Hacker News new | past | comments | ask | show | jobs | submit login

Would kill for the desktop version of this. This team is the gold standard of cryptographically secured messaging; what Colin Percival's Tarsnap is for backup, Whisper is for communications.

Congrats on the new release.




Telegram got 6+ million downloads in the first week: https://twitter.com/telegram/status/437743435395514368

While TextSecure still only has 100k+ installs on Android: https://play.google.com/store/apps/details?id=org.thoughtcri...

Despite Telegrams known crypto failures: http://www.reddit.com/r/Android/comments/1yrv46/after_gettin...

Hopefully iOS and Desktop clients help TextSecure take off and beat out the weak crypto apps. Multi-platform is critical these days for messaging apps.


Apples to oranges.

Telegram's been around close to a year or so now. They are an established mainstream app and they look like an obvious "WhatsApp replacement" if one is looking for one. Far fewer people are looking for a secure IM app per se, so your numbers aren't really that surprising. Regrettably, unwashed gray masses don't give a flying f#ck about quality of the crypto, so TS doing crypto better is not a tangible conversion benefit.


i actually think the sign up process of textsecure is more obvious than telegrams.

but i found that use it to transparently send sms when needed super confusing to people.

people don't want to use sms. if they did they would just use that instead.

in cyanogenmod it's even more confusing. cyanogenmod integrated it to their base system, but you have no way of knowing if the text message you just sent is really encrypted or not (unless the other party tells you since he's running textsecure), i'm guessing/hoping that'll improve though


Why do people say that? Apples and oranges are very comparably, just as these to apps are very comparable.

Just because you disagree with one datapoint doesn't mean you can't compare them.


It should be noted Textsecure is the default messaging app on Cyanogen which reaches 10 million devices.

We really need to encourage folks to use these genuinely secure messaging apps rather encryption fairy dust like Telegram


CM really needs to change the onboarding process for TextSecure since I've never enabled it because I don't understand it.

Mainly that "seamless" migration between SMS and data channelled messaging is not something I want to happen because SMS costs me a fortune on my plan, whereas low-volume data costs me nothing.

To that end, the options for the TS process during setup should make it clearer how data charges/SMS charges will be racked up, and indicate accordingly.



Right but what I'm saying is: this is not indicated when it's presented to you. And worse, it's not clear how it interacts - i.e. does TextSecure send an SMS with a hash to find the real message, or does it check if both devices are online (I now know its the latter).

But there's no way to tell at the most important moment - when this new thing is being put in front of me, and claiming to do things with a service that has a usage charge to me.

It would be much better if SMS defaulted to off, it was made clear what it was, and SMS Push added as a "would you like to?" option instead.


Most users flocked to WhatsApp to avoid SMS charges. So, I think SMS push should've been off by default. Many users won't find out until it's too late.


When I installed it used the data channel to send messages, with SMS as fallback.


Is it? I just updated to Cyanogen 10.2.1 and TextSecure is definitely a different app from Messaging. Or is this an 11.x feature?

Edit: Oh, I see. Added as a silent feature in 10.2 messaging app. There is no visible indication that secure communication is happening (or possible). Ok. Better than nothing, and a good default.


On first install when you're setting up the phone in the winzard, the last thing is WhisperPush


you still have to set it up on CM but the text secure app has some nice added features


Telegram's website has got a great layout that encourages you to install right on the first page. TextSecure's looks like a badly designed startup pitch deck. While Telegram uses misleading language that takes advantage of normal people's cognitive heuristics, TextSecure has in-jokes about anarchists and socialist revolutionaries. They're completely out of touch with normal users.


Presumably as anarchists they're unwilling to be blatantly manipulative?

In either case, TextSecure works, so...


In either case, TextSecure will not get more people to adopt a product until they learn to market themselves better.


We've got a browser extension in development, with the possibility of using an email address instead of a phone # as ID-- no promises on time line though.

https://twitter.com/moxie/status/438020504780152832


That's awesome, would be perfect for my needs, thank you for the hard work!


I had downloaded RedPhone and TextSecure. My contact list was a glorious zero people (everyone I know uses WhatsApp).

A few months ago I thought about using Threema and the like, but realized nobody's gonna switch with me. So I stayed. Didn't even try to convince anyone.

The day after FB bought WA my non-tech, not-concerned-about-NSA friends started to switch to Threema. On their own. Because Facebook.

Heck, they were even discussing all that on Facebook, as far as I know... that's irony.

So now most people I regularly chat with are on Threema.

And while I don't trust them (especially their competence -- although using NaCL is a good start) nearly as much as I trust Moxie, this issue is closed now. Nobody is going to move again without a very good reason.

The two people I regularly chat with still on WA can't use Threema, because they are still on Android 2.3.

But Threema really needs multi-device IDs. And the ability to change a group's composition. Other than that it's cool. You feel right at home, the emoticons look the same (from the same lib, I guess). And this whole "scan the other guy's public key" is not just a good idea, it's even close to gamification ("only two more people until everyone's green!").

And that's why I don't believe in some meaningful market share for Whispersystems. They are virtually unknown in non-tech circles. They still don't have an iOS app. Yes, I know, there were more important things up to now.

Still, the window of opportunity is closing. In three weeks no "normal" person is going to switch messaging service anymore. Everyone either stays at WhatsApp, or has already agreed with their whole circle of friends on another service.


Everyone I explain text secure to loves it and starts using it immediately. Its a dropin text message replacement app. It's main competition is android owners who can pick between text secure and the Hangouts app that had replaced the default SMS app.


>My contact list was a glorious zero people (everyone I know uses WhatsApp).

...TextSecure is an SMS replacement. Your contact list is your contact list.

Does nobody you know receive SMS messages?


Nobody I know has TextSecure installed.

Of course I can still send unencrypted text messages. Are you trolling me?


Tend to agree. If it had've had an iOS version and a little broadcasting of what it is and does, it could have been in Telegrams or Threema's position now, post FB aka Borg acquisition.

It's going to be hard going to reflow the already interconnected with this. Wish it wasn't so.


This a million.

Is a desktop version in the cards?

EDIT: Yes, yes I can't read :D


> Now that the new TextSecure for Android is out, Christine and Fred assure us that TextSecure for iOS will be available in short order. The protocol includes support for users to have multiple devices, and Matt is working on a desktop client.


Third to last paragraph in the article state they are (or rather Matt) is working on a desktop client.


Could you run it in an intel android emulator?


Yes... but gross.


Not a bad idea, thanks! It would be sandboxed to boot :)


> A user simply sends a message, and it’s encrypted end to end, every time.

Anything that is not public key encrypted must be considered unencrypted.


TextSecure does use public key cryptography. It performs the key exchange silently, but it still performs it.

https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2 https://www.whispersystems.org/blog/advanced-ratcheting/


Pff. A pair of exchanged 32GB microSD cards full of random data would give you OTPs for a hell of a lot of tweets/SMSes :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: