35-545: Open Whisper Systems (abbreviated OWS ) was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under
70-662: A Chrome app that could link with a Signal client. At launch, the app could only be linked with the Android version of Signal. On 26 September 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of Signal as well. On 31 October 2017, Open Whisper Systems announced that the Chrome app was deprecated . At the same time, they announced the release of a standalone desktop client for certain Windows, MacOS and Linux distributions. On 4 October 2016,
105-601: A collaborative open source project for the continued development of TextSecure and RedPhone. Marlinspike launched Open Whisper Systems' website in January 2013. In February 2014, Open Whisper Systems introduced the second version of their TextSecure Protocol (now Signal Protocol ), which added end-to-end encrypted group chat and instant messaging capabilities to TextSecure. Toward the end of July 2014, Open Whisper Systems announced plans to unify its RedPhone and TextSecure applications as Signal . These announcements coincided with
140-426: A firewall and tools for encrypting other forms of data. In November 2011, Whisper Systems announced that it had been acquired by Twitter . The financial terms of the deal were not disclosed by either company. The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security". Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable. Some criticized
175-502: A flight from the Dominican Republic in 2010, Marlinspike was detained by federal agents for nearly five hours, all his electronic devices were confiscated, and at first agents claimed he would only get them back if he provided his passwords so they could decrypt the data. Marlinspike refused to do this, and the devices were eventually returned, though he noted that he could no longer trust them, saying, "They could have modified
210-606: A man-in-the-middle attack. In 2011, the same vulnerability was discovered to have remained in the SSL/TLS implementation on Apple Inc. 's iOS . Also notably, Marlinspike presented a 2009 paper in which he introduced the concept of a null-prefix attack on SSL certificates. He revealed that all major SSL implementations failed to properly verify the Common Name value of a certificate, so that they could be tricked into accepting forged certificates by embedding null characters into
245-488: A partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform. Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon after. WhatsApp confirmed the partnership to reporters, but there
280-726: A remote appearance at an event hosted by Ryerson University and Canadian Journalists for Free Expression , in March 2015. Asked about encrypted messaging apps during a Reddit AMA in May 2015, he recommended "Signal for iOS, Redphone/TextSecure for Android". In November 2015, Snowden tweeted that he used Signal "every day". In October 2014, the Electronic Frontier Foundation (EFF) included TextSecure, RedPhone, and Signal in their updated Surveillance Self-Defense (SSD) guide. In November 2014, all three received top scores on
315-456: A user. He also announced the release of a tool, sslstrip , that would automatically perform these types of man-in-the-middle attacks. The HTTP Strict Transport Security (HSTS) specification was subsequently developed to combat these attacks. Marlinspike has discovered a number of different vulnerabilities in popular SSL implementations. Notably, he published a 2002 paper on exploiting SSL/TLS implementations that did not correctly verify
350-428: Is a former head of the security team at Twitter and the author of a proposed SSL authentication system replacement called Convergence . He previously maintained a cloud-based WPA cracking service and a targeted anonymity service called GoogleSharing. Marlinspike began his career working for several technology companies, including enterprise infrastructure software maker BEA Systems Inc . In 2010, Marlinspike
385-632: Is a project rather than a company, and the project's objective is not financial profit." News media outlets later described Open Whisper Systems as a "non-profit software group" while the project was not registered as a non-profit organization . Between 2013 and 2016, Open Whisper Systems received grants from the Shuttleworth Foundation , the Knight Foundation , and the Open Technology Fund . Signal Messenger
SECTION 10
#1732791171582420-512: The American Civil Liberties Union (ACLU) and Open Whisper Systems published a series of documents revealing that OWS had received a subpoena requiring them to provide information associated with two phone numbers for a federal grand jury investigation in the first half of 2016. Only one of the two phone numbers was registered on Signal, and because of how the service is designed, OWS was only able to provide "the time
455-555: The Bahamas while making a " video zine " about their journey called Hold Fast . He is also an anarchist , and several of his essays and speeches are published on the website The Anarchist Library , including "An Anarchist Critique of Democracy" and "The Promise of Defeat." Google Chrome Apps Too Many Requests If you report this error to the Wikimedia System Administrators, please include
490-489: The X.509 v3 "BasicConstraints" extension in public key certificate chains. This allowed anyone with a valid CA-signed certificate for any domain name to create what appeared to be valid CA-signed certificates for any other domain. The vulnerable SSL/TLS implementations included the Microsoft CryptoAPI , making Internet Explorer and all other Windows software that relied on SSL/TLS connections vulnerable to
525-508: The pseudonym Moxie Marlinspike , is an American entrepreneur , cryptographer , and computer security researcher. Marlinspike is the creator of Signal , co-founder of the Signal Technology Foundation , and served as the first CEO of Signal Messenger LLC . He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp , Google Messages , Facebook Messenger , and Skype . Marlinspike
560-811: The CA problem, to the Internet Engineering Task Force . In 2012, Marlinspike and David Hulton presented research that makes it possible to reduce the security of MS-CHAPv2 handshakes to a single DES encryption . Hulton built hardware capable of cracking the remaining DES encryption in less than 24 hours, and the two made the hardware available for anyone to use as an Internet service. In 2013, Marlinspike published emails on his blog that he claimed were from Saudi Arabian telecom service Mobily soliciting his help in surveilling their customers, including intercepting communications running through various applications. Marlinspike refused to help, making
595-605: The CN field. In 2011, Marlinspike presented a talk, "SSL And The Future Of Authenticity", at the Black Hat security conference in Las Vegas . He outlined many of the problems with certificate authorities and announced the release of a software project called Convergence to replace them. In 2012, Marlinspike and Perrin submitted an Internet Draft for TACK, which is designed to provide SSL certificate pinning and help solve
