
TextSecure, Now With 10 Million More Users - makepanic
https://whispersystems.org/blog/cyanogen-integration/
======
latortuga
I used TextSecure as my text client exclusively for about the last 6 months
and it worked great except for 3 things: group messages and MMS. Something
changed recently that prevented any MMS from showing up and it kept offering
for me to configure the proxy settings. I looked briefly for the correct
settings but there don't seem to be any for Verizon on their list. Group
messages just didn't seem to work the way the do in the normal Android client.
Texting worked flawlessly though it's sort of chicken and egg - no one I know
used it so none of my communication was encrypted in transit.

Oh and the third thing: my SO thought I was borderline paranoid/crazy/hiding
something for even installing it.

~~~
moxie
FYI, from another Verizon user:
[https://github.com/WhisperSystems/TextSecure/issues/467](https://github.com/WhisperSystems/TextSecure/issues/467)

Looks like we need to add some new MCC/MNC values to the defaults for that
MMSC. Group messages use MMS, so hopefully this gets you down to one problem
(paranoid). =)

~~~
latortuga
I really appreciate the response, Moxie. I admire your work and your privacy
advocacy and I downloaded TextSecure after seeing it here and associated with
your name. I'll take another look and see if that link can solve my
(technical) issues.

------
schabernakk
I am really looking forward to TextSecure for iOS. I hope I am wrong on this
one, but from the text on their Website Heml.is doesn't seem to be too eager
to open source their code after release.

I don't know any details about whispersystems (except that moxie marlinspike
is with them) but I sure do hope they can provide a well designed cross
platform messaging app completely open source (which I don't think exists yet)

~~~
mike-cardwell
On Hemlis's front page:

"We have all intentions of opening up the source as much as possible for
scrutiny and help! What we really want people to understand however, is that
Open Source in itself does not guarantee any privacy or safety. It sure helps
with transparency, but technology by itself is not enough."

They have no intention of releasing the source code. Use
[https://www.surespot.me/](https://www.surespot.me/) instead, it does the same
stuff, already exists, and is released under the GPL (v3).

~~~
tptacek
You'd be making a pretty big mistake to opt for something that hadn't been
vetted, over TextSecure, simply because of the availability of source code.

~~~
mike-cardwell
Personally, I've used both, but settled on SureSpot for the moment. SureSpot
uses data exclusively, which is cheaper than SMS for me. Although I understand
that TextSecure now has (or will be getting soon) a data channel. So I'll
definitely take another look.

Moxie has proven himself to be more than capable of building such a system,
but the author of SureSpot seems more than competent too. See the section
titled "Technical Overview" on:

[https://www.surespot.me/documents/how_surespot_works.html](https://www.surespot.me/documents/how_surespot_works.html)

Interesting fact: TextSecure wasn't made open source until it was bought by
Twitter: [https://dev.twitter.com/blog/whispers-are-
true](https://dev.twitter.com/blog/whispers-are-true) \- IIRC, prior to this
the website claimed it was open source, but offered no way of getting the
source, and if you asked for it, you would find out it was only given to
trusted third parties to perform security reviews.

------
privong
Here's cyanogenmod's side of the announcement:
[http://www.cyanogenmod.org/blog/whisperpush-secure-
messaging...](http://www.cyanogenmod.org/blog/whisperpush-secure-messaging-
integration)

------
eyeareque
Can the government force TextSecure server admins to provide access to user
messages?

~~~
conroy
The TextSecure server never has access to message bodies. However, the
government could force the server admins to provide timestamps and metadata
for all messages. The TextSecure server knows who* and when you talk to
someone, but not the contents of the conversation.

* The who in this case is a hash of the recipient's phone number. I'm not sure how difficult it is to turn this value into a real phone number.

~~~
nwh
A hash of a phone number or IP address would be trivial to reverse.

------
salient
Awesome, I've been waiting for this. Now CyanogenMod should be the most secure
OS out there against snooping, even compared to Google's own Android. Too bad
Google isn't taking steps to offer end-to-end encrypted communication for
Android devices.

~~~
foobarqux
CyanogenMod is far from secure. Moxie has talked about this before.

~~~
StavrosK
Do you have more details?

~~~
charleslmunger
Cyanogenmod signs its builds with publicly available keys. This is very
dangerous - see Dianne Hackborn's comment on this patch: [https://android-
review.googlesource.com/#/c/22694/](https://android-
review.googlesource.com/#/c/22694/)

~~~
foobarqux
That's just a (egregious) indication of the poor security: Even if it were
fixed I would have no confidence in the security of CM, barring drastic
changes.

------
andor
In case anyone else is wondering: if sender and recipient use CM or
TextSecure, the encrypted messages are not sent via GSM SMS. The transport
uses Procotol Buffers, HTTP and Google Cloud Messaging/Apple Push
Notifications.

~~~
StavrosK
Thank you, I _was_ wondering about that, mainly because I think that, the last
time I used TextSecure, messages were going over SMS.

------
sailfast
This looks awesome and definitely makes me lean more towards an Android OS for
a future phone.

