TextSecure

Forums Submissions Held TextSecure

This topic contains 84 replies, has 36 voices, and was last updated by  optimumpro 10 months, 3 weeks ago.

Viewing 15 posts - 16 through 30 (of 85 total)
  • Author
    Posts
  • #8402

    daithib8
    Member

    I didn’t actually fork it, rather just made a patch that changed package id after compiling and changed all references to TextSecure. I called the recipe (in fdroiddata on gitorious/f-droid) org.fdroid.chatsafe. Chat was a bad choice as it’s used generally for XMPP chat. Also for building in your own repo, better change the package name with a script like K-9 use and which we use in some apps (e.g. K-9 itself). There was only two tiny changes to the source code and all the rest was resources. I guess that would need tweaking from version to version and rebasing or something.

    I’m sure it will be using Google for push notifications soon and maybe that will involve proprietary libraries (though it hasn’t in the case of RedPhone).

    #8422

    heyheyhey
    Member

    This is what Moxie wants.
    https://github.com/WhisperSystems/TextSecure/issues/127

    A built in crash reporting solution with a web interface that allows us to visualize crashes and sort by app version, device type, etc. This is essential for producing stable software.

    A built in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, android version, and carriers for our users. This has been crucial in shaping support and development direction.

    A built in auto-update solution. Fully automatic upgrades won’t be possible outside of Play Store, but we at least need something that will annoy the hell out of users until they upgrade. This is necessary for ensuring that new security features and bug fixes can be propagated quickly.

    A build system that allows us to easily turn these features on and off for Play and non-Play builds. Gradle should make this easier.

    Basically he wants detailed crash reports, detailed statistics, auto updating and some kind of check if somebody is running play or non-play build.

    I think these are reasonable requests. These kind of things ARE needed to improve apps and keep users up to date.
    Since textsecure and redphone are both free software they can be forked if you don’t want to deal with Moxie though.

    I think textsecure and redphone are great, because they are like gpg. They apply security to that one communication channel everybody uses. It used to be email and now texting plus calling.

    However, Moxie doesn’t seem to follow the values of free software as much as us.
    He doesn’t feel like having to install the play store to use his app is unreasonable.
    While for us installing anything proprietary is annoying and a potentional security risk.

    #8423

    daithib8
    Member

    Its probably reasonable to want crash reporting since there would be problems depending on the different cell operators. F-Droid can’t provide those reports unless it is a system/root app and probably wouldn’t do a better job then preexisting libraries like acra or jira connect.

    F-Droid can’t provide useful stats without tracking users.

    F-Droid already does a good job at showing updates and would be probably better than Google Play for manual updates.

    He wouldn’t be looking to check what version one is using, rather he’d want an easy way to build variants.

    #8433

    I really appreciate Moxie’s work, but I don’t really care what he wants as far as distribution through the play store. He’s sacrificing privacy and security for developer convenience here. So, yay GPL!

    I did see some talk about using push services, though, which makes this whole application much less attractive to me. I probably won’t want to use it if that ends up being the case, but we’ll see what happens I guess.

    I’ll get something set up in the next few days or maybe over the weekend to keep a fork synced up to github.com/WhisperSystems/TextSecure/ and let you guys know where to find it.

    #8435

    daithib8
    Member

    I say F-Droid does a good job at showing updates but that’s only true if one uses the client. I’d prefer if the web repo was hidden away or something.

    #9092

    usefulcrew
    Member

    Its sad to see Moxie being difficult like this. https://github.com/WhisperSystems/TextSecure/issues/127

    Looks like I’ll just have to compile it myself at this rate…

    #9096

    usefulcrew
    Member

    Moxie says that Redphone relies on GCM and textsecure will probably too soon.

    https://github.com/WhisperSystems/TextSecure/issues/127#issuecomment-13339504
    However, this documents says otherwise.

    http://cryptocall.org/thesis.pdf
    And on my device I can still choose to signal with SMS.
    Plus, as far as I can tell, Textsecure doesn’t require GCM.

    If they both did require GCM (which they don’t), you’d need proprietary gapps.

    #9097

    daithib8
    Member

    Also whatever SMS app he’ll submit to CyanogenMod, it’s unlikely it will require Gapps, but I haven’t heard much about that since it was first announced.

    So Redphone doesnt require Gapps but it does use a proprietary server for key exchange I.e. over SMS.

    However, if it is rebranded for inclusion in F-Droid, it isn’t clear how his proprietary software would deal with requests, and whether some user agent rebranding should be done.