630-760: The EFF's Secure Messaging Scorecard, along with Cryptocat , Silent Phone , and Silent Text . They received points for having communications encrypted in transit, having communications encrypted with keys the providers don't have access to ( end-to-end encryption ), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen ( forward secrecy ), having their code open to independent review ( open source ), having their security designs well-documented, and having recent independent security audits. On 28 December 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which
665-673: The NSA deemed RedPhone on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, Tor , Tails , and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..." Over its five-year existence from 2013 to 2018, the Open Whisper Systems group managed multiple projects, which included: Some of these projects were discontinued or merged into other projects: Moxie Marlinspike Matthew Rosenfeld , better known by
700-554: The Signal Protocol for end-to-end encryption. In October 2016, Facebook deployed an optional mode called "secret conversations" in Facebook Messenger mobile apps which provides end-to-end encryption using an implementation of the Signal Protocol. In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android. A month later, Open Whisper Systems announced Signal Desktop,
735-599: The announcement, Acton is the foundation's executive chairman and Marlinspike continued as CEO of Signal Messenger. The Freedom of the Press Foundation agreed to continue accepting donations on behalf of Signal while the Signal Foundation's non-profit status was pending. The Signal Foundation became officially tax-exempt in February 2019. In May 2014, Moxie Marlinspike said that "Open Whisper Systems
SECTION 20
#1732791171582770-478: The app as an alternative to WhatsApp. Musk doubled down stating he had financially supported Signal in the past and that he will continue to do so. In addition to other platform mass migrations, Signal saw a large influx of new users and user donations. Former NSA contractor Edward Snowden endorsed Open Whisper Systems applications, including during an interview with The New Yorker in October 2014, and during
805-473: The emails public instead. Mobily denied the allegations. "We never communicate with hackers", the company said. Marlinspike says that when flying within the United States he is unable to print his own boarding pass , is required to have airline ticketing agents make a phone call in order to issue one, and is subjected to secondary screening at TSA security checkpoints. While entering the U.S. on
840-428: The formation of the Signal Technology Foundation and its subsidiary, Signal Messenger LLC. Marlinspike served as Signal Messenger's first CEO until stepping down on January 10, 2022. In a 2009 paper, Marlinspike introduced the concept of SSL stripping, a man-in-the-middle attack in which a network attacker could prevent a web browser from upgrading to an SSL connection in a way that would likely go unnoticed by
875-414: The hardware or installed new keyboard firmware." Originally from the state of Georgia , Marlinspike moved to San Francisco in the late 1990s at age 18. The name Moxie Marlinspike is an assumed name partly derived from a childhood nickname. Marlinspike is a sailing enthusiast and master mariner . In 2004, he bought a derelict sailboat and, with three friends, refurbished it and sailed around
910-659: The independent 501c3 non-profit Signal Technology Foundation . Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation. Security researcher Moxie Marlinspike and roboticist Stuart Anderson co-founded a startup company called Whisper Systems in 2010. The company produced proprietary enterprise mobile security software. Among these were an encrypted texting program called TextSecure and an encrypted voice calling app called RedPhone. They also developed
945-534: The initial release of Signal as a RedPhone counterpart for iOS . The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client. Signal was the first iOS app to enable easy, strongly encrypted voice calls for free. TextSecure compatibility was added to the iOS application in March 2015. On 18 November 2014, Open Whisper Systems announced
980-685: The removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the 2011 Egyptian revolution . Twitter released TextSecure as free and open-source software under the GPLv3 license in December 2011. RedPhone was also released under the same license in July 2012. Marlinspike later left Twitter and founded Open Whisper Systems as
1015-601: The same way". On February 21, 2018, Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Foundation , a 501(c)(3) non-profit organization whose mission is "to support, accelerate, and broaden Signal’s mission of making private communication accessible and ubiquitous." The foundation was started with an initial $ 50 million in funding from Acton, who had left WhatsApp's parent company Facebook in September 2017. According to
1050-433: The then-startup improve its security". During his time as Twitter's head of cybersecurity, the firm made Whisper Systems' apps open source . Marlinspike left Twitter in early 2013 and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone. At the time, Marlinspike and Trevor Perrin started developing the Signal Protocol , an early version of which
1085-481: The user’s account had been created and the last time it had connected to the service". Along with the subpoena, OWS received a gag order requiring OWS not to tell anyone about the subpoena for one year. OWS approached the ACLU, and they were able to lift part of the gag order after challenging it in court. OWS said it was the first time they had received a subpoena, and that they were committed to treat "any future requests
Open Whisper Systems - Misplaced Pages Continue
1120-400: Was first introduced in the TextSecure app in February 2014. In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as Signal . Between 2014 and 2016, Marlinspike worked with WhatsApp , Facebook , and Google to integrate the Signal Protocol into their messaging services. On February 21, 2018, Marlinspike and WhatsApp co-founder Brian Acton announced
1155-458: Was initially funded by donations through the Freedom of the Press Foundation , which acted as Signal Messenger's fiscal sponsor while the Signal Foundation's non-profit status was pending. The Signal Foundation is officially tax-exempt as of February 2019. In January 2021, the tech billionaire Elon Musk tweeted his support for the Signal app with two words "Use Signal", showing his favor for
1190-474: Was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined. On 5 April 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys. In September 2016, Google launched a new messaging app called Allo , which features an optional "incognito mode" that uses
1225-435: Was the chief technology officer and co-founder of Whisper Systems , an enterprise mobile security startup company. In May 2010, Whisper Systems launched TextSecure and RedPhone . These were applications that provided end-to-end encrypted SMS messaging and voice calling, respectively. Twitter acquired the company for an undisclosed amount in late 2011. The acquisition was done "primarily so that Mr. Marlinspike could help
#581418