TextSecure

Forums Submissions Held TextSecure

This topic contains 84 replies, has 36 voices, and was last updated by  optimumpro 10 months, 3 weeks ago.

Viewing 15 posts - 31 through 45 (of 85 total)
  • Author
    Posts
  • #10598

    blackteesss
    Member

    Awesome floet, hopefully everything works out and the days of me manually downloading the apk and installing it are over.

    By the way, whisperpush does actually require gapps.

    https://pay.reddit.com/r/cyanogenmod/comments/1yvuzx/will_the_new_textsecure_be_a_part_of_cm/

    #10600

    JKAbrams
    Member

    optimumpro: Oh, that is discouraging. But I appreciate the heads up, thanks. Yes, I did read about GSF and I share your view. It is becoming painfully obvious that the whole Open Source Android Project was a big bait and switch. I’ve been too naïve.

    floet: the current state of floss messenging is simple: You can have nearly all features, but not on combined in a single messenger.

    Seems like you know the field, how would what’s available map out to the following features:
    (a list of the features I care about)

    Inftrastructure:
    * Floss
    * Trusted network (ie not run by Facebook, Skype, …, NSA)
    -might be able to use a non trusted network as long as the client is not made by them and the data is encrypted/decrypted client-side (the metadata-game seems to be hopelessly lost in the current technology paradigm, use telecom > metadata is tracked)

    Main features:
    * Plain text messages (internet based)
    * Encryption (perfect forward secrecy)
    * Push messages (to not have to open the application to see if there is a new message)
    * Background messages (to not have to remember to start the application to receive messages)
    * Off-line messages
    * Sending images (not really needed, but useful)
    * Novice friendly/simple interface (to be able to talk to others)

    Anti-features:
    * Not dependant on Google Services, GCM or GFS

    Availability:
    * In F-droid repo
    * In Google Play Store (again, if I can’t contact my friends it’s not much point… This is however also a security risk as Google could tamper with the application, I’m sure they have thought about providing custom applications for targeted DeviceID’s, not sure if they actually do but it would be hard to discover.)
    * In Apple Appstore
    * In Windows Phone Store (or wherever WP-users get applications from)
    * As a PC client

    Dream on:
    * Metadata-safe (Ledar Levison has said he’s working on a metadata-safe emailing system, might perhaps be possible using TOR? at least throughput won’t be a problem)

    A few messageing applications I’m aware of: TextSecure, GibberBot, WhatsApp, Viber, Threma, not yet released: Hemlis (https://heml.is)

    #10602

    ka223
    Member

    I am only interested in messaging over internet with end-to-end, asynchron encrypted chats and encrypted group chats.

    … and this is not possible without GSM:
    “It is only necessary for “pushing” message through the internet instead of the GSM network.”

    @floet
    If you say “but not on combined in a single messenger” which messenger do you mean as secondary?

    • This reply was modified 3 years, 2 months ago by  ka223.
    • This reply was modified 3 years, 2 months ago by  ka223.
    #10609

    optimumpro
    Member

    @jkabrams
    I know only one other app that encrypts sms: tinfoil sms, but it only encrypts messages in transit. And it is not user friendly. As to messaging over the internet, chatsecure/gibberbot is the only secure one and it is available on fdroid. They give you the client and it is up to you to pick a network out of hundreds availabe. These guys have not been obsorbed by n s a yet and judging by their blogs, they have no intention to…

    #10617

    JKAbrams
    Member

    @optimumpro

    These guys have not been obsorbed by n s a yet and judging by their blogs, they have no intention to…

    I read their blog and it says they just got $100 000 from Mr ‘Privacy is dead’ himself, Eric Schmidt.
    https://guardianproject.info/2014/03/10/eric-schmidt-awards-guardian-project-a-new-digital-age-grant/

    #10626

    optimumpro
    Member

    Well. I think this was done for the sake of Google, i.e. to show that this private branch of n s a is not what it actually is, a disgusting, malware producing and spying organization, but rather a “do no evil” consumer friendly privacy worrier. Privacy worrier my foot… . But I will be watching chatsecure and Guardian project for possible problems…

    #10628

    JKAbrams
    Member

    Not saying it is impossible to take the money and run, indeed I have seen nothing to doubt their sincerity. But in the end of the day (or rather in the end of the quarter, as it were) the ones paying the bills seems to also get influence over policy, slowly but surly. Just take a look at the tightrope Mozilla has been walking with regards to Google funding their operation. As with any investment there is always an idea as to how it will be reaped. You may be right that the intended profit is in the currency of goodwill. Goodwill is, to the extent that it exists at all, one of few pure streams of funding for software projects.