    #9898

    His cyanogenmod integration has finally been released.

    https://whispersystems.org/blog/cyanogen-integration/

    Though there are some security concerns…

    http://forum.xda-developers.com/showpost.php?p=48486872&postcount=8
    https://github.com/koush/PushSms/issues/2

    Still, some security is better than none, right?
    And moxie is still against f-droid http://www.reddit.com/r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdyfxhm

    #10499

    jvs
    Member

    It seems there is a new version with many improvements available: https://whispersystems.org/blog/the-new-textsecure/

    The app seemingly has changed a lot since it was ousted from F-droid. Is there any reason other than Moxie’s attitude towards F-droid for not including it? The app seems very useful and since it’s released under the GPL, the author has no say in whether F-droid wishes to include it or not.

    #10510

    JKAbrams
    Member

    I would love to see a real secure and polished messaging application in F-Droid.

    This is what I get on a phone running CM 9.1 (after downloading the .apk via this service http://apps.evozi.com/apk-downloader):
    “Sorry, this device is not supported for data messaging. Devices running versions of Android older than 4.0 must have a registered Google Account. Devices running Android 4.0 or newer do not require a Google Account, but must have the Play Stora app installed.”

    I guess this is because TextSecure is using the Google push service for delivering data based messages, and so you’ve got to have Google’s proprietary services running in the background in order for TextSecure to work and that’s a dealbreaker for me. TextSecure does however work for encrypting SMS-messages, even without Google’s services.

    Now maybe this is a bit of tropic, but is anybody working on a truly open system for “push”* notifications on mobile phones? If so, such a system would be a perfect pair with TextSecure, kind of the only piece missing.

    * From my understanding. what is called “push” is in reality frequent polling by the device as true server initiated connections are blocked at the service provider level. (Please correct my if I’m wrong.)

    • This reply was modified 3 years, 2 months ago by  JKAbrams.
    #10512

    jvs
    Member

    I get the same message as JKAbrams running the latest version, 2.0.2. Using Textsecure for normal text messages still works.

    In case anyone wants to try, this is how I compiled TextSecure:

    Download the latest Textsecure release from https://github.com/WhisperSystems/TextSecure/releases and unpack it somewhere

    Installing Java (Trisquel/Debian/Ubuntu):
    sudo apt-get install libsdl1.2debian openjdk-6-jdk
    #On AMD64 systems
    sudo apt-get install ia32-libs

    Configuring the SDK:
    Download ADT bundle and extract it somewhere. You can find it on https://developer.android.com/sdk/index.html
    In the ADT directory, run sdk/tools/android
    Under extra, select Android Support Repository and install it.

    Now execute keytool -genkey
    Fill in a password and the other details and answer yes to confirm.

    Go to where you downloaded Textsecure and make a file local.properties which points the build system gradle to your SDK:
    sdk.dir=/path/to/adt-bundle-linux-x86_64-20131030/sdk

    Execute ./gradlew build –info

    If building is successfull, you will find the APK in build/apk. To install it on your phone you have to sign it with the key we made using keytool.
    jarsigner TextSecure-2.0.2-release-unsigned.apk mykey

    You can now install the apk on your phone.

    #10555

    optimumpro
    Member

    Stay away from this development, as developer’s behavior suggests more and more that development is compromised. He has recently introduced CGM, which means that everyone who uses textsecure will go to Google (think NSA) centralized database. Now, in the latest release, the dev has removed the ability of the user to regenerate new identity key. I am sure he had in mind “security of users.” In the last several releases, the app would crash unless given internet access. That is even if you compile the app from source, which I did just about an hour ago. If you download the app from Googleplay, you would have to have google account and GSF to use it. For those who don’t know what GSF is: it is malware/spying application that records everything you do with your device and regularly calls home, i.e. transmits everything to Google servers. That everything includes your password to open the app and which is used to encrypt your messages.

    The code is growing larger and more difficult to examine for back doors. My opinion: F-droid was right to delete this app forever. This developer is dirty (in my view). Stay away… and perhaps look at tinfoil sms or other replacement.

    • This reply was modified 3 years, 2 months ago by  optimumpro.
    #10593

    ka223
    Member

    I search the web for several hours for a messaging client with end-to-end, asynchron encrypted chats and encrypted group chats and only found textsecure.

    After I search this app at F-Droid I found this thread and the GM … crap.

    I do not what I shoud use now, found no other open source messeger with this functionality.

    So … which one is the right one?

    • This reply was modified 3 years, 2 months ago by  ka223.
    #10596

    floet
    Member

    There is a MR pending for Textsecure – see https://gitorious.org/f-droid/fdroiddata/commit/d9139bddd1a4ceb824d0d2b162f09263a633f4f7 – but the current state of floss messenging is simple: You can have nearly all features, but not on combined in a single messenger.

Viewing 15 posts - 16 through 30 (of 85 total)

The forum ‘Submissions Held’ is closed to new topics and replies.

Posted in