requires these details to do its job||Before launch, we're not protecting your metadata from ourselves, or from legal authorities that compel us. We are of course protecting it from casual observers by SSL encrypting the traffic (with a specified self-signed certificate), and not giving it away. Once we're happy with how the service is operating, we plan to turn logging off. Stay posted.|
|Your XMPP username (if supplied)||To deliver messages to you, and help others find your public key||We don't protect it—we publish your public key on the SKS keyservers linked against your username.|
1There aren't that many phone numbers out there, and we need the slowest phone to be able to hash hundreds of numbers quickly. Therefore, it is feasible to obtain your phone number from this hash. If you're not comfortable with this, then don't upload your phone number. The worst case possibility is that our servers get hacked: the hackers could then obtain a list of phone numbers of people that use Speakeasy.