Case Study – Michael Rucker

"Brosix just encrypts everything right out of the box without complicated configuration which only confuses less knowledgeable users."

Michael Rucker

Brosix Security

I have talked to a lot of my friends in the tech community about Brosix. Some of them were very positive, and have become users. What I like about Brosix is all communication is completely encrypted at AES 256 bits. I know that if someone is running a packet sniffer on one of your servers it will not do them any good. That is taking into account there are no back doors in Brosix. I like the ability of communicating by private networks. Public networks are designed for collecting data about their users, and are largely insecure.

The Challenge

I have used OTR in the past, but less knowledgeable users did not understand the concept of OTR. They felt intimidated when trying to setup OTR. This is a problem because many of them will choose to use insecure communication to avoid having to fool with the inconvenience of configuring what they believe to be complicated software. It is also for this reason that I have choosen to use Brosix.

The Solution

Brosix just encrypts everything right out of the box without complicated configuration which only confuses less knowledgeable users.

The Conclusion

I do really enjoy the software, and it has really worked well for me. I have found nothing else that encrypts all communication like Brosix does.

Questions

I think my friends that are skeptical were most concerned about back-doors in Brosix, and concerned about how long data is stored on your severs since I think some of them were looking for anonymity also.

  1. How long before unused accounts are purged?
  2. Also what information is collected about accounts on your servers, and how long is it stored after accounts have been purged or deleted?

I did not see those details in your privacy policy. I know by law depending on the country in which one operates you are required to store IP addresses, and time stamps for 6 months to a year. Some countries do not even require this information be stored at all.

Answers from Brosix

All communication channels are direct, peer-to-peer, between the users and are not routed through Brosix servers. In some cases, if user firewalls do not allow direct connection, data is routed through Brosix servers. In these rare cases, the channels through the servers are built in a way that Brosix cannot decrypt and see the user data that flows.

Exception of this rule is text messages. They always go through Brosix servers and are kept in server RAM for few milliseconds. If the recipient is currently offline, the message is stored for later delivery. If the message is not delivered in the next 10 days it is completely deleted.

Unused accounts are not purged. The user can get back and use his/her account at any time later. The user has full control and can remove all personal data from his/her account at any time and this way leaving the unused account empty.

We do not collect information about our users. The only information we have is the one that users provide themselves in their profile. Every user can change/delete this information at any time.

Brosix has no backdoors. You can find more information here:
http://blog.brosix.com/brosix-is-100-clean/