
Saying goodbye to encrypted SMS/MMS - hormesis
https://whispersystems.org/blog/goodbye-encrypted-sms/
======
junto

      We don’t want the state-run telcos in Saudi, Iran, Bahrain,
      Belarus, China, Egypt, Cuba, USA, etc… to have direct access
      to the metadata of TextSecure users in those countries or
      anywhere else.
    

Sad to see that the 'land of the free' has become bundled (in a relatively
short period of time) into a category of oppressive states that have little or
no respect for the privacy of its citizens.

~~~
proveanegative
I read this bundling as a deliberate rhetorical/political move. You could have
bundled the US with other surveillance-happy Western nations such as Australia
or the UK, which as far as I understand do not behave in a qualitatively
different manner.

~~~
dredmorbius
Not only do the UK, Australia, or Canada and New Zealand for that matter,
_not_ behave qualitatively differently, but as the "Five Eyes" surveillance
states, they'll spy on one another's citizens (and occasionally their own) for
one another, effectively gutting any legislative prohibitions on domestic
surveillance.

[https://plus.google.com/u/0/104092656004159577193/posts/2ncB...](https://plus.google.com/u/0/104092656004159577193/posts/2ncBEdPVrHX)

Tipped off to me by SoftwareMaven here at HN:
[https://news.ycombinator.com/item?id=9077061](https://news.ycombinator.com/item?id=9077061)

(Links are described in more detail in my G+ post above)

[http://www.theguardian.com/world/2013/nov/20/us-uk-secret-
de...](http://www.theguardian.com/world/2013/nov/20/us-uk-secret-deal-
surveillance-personal-data)

[http://www.theguardian.com/world/2013/dec/02/revealed-
austra...](http://www.theguardian.com/world/2013/dec/02/revealed-australian-
spy-agency-offered-to-share-data-about-ordinary-citizens)

[http://www.theguardian.com/politics/2013/jun/10/nsa-
offers-i...](http://www.theguardian.com/politics/2013/jun/10/nsa-offers-
intelligence-british-counterparts-blunkett)

[http://uk.reuters.com/article/2013/06/21/uk-usa-security-
bri...](http://uk.reuters.com/article/2013/06/21/uk-usa-security-britain-
idUKBRE95K10620130621)

~~~
pyre
Said information shared was found illegal in the UK recently.

~~~
dredmorbius
Source?

~~~
pyre
Looks like it wasn't an actual court. I was recalling incorrectly:
[http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-
int...](http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-
surveillance-unlawful-court-nsa)

~~~
dredmorbius
Thanks.

------
stormbrew
I hope this also eventually means moving away from using phone numbers as the
sole mechanism for identity. While it is and was useful to build up a
meaningful userbase and resist spammers, it also hinders a lot of useful usage
patterns.

------
jackbravo
Lack of GCM was one of their primary reasons for not providing an APK for
TextSecure for users who don't use Google Play (like users with CyanogenMod).

\-
[https://github.com/WhisperSystems/TextSecure/issues/127](https://github.com/WhisperSystems/TextSecure/issues/127)
\-
[http://support.whispersystems.org/customer/portal/articles/1...](http://support.whispersystems.org/customer/portal/articles/1476204-why-
do-i-need-google-play-installed-to-use-textsecure-on-android)

Hopefully that option will be available soon.

~~~
mike_hearn
They will still rely on GCM for the wakeup event so I don't see why it'd make
any difference. Presumably the plan is that TextSecure will store the messages
and when the app is open, it will build its own connection to the TextSecure
servers until the app shuts down. But eliminating GCM entirely would mean the
app must run all the time, understand how to handle the NAT timeouts and the
servers would need to handle millions of simultaneous TCP connections - a tall
order.

This is especially true because GCM is treated specially by lots of telcos and
they won't time out GCM sessions automatically. TextSecure wouldn't benefit
from that.

~~~
y0ghur7_xxx
whatsapp and fb messenger work perfectly without google play services
installed. whatsapp even manages to update itself. i see no reason why
TextSecure could not do it. It's an app that is focused on privacy, and as
such should work without closed source software from the largest data
collector in the world installed on the phone.

~~~
ForHackernews
Facebook and WhatsApp are much bigger players with massive infrastructure that
Whisper Systems doesn't have.

I agree it would be a lot better if it didn't require Google Play Services,
but I'm not sure how realistic that is. Google has worked hard to make the
Play APIs indispensable for anyone trying to work with Android.

~~~
shawn-furyan
This. TextSecure is a tiny player that's already had a tremendously outsized
impact. It's completely unrealistic to expect them to be able to support every
edge case and provide as smooth an experience as these billion dollar
companies can.

TextSecure and their Open Whisper Systems' involvement in Whatsapp have done
more for the adoption of end-to-end encrypted peer to peer communication than
the combination of just about anything else that could be brought up as a
contributing factor. When they say that SMS is a net hurdle to adoption, then
I trust their judgement on that count.

