Recently Tungsten Messenger (www.tungsten-labs.com) started following me on Twitter. They are a new start-up from Berlin (Germany) interested in creating a new Encrypted Messaging platform. As a security and privacy minded person I am always interested in these kind of things, but something strange happened with looking into Tungsten. Instead of useful info their website gives me only more questions which I want answered. Of course, I immediately seeked contact with them about my questions, but it remains awful quiet from their side and I am not the only one who is waiting for answers. Not a good start in my opinion.
UPDATE: they replied after 5 days. I got the following message: 
"Hi Booy,

We're building an FAQ with answers to all of this. Hold on and you'll get all the answers you need!"
All right, still waiting for answers to my questions. A friend got a reply about Android isn't supported from the beginning. Come on, you can't ignore the biggest platform, you should start with that. I also believe that making a FAQ is the first thing you do, serious potential customers care about technical details and a service like this should distinguish themselves to be interesting. 
Of course I also looked also at their website and some things they are claiming seem to be quite interesting, but claiming can be done by anybody. Another thing I noticed was that this website is far from complete: it only has a landing page, a link to their Twitter, a link to register for Alpha testing (which I did) and a link to their Privacy Policy (later more on that). They give some info about their plan but I wasn't able to find more details. I did ask them the following simple questions: will it be Open Source (both server side as application)? Can you provide more info about the encryption method? Will Linux be natively supported (or will it use a web app)? Is there a roadmap available?
It seems to me that these questions can be answered quite easily, but am still waiting after more then 2 days. Especially with a start-up in encrypted messaging you should expect that the first thing they make (even before making the website) is a decent FAQ. Encrypted Messaging is directly related to trustworthiness and many things needs to be verified. With Tungsten, I am not able to verify anything. Serious issues for a start-up in this area in my honest opinion.
Don't get me wrong: I would love to try Tungsten Messenger. But I care about guarantees when it comes to security and privacy, and Tungsten hasn't the ability to impress me yet. Maybe classical faults for a start-up, I don't know. I even have encrypted contact with my non-technical mother via Signal, but if I want to convince anybody to use a service: I need to explain why that person should use that service.
Like I mentioned in the beginning, the Privacy Policy: 
https://tungsten-labs.com/privacy-policy
How can a company which also focusses on privacy be taken serious with this policy?! Everybody who reads it should be able to tell what is wrong with it. I was doubting about a rant but decided it is needed.

"5

NOTIFICATION OF CHANGES

This Privacy Policy may change from time to time. You agree to review this Privacy Policy regularly to be aware of any changes. You also agree that your continued use of our Site after changes become effective constitutes your acceptance of the revised Privacy Policy."

Come on Tungsten, if you want to gain trustworthiness you should be actively informing your customers about policy changes. Focus on privacy by default and design please. This is ridiculous.

"4 DO WE SHARE YOUR PERSONAL INFORMATION?4.1
We may use Tungsten Labs UG’s affiliates and/or third party service providers for analytics, development services and other services. To the extent applicable, we require these entities to comply with this Privacy Policy.
4.2
Third Party Features may collect information about you while using our Website. This Privacy Policy does not cover the information practices of third party websites or applications and we are not responsible for their collection and use of your personal information.
i. Google Analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of www.tungsten-labs.com, www.gettungsten.com, www.tungstenapp.com, www.tungsten-labs.io, www.tungstenlabs.io to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network. Personal data collected Cookie and Usage Data. Place of processing USA. Find Google's privacy policy here.
II. Conversion Tracking Pixel service of Facebook Inc. allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data are saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes.
III. Conversion Tracking service of Twitter Inc. records if a user of our website clicks on a link posted by Twitter. In this way, both we and Twitter can see if a registration has taken place. The identity of the user remains anonymous. In addition, we use Twitter’s Tailored Audiences service. This enables us to appeal to our website’s users with targeted advertisements. To do this, Twitter uses a code snippet (tag) which we have integrated into our website. No personal data are collected during this process. Tailored Audiences is also used to create lookalike targeting lists.
Find Twitter’s privacy policy here. You can adjust your privacy settings for tailored advertisements here. Twitter also supports “Do Not Track” (DNT). If you have activated this option in your browser, Twitter will not receive any browser-related information from web partners in order to tailor their advertisements to you.
IV. MailChimp, for the purposes of email distribution, gathers statistics around the opening of emails, link clicks etc., to help us monitoring and improving our service. Find Mailchimp’s privacy policy here."

Come on Tungsten, are you sure you want to be in this business? Regarding your Privacy Policy I think you need to reconsider things. A company who wants to provide secured and private communication service should have a different policy.

Should I recommend you? Definitely not for now. Am I open to hear your side of the story? I would love that.

Don't see this as an attack, I am just a serious person when it comes to security and privacy. 

Please Tungsten, if you want to be taken serious in encrypted communication business you need to improve things.


Also a good read: http://www.zdnet.com/article/twitter-abandons-do-not-track-privacy-protection/