rhodey
commented
10 years ago @zmanian the security model is definitely different than TextSecure or Redphone (or Signal) but it seems like you have the right idea :)
I expect that most confusion over Flock arises when people try to relate it to existing Open Whisper Systems projects. Unlike TextSecure, Flock considers the Android device it is running on to be trusted. The reason for this difference is basically that contacts and calendars are integrated more into the Android OS than messaging is. If we wanted Flock to have the same security model as TextSecure we would need to replace the default contacts and calendars applications and integration with any 3rd party apps would be impossible. Also the user would need to provide a passphrase on boot or something.
With Flock (and all apps really) we want two things:
- data secure in transit
- data secure while at rest
Flock definitely covers the first, we decided to leave the second up to the OS and we think it's close. Modern versions of Android support encryption natively so that's great, the only remaining heartache is Android's permissions system. Early releases of KitKat included a permissions management UI much like that in Cyanogenmod-- then Google took it out. I think that users of Flock running Cyanogenmod have exactly what we want and that users of vanilla or manufacturer "skinned" Android will soon have the same.
Also, obligatory hype: as soon as someone does "secure webmail" (or some derivation) correctly we can easily integrate Flock and provide a true Gmail replacement. The overarching idea is that If we can mirror the functionality of the privacy invading cloud with a privacy preserving cloud then the former will go out of style.
zmanian
I had a bit of trouble figure out where Flock fits in Restore the Fourth's promotion of encryption and security tools. The description talks a lot of about what Flock does but not why Flock is important. @moxie0's post on the Whisper System's blog seems to focus mostly on the longer term goal of providing end to end encrypted alternative to Google's portfolio of sync services.
Here is a shot at explaining the why of Flock.
Flock allows you use the standard calendar and address book on your Android phone to create calendars and contacts that are only accessible on your personal devices and not to third parties. Flock also provides reassurance this information is backed up if your device is lost or stolen. Your address book/ calendar contain private information of interest to adversaries great and small. We know from the Snowden documents that the surveillance state places particular emphasis on obtaining address books and contact lists.
Flock is a useful tool for journalists maintain contact information for sources, lawyers maintaining contact information for sources, doctors keeping track of their schedule with patients. Virtually everyone has relationships and appointments that deserve an additional layer of privacy protection. Flock make it seamless for users to get a higher level of protection.