------
jlebar
"We don’t want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China,
Egypt, Cuba, USA, etc… to have direct access to the metadata of TextSecure
users in those countries or anywhere else."

I <3 Moxie.

~~~
mike_hearn
The flip side is that identifying all users running TextSecure will get a lot
easier, I presume. Previously telcos saw encrypted SMS (sometimes) and
connections to GCM. Now they will see connections to TextSecure.

~~~
dredmorbius
There are possible ways to mask that, though they'd likely still draw
attention.

Assuming that any given endpoint was _already_ a surveillance target, the
advantage here is that the traffic cannot be used (or is less readily used) to
determine contacts -- who's talking to whom.

------
doublec
That's unfortunate. Encrypted SMS/MMS has been my primary use for TextSecure.

For contacts that have intermittent or expensive data connections, especially
while roaming, the ability to use SMS was a selling point vs other messaging
systems.

Telco's in my country record and store SMS data for a period and knowing this
data was encrypted and unreadable by them was another useful feature of
TextSecure.

~~~
6d0debc071
How much data is this actually likely to use? Effectively plain text data
doesn't seem like it should be expensive. Even with something like .odt you're
looking at a few KB a 'page.'

~~~
mortenlarsen
There are other concerns than just the amount of KB transfered. When
connectivity is poor SMS is much more likely to work than data (2G/3G/4G).
AFAIK. GCM is not a "true" push service, it just provide an API that makes it
seem like one. Battery use is much higher for data, especially when you are in
a location with bad connectivity. Some people prefer disabling data when they
don't need it, for the reasons above and for other reasons.

~~~
xorcist
Most people disable their mobile data when roaming, because fees are set to
bleed the unfortunate few who forget to dry. If you live in a country that is
only a few hours drive to neighboring ones, that's something you do quite
often. So SMS is not only more likely to work, it is absolutely required.

------
igravious
Perhaps not call the app TextSecure then?

I think Moxie is a total dude but wasn't SMS encryption the Unique Selling
Point of TextSecure? It was the reason I installed the app and go through the
inconvenience of typing a very long string into the app every time the app
restarts.

I undertsand the logic of what Moxie is saying, if that's the case then the
conclusion should be, "We need to shut down the entire app", not "We got to
switch off encryption"

~~~
moxie
It will still be possible to send encrypted messages, just over the internet
rather than over SMS. This has been the default mode of operation for a while
now, we're just disabling the old SMS mode that has been lingering for the
past few years.

~~~
classicsnoot
I know you are busy, and even if you get this i assume you won't respond, but
i am tired of sending email to support@whisper. Why can i not get group
messages from iPhone users when wifi is turned on? I have sent my logs,
emailed, and talked with at least two of the Inner Circle, and no fix works. I
bring it up here because you are degrading/destroying one of the biggest
reasons i use (and relentlessly flog) your product. You can look through the
emails; i love you guys and i want to support what you do. But the fact that
the shit a)just does not work and b) is now going to leave me (and others)
exposed makes the feel extremely sad.

------
jugbee
Well that's disappointing. I have worked hard inviting my friends to
textsecure, i used to tell them: "Textsecure is just a simple text messaging
app but with encryption, why not to change your default one to this, what do
you have to lose, you still can message all the others." Now, however, it's
not going to be a simple text messaging app anymore, but just another Whatsapp
+ real crypto. Which is going to make wayyyy harder to convince new friends to
switch. I can already hear them saying "why do i need this? it does use data,
and i have facebook messenger, viber and whatsapp where all of my other
friends are. Why do have to download this too for you alone"

~~~
shawn-furyan
TextSecure is getting rid of ENCRYPTED SMS/MMS, not SMS/MMS capability all
together. So from a lay-person's perspective, I don't see what the major
change is. They can still use TextSecure as their texting app, while
occasionally being able to communicate securely with contacts that also use
TextSecure Protocol clients. SMS/MMS just isn't being used as a secure
transport anymore.

~~~
jugbee
"occasionally being able to communicate securely with contacts that also use
TextSecure Protocol clients."

"Occasionally" is not what I desire. Being abroad and not being able to use
data due to huge roaming fees leaves me vulnerable something like 80-90days a
year. Leaking metadata is still better than leaking the contents which is why
I'm feeling rather skeptical about this decision

~~~
Certhas
Absolutely. Dropping GCM and rolling their own for that is great.

But SMS still is the more reliable protocol. When I'm in a subway without
stable data, and I tell my girlfriend I have an expectation for reliability of
delivery that is shaped by SMS. So does she.

Roaming data is disabled by default on Android for good reasons, I pay insane
amounts for it on my otherwise fantastically cheap data plan. So I am in Paris
and all of a sudden her messages don't get through.

If there is an intelligent fall back to unencrypted SMS this could be a boon
though. The risk of undelivered messages very strongly outweighs the risk of
these messages being read in these use cases, so if SMS can not be made secure
and usable, unencrypted fall back is absolutely fine.

