As tptacek explained very well yesterday, this is not the way crypto systems are built:
> Be honest with yourself. Crypto doesn't get beta-tested into resiliency. Strong systems start out strong. If you're building something because its your dream to thwart the NSA, don't kid yourself into thinking that you'll get there by first protecting people's Warcraft clans.
Yes, and don't forget that if the NSA gets direct access (by threat, payment or persuasion) to their infrastructure these bold statements mean null. Secure communication will NOT be centralized.
One man's beta-testing is another man's peer review. They are fundamentally the same process, so - sure, you can iterate your crypto design into a better shape by releasing a production app and attracting the reviewers by making over-the-board marketing claims. It's certainly more conventional to request feedback during the design phase, but it doesn't mean that doing it ass-backwards is not an option. In the end it's the underlying motivation that matters.
Requesting feedback when the app is released to the masses and they actually believe that it's secure and doesn't send out their ___location data in clear text can have huge consequences, much larger than a small visual bug in an app. It is a core flaw in what they're promising, and you can't iterate over that. How about if a bank did that with their login system? Iterating over fatal bugs and exposing all of their customers to attack? The loss of credibility and fines would quickly put them out of business.
> Be honest with yourself. Crypto doesn't get beta-tested into resiliency. Strong systems start out strong. If you're building something because its your dream to thwart the NSA, don't kid yourself into thinking that you'll get there by first protecting people's Warcraft clans.
(https://news.ycombinator.com/item?id=6961260)