    #10629

    JKAbrams
    Member

    With regards to Mozilla it actually looks like they are winning (if one can call it that), as Google shows signs of wanting to stop the money stream (the policy benefits has not paid off enough to justify continued funding). But what a bittersweet victory it will be as their funding dries up. To fill the gap Mozilla is now looking to itself become a advertising agent. Caught between a rock and a hard place they are feeling their way ever so carefully as to not upset their users. This, in essence is among the most important things we have in the libre software community – the users acceptance levels, and it aught to be treated as such and nurtured. If users would not accept bad software, bad software would not be used and consequently it would not be produced. Yes, there is also the question of general lack of knowledge among users, but it is more likely rooted in the economic reality’s of the software market.

    #10630

    optimumpro
    Member

    @jkabrams

    I agree. I just think guardian project is safe for now, the same way I believe earlier versions of textsecure are also safe and so far nothing prevents us from using earlier versions of both. On my end I don’t notice any user benefit in chatsecure as opposed to gibberbot or textsecure 2x as opposed to 0.6… apart from slicker interface.

    #10631

    JKAbrams
    Member

    @optimumpro
    Yeah, thanks for taking the discussion back to the ground 🙂
    Yes, I would bet on it’s current implementation being trustworthy, as for the future, I have my doubts but we’ll see what happens. Acknowledging the difficulties in finding the hidden things (backdoors), my safety-measure is to take policy changes as signs of underlaying changes. It is certainly less than adequate, there will be false negatives (GnuTLS comes to mind) and false positives (these we cannot be sure about until we figure out software proofs and start using them). But it has shown to be a rough estimate.

    #10688

    @jkabrams

    I am rather new to this site (just discovered it a few days ago) so please I apoligize in advance if plugging my own app in this thread is unwanted…. but:

    I saw your wishlist and although I can’t offer all your points I think my own app ‘QuickMSG’ (Its in the submission queue right now) has some features you might like:

    Infrastructure:
    * it uses the existing email infrastructure (IMAP and SMTP), but all messages are PGP encrypted end to end. You could just use an existing email account (e.g. a gmail account).
    * Except for email addresses the mail infrastructure is not exposed to the user at all. The user just has contacts and groups.

    main features:
    * Plain text messages: yes
    * Encryption: yes, by default PGP with 2048 bit RSA
    * Push messages (to not have to open the application to see if there is a new message): Yes, background messages can be pushed using IMAP idle. Without it you will receive them within 5 minutes.
    * Background messages (to not have to remember to start the application to receive messages): Yes, a background retrieval is started automaticly if you have internet connectivity.
    * Off-line messages: Yes, your IMAP server will store them as long as you want.
    * Sending images: yes, images, videos, any other file.
    * Novice friendly/simple interface: I hope so, I tried to avoid all nasty stuff. You just need to provide your imap/smtp servers and account info. (with an example for gmail on the website)

    Anti-features:
    * none that I know of

    Availability:
    * In F-droid repo: in submission queue
    * In Google Play Store: not yet, maybe later (don’t have an account yet)
    * In Apple Appstore: no
    * In Windows Phone Store: no
    * As a PC client: I have a linux command line client…. but it is more for testing and maybe scripting.

    Regards,
    Jeroen

    #10689

    JKAbrams
    Member

    @jeroenvreeken

    A very interesting approach!

    Please correct me if I’m wrong, as I read it that means the IMAP idle command represents a (today usable) push-channel that can be used completely without relying on Google services (when one hosts ones own IMAP server).
    Out of curiosity, how does this push-channel compare to Googles push-channel, from a developers perspective, in terms of latency (end to end), quirks or other issues?

    Sending files is a really cool feature, too.

    #10690

    @jkabrams

    Yes, basicly you send an IDLE request to the IMAP server which will return when the mailbox changes.
    Pretty much all IMAP servers understand it these days.

    I have never used googles push channel, so I don’t know how fast it is.
    When sending a message from my own domain (with its own mail servers) to a gmail account I can see the mail comming in after just a few seconds.
    The samsung galaxy ace I use for testing actually needs more time for decrypting the message.

    Sending was really easy since I use plain old mail as a backend… a file is just an attachment within the encrypted message.

    #10740

    Indus
    Member

    I saw the open merge request for Textsecure on gitorious.
    Are there technical objections why it is not included yet or are the developers simply complying with Moxie’s wish not to distribute Textsecure outside of the Play store?

    Regards,
    Indus

    #11181

    rriemann
    Member

    Same question here.

    If the author is more happy with it, we could also rename the app for distribution (like Firefox is Iceweasel in Debian).

Viewing 15 posts - 31 through 45 (of 85 total)

The forum ‘Submissions Held’ is closed to new topics and replies.

Posted in