------
drdaeman
For me, an year ago, TextSecure's primary selling point was that it wasn't
reinventing the wheel, but was layering above the already existing network.
Something very resembling how one installs an OTR plugin for their XMPP
client, except for being an app (since, unfortunately, I have yet to see an
mobile messaging app with a sane plugin system).

I've perceived their own proprietary data transport as progressive enhancement
that enables to cut the costs, not as a primary option. I.e. SMS transport
being the core option, not a fallback. Personally, haven't bothered to use
data transport at all - it was unable to handle multiple identities anyway.

Sadly, I was mistaken.

~~~
tasn
Their protocol and implementations are fully open source.
[https://github.com/WhisperSystems](https://github.com/WhisperSystems)

~~~
drdaeman
So?

I use the term "proprietary" in sense that it's their own unique protocol that
nobody else uses. (Don't tell me about their interop with CM, its partnership,
not federation.) Or you know some alternative compatible SMS apps that use
libaxolotl or Axolotl protocol? I don't. Would love to hear there are some.

~~~
tasn
Fair enough, they do "own" it, and can change it at their own discretion, and
that is always bad. However, that's how many standards come to life. See SPDY
and HTTP/2.0 and probably (no facts to back this one) most of the XMPP XEPs.

Not sure about the SMS side of things (which is being dropped anyway) and how
things work there, but using the phone number as an identifier makes
federation without a central authority infeasible. I've been wishing since day
one that they'd allow xmpp style usernames too in order to make federation
possible.

------
aftbit
I'm disappointed that TextSecure is moving from one of the last deployed
federated platforms (SMS) to their own closed transport. :(

~~~
pgeorgi
Not sure if "federated because ITU members can hook up their own processing"
is federated in any meaningful way.

~~~
dredmorbius
If the system used SMS proxied by TextSecure, that would have at least avoided
net-of-endpoint pen trace. You'd know who TextSecure's customers were, and
could probably use _time-based_ analysis to see who is likely to be talking to
whom (a steady stream of non-content messages would otherwise have to be used
to mask significant messages).

The context analysis sideband leakage is the big win here for a data-based
approach.

------
zobzu
its been kind of nice to have textsecure as an option when internet is not
available (which sadly happens a lot especially for travelers...)

I understand the decision is, again, for the greater good, but I can't help to
think it's going to leave a hole.

~~~
caf
That's a good point - I've been travelling places where I've had roaming SMS
but not data.

------
guelo
That makes no sense because SMS-compatibility is the trojan horse to get
adoption. Without SMS it's just another messaging app with huge network-effect
adoption challenges.

~~~
marssaxman
You can still send unencrypted SMS messages to people who don't use
TextSecure. You can still send encrypted messages to people who _do_ use
TextSecure. All you lose is the ability to send encrypted SMS messages to
people who are already using TextSecure; instead you must send messages
through the Internet.

~~~
clsec
Well, as of this morning (after updating to v2.6) all I am able to do with my
one other TS contact is send unsecured SMS. No encrypted SMS nor encrypted
push. Frustrating to say the least!

I have been struggling for over a year now to get this one contact and I to
have a smooth & reliable secure channel. Sometimes it works great and others
times it just doesn't exist. And I usually have to jump through all kinds of
hoops to get it to work again. Which makes it nearly impossible for me to
recommend TS to others who are a little less technical than my one TS contact
and myself.

I really want this to work smoothly, Moxie, I really do! If it does, then I
can recommend it to everyone.

edit: spelling

edit2: Moxie has quickly replied to my issue on github and will be pushing
v2.6.1 soon.

------
ForHackernews
I hope this distinction is called out effectively in the UI. It would be a
real disaster if people thought they were sending secure SMS, when actually
they were using plaintext, or got confused between which are SMS messages and
which are TextSecure messages.

~~~
jhgg
It is. secure messages are blue (and the send button has a lock on it), text
messages are green. Similar to how iOS does iMessage/SMS messages.

------
zentrus
Very disappointing. In various parts of the world, data is not always
available and SMS is. :(

------
justin66
_iOS does not have APIs that allow us to programatically send /receive SMS
messages_

Wait... what?

~~~
kalleboo
Correct. The only API for sending SMS is to open a prefilled, system-
controlled "compose new message" modal.
[https://developer.apple.com/library/ios/documentation/UserEx...](https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/SystemMessaging_TopicsForIOS/Articles/SendinganSMSMessage.html)

------
jtchang
Sounds like a good move. SMS was not really meant to be a data delivery
mechanism. In fact it was more of an afterthought that we can even send
messages through SMS.

------
classicsnoot
I guess I thought of TextSecure as a service I used to encrypt my messages.

Does anyone have recommendations for a service that will encrypt my messages?

~~~
Johnny_Brahms
How about Textsecure? Unless you specifically want to use SMS or MMS as the
transport, your messages are still very much encrypted.

~~~
classicsnoot
...so the answer is "nothing" then. Seems like a niche that needs filling;
some service that encrypts your shit, regardless of transport medium.

