TextSecure

Forums Submissions Held TextSecure

This topic contains 84 replies, has 36 voices, and was last updated by  optimumpro 10 months, 3 weeks ago.

Viewing 15 posts - 46 through 60 (of 85 total)
  • Author
    Posts
  • #12438

    optimumpro
    Member

    @jkabrams

    As promised, here is my take on the recent Chatsecure build and our discussion about Guardian project accepting money from Google. The latest version now demands Manage Accounts permission and then immediately offers you to setup Google Account and use it, as well as Google Hangouts with the app. If you do that, you will have Google’s proprietory blobs including GSF, which will have raw access to your messages before they are encrypted (outgoing messages) and after they are decrypted (incoming messages). That does it for me. Bye bye, the latest version of Chatsecure.

    #12532

    pejakm
    Member

    I have successfully built TextSecure with websockets support. If anyone is intersted I can upload it somewhere (signed or unsigned).

    #12636

    mjw
    Member

    @pejakm
    I’m of course interested in testing your version.

    #12639

    pejakm
    Member

    Here it is: https://my.owndrive.com/public.php?service=files&t=f4fc5ff22582ca6a7adb99484e976712 (24,9 MiB)

    Notes:

    This is the current version (2.1.8) compiled with WebSockets patch. Tested and works. Signed apks are signed using ZipSigner’s testkey. The nogcm versions are built with DISABLE_GCM = true, which disables check for GCM and uses WebSockets all the time.

    Anti features: GCM. TextSecure still cannot be built without GCM (but you can use it without GCM installed, obviously). Refer to this issue (especially last 10 comments) for more info about this problem.

    SHA256 sums:

    
    7d288eb95b77264ee754dd6061eff7bdb6cef848a74b665d9df2434f872816a6  TextSecure-websockets.tar.bz2
    be52f032f8478544393a531cafbee408e2de8f22d0cb436c3e1ea561e1af1b89  TextSecure-nogcm-signed.apk
    0253de926f635949af3d0b1f12f5c5de862f5e43f2709cabb330d6260622a7bf  TextSecure-nogcm-unsigned.apk
    56769371a9d4849841723f3a4b0f7762731521804dc0fd68c0ea89af47a08e53  TextSecure-signed.apk
    fc18a01e2c31e0d5fdec05c4ebd6f849df232fbdab3a8fd0a7681f3c85615fb8  TextSecure-unsigned.apk
    
    #12653

    mjw
    Member

    I tested your build (nogcm-signed) on two devices and it works without problems. I’m finally able to send Push Messages without gapps. Thank you so much!
    The big question now is how to keep this updated. Do you plan to offer new versions of your build somewhere?

    #12656

    pejakm
    Member

    Well, that wasn’t my intention, but since I build for myself anyway, I could upload binaries somewhere. ownCloud is a great place for this, but still I need a way to inform potential followers about latest uploads.

    #12657

    pejakm
    Member

    @mjw: Here’s a patched nogcm version, which I use. Just in case you wanna test new features. 🙂

    Besides WebSockets patch, this build is also patched with #1653, #1724 and #1947.

    https://my.owndrive.com/public.php?service=files&t=5a13f77878c566b826b8f7d1039d14dd (7 MiB)

    adb27ede55501a384d52b3d45b0326a6458fd6e883a821f26ab50861deaf141c TextSecure-nogcm-patched.apk

    #12661

    eldoreez
    Member

    OK, thanks all for this thread. TextSecure and RedPhone are obviously more than just fishy.. Basing a “secure” application on Google infrastructure is not GPG-like security, this is fraudware. The most telling thing is how they implement only subsets of secure protocols like ZRTP. (The new GPG is more likely SilentCircle, by the same author; it is not open-source, but they publish their source code.)

    And unfortunately ChatSecure seems to have fallen into the same trap..

    I guess for now best bet to place secure calls is to use Linphone with Ostel/LinphoneSIP account and TLS transport and ZRTP encryption.. Not sure about messages, though..

    #12664

    pejakm
    Member

    @landroni: According to https://f-droid.org/wiki/page/org.linphone, Linphone also depends on GCM, so I don’t see your point bitching on TextSecure. Which, by the way, will soon have websockets support, meaning it wont exclusively depend on GCM anymore.

    #12665

    eldoreez
    Member

    Don’t use Linphone for messaging, but it phoning works perfectly fine without a Google account. And you can install it from F-Droid. I’m bitching for the right reasons. Linphone has a long history of good open-source behavior, and supports standard ZRTP.

    #12666

    pejakm
    Member

    We’re discussing a messaging app here, not a voip app. Besides, I barelly talked few of my friends into using TextSecure, let alone Linphone or CSipSimple. They all use Viber, so unfortunately I’m forced to use it, too. I see TextSecure (which is open source and hopefully soon will be available on F-Droid) as a one step closer towards ditching Viber, at least for texting…

    #12667

    eldoreez
    Member

    I think security-wise both QuickMSG and Tinfoil-SMS look more promising. QuickMSG is available in F-Droid and uses GPG.

    The way I see, I hope TextSecure doesn’t get shipped by F-Droid.

    #12981

    pejakm
    Member

    https://my.owndrive.com/public.php?service=files&t=bf53d1f2c225e20bacb3332919f7c134 (13,7 MiB)

    • Version 2.1.10+ @ c3eb0ea9db
    • Signed with ZipSigner’s testkey
    • Built with DISABLE_GCM = true (disables check for GCM and uses WebSockets all the time)
    • Patches: #1653, #1724, #1947 and #1960

    SHA256 sums:

    
    3a2d854baab7eaf91fde037842004a74cfed8443574c6c27c63977174ab0b845  TextSecure-websockets.tar.bz2
    7d309267b3738e7dfde40f99246804d145f214d743f6d2c3d0e32932f9e57ee9  TextSecure-nogcm-patched-signed.apk
    f1e32aba9096c2566976a3d37ca2149f1ae4beb113813ca4a38a6165efefe1af  TextSecure-nogcm-patched-unsigned.apk
    
    #13027

    Leopard
    Member

    Tinfoil-SMS looks really nice. Why cant we have that one included in f-droid?

    #13028

    eldoreez
    Member

    @leopard
    See this:
    https://f-droid.org/forums/topic/tinfoil-sms-perfect-alternative-to-textsecure/

    However, I’ve tried out QuickMSG and it makes a lot of sense security-wise: it’s plain and tested PGP-encrypted emails, but all under the form of an instant messaging app. It makes the setting up of PGP a breeze, and only the two paired users on their devices can view any message/photo/media sent as encryption/decryption happens only on the end devices. It’s pretty cool!

Viewing 15 posts - 46 through 60 (of 85 total)

The forum ‘Submissions Held’ is closed to new topics and replies.

Posted in