This is not a dig, but because the SMS system is SO transparent a user may not
be able to tell which of their messages / contacts allow encrypted traffic
(based on the screenshot in the post). I might add a lock or some other
mechanism to indicate which messages are secured.

~~~
conroy
They are planning on adding that soon (from the post):

    
    
        We will also be adding some minimal visual feedback to the stock
        CyanogenMod Messaging app to indicate when the user has an 
        expectation of privacy and when they don’t, but the base 
        experience won’t change at all.

------
hawkharris
The apps look great, but I don't have an Android. Does anyone know if there's
a good iOS equivalent?

~~~
conroy
WhisperSystems is working on an iOS app
[https://github.com/whispersystems/TextSecure-
iOS](https://github.com/whispersystems/TextSecure-iOS)

------
nicholasjarnold
This is truly great work by Moxie, CyanogenMod devs and everyone else who may
have contributed to this project. Kudos guys/gals!

One important implementation detail question that comes to mind is "How does
the system detect and fix the issue of key exchange errors?"

While using the TextSecure app from the Play store, I've experienced a
situation twice where a key exchange would have to be re-initiated manually
after a friend and I got out of sync (he was receiving my messages garbled in
TextSecure). I imagine it's possible for this to happen in the built-in
Cyanogenmod version, and I don't see any documentation specifically addressing
it. Without visual notification of a "secured" connection, the user could end
up inadvertently sending plain-text messages.

------
throwaway0094
Can someone explain how the keying system works? What is the secret
information a user needs to decrypt messages addressed to them? What prevents
a 3rd party from decrypting those messages? What is the 'key'?

~~~
mike-cardwell
You generate a keypair. They generate a keypair. You swap public keys. Then
you encrypt messages to each other using the other persons public key.

Of course, that is still vulnerable to an active MITM attack where somebody
intercepts the initial key exchange and inserts their own keys. The app has a
built in option to display your fingerprints so you can compare them if you
meet the other person.

Even with this vulnerability, imagine if everyone started using it
overnight... All of a sudden there wouldn't be millions (billions?) of new
private messages stored in a bunch of databases every day. The telcos aren't
going to perform an active MITM attack to decrypt peoples SMS.

~~~
StavrosK
> The telcos aren't going to perform an active MITM attack to decrypt peoples
> SMS.

An optimist!

Given how easy it would be to do, I think they'd at least think about it.
However, it's also trivial to detect, so we have that going for us.

------
quaz3l
This is how I always thought Google would eventually implement an iMessage-
like protocol. By taking the last step before sending the SMS out, and
checking to see if the recipient is also part of the service, and sending it
over the service instead of through the open. Love it, just hope my HTC One S
will still work with a nightly. ;P

------
mikevm
Doesn't the fact that mobile phones have an extra closed-source baseband OS
that can control the phone on a lower level than the secondary OS (Android)
make any attempt at securing the secondary OS pointless? I mean, the baseband
might have a keylogger and send all your data to your provider anyway...

------
jcastro
I really like the "Disable passphrase" option.

Having to enter that all the time made this a dealbreaker with my wife last
time. I figure just encrypt the handset and that'll be good enough.

------
rfnslyr
I'm currently working on an application similar to this, but with a small
physical device you plug into the bottom of your phone where all the
encryption is done, so there is no central software you can break into, it's
all done physically, disconnected. You communicate the decryption keys to the
parties in person. We want to make this a little device you can attach to a
key chain and plug into the bottom of your phone whenever you need encryption.
Our app interfaces with the dongle and you can use it to encrypt/decrypt any
files really.

Is this a retarded idea or is there a use for this?

~~~
devindotcom
Someone can always hack the display driver - you have to display the messages
to the user at some point, after all. Take a screenshot on whatever user
event, encryption bypassed.

I've been thinking about encryption all the way up to the display module,
though, meaning interception would have to be very close to the display
hardware itself.

~~~
rfnslyr
That's what I was thinking. We are going to ship two versions. One being a
simple dongle where the application used to interface with it is the users
phone.

We're also selling a premium package, where the device is much bigger but
includes a physical display and keyboard, with a transfer mechanism of the
final encrypted message.

We're marking up the higher end model so we can fund the lower end model,
being 2 replacements of the dongle for 1 purchase, as the dongle will have a
one time authentication and will be locked to the device.

We're also trying to figure out how to have the device self destruct if not
used by any approved devices, meaning whipe itself clean and POSSIBLY break
the hardware that does the processing/houses any data.

~~~
mafribe
Maybe you can do something useful with visual cryptography?

~~~
rfnslyr
Can you expand?

~~~
mafribe
Print an overlay that acts as a visual password. You put it on the phone
screen. So you can read what's written, but an attacker who captures only
phone data sees only gibberish. There are various practical issues. Maybe they
can be overcome. If the overlay was generated on demand on the dongle, rather
than printed, that could improve usability.

[https://en.wikipedia.org/wiki/Visual_cryptography](https://en.wikipedia.org/wiki/Visual_cryptography)

------
streetnigga
I did not read anything about what current users may need to do. I've been
using TextSecure for some time now and _just_ got a phone that was worthy of
putting CyanogenMod on.

So I did.

Did my eyes gloss over the details or is there some method of importing
current TS databases I may need to know about?

