We don’t want the state-run telcos in Saudi, Iran, Bahrain,
Belarus, China, Egypt, Cuba, USA, etc… to have direct access
to the metadata of TextSecure users in those countries or
Tipped off to me by SoftwareMaven here at HN:
(Links are described in more detail in my G+ post above)
America needs a new constitutional amendment to address what the 4th Amendment means in the 21st century.
Hopefully that option will be available soon.
This is especially true because GCM is treated specially by lots of telcos and they won't time out GCM sessions automatically. TextSecure wouldn't benefit from that.
I agree it would be a lot better if it didn't require Google Play Services, but I'm not sure how realistic that is. Google has worked hard to make the Play APIs indispensable for anyone trying to work with Android.
TextSecure and their Open Whisper Systems' involvement in Whatsapp have done more for the adoption of end-to-end encrypted peer to peer communication than the combination of just about anything else that could be brought up as a contributing factor. When they say that SMS is a net hurdle to adoption, then I trust their judgement on that count.
even kik (http://www.kik.com/) works without google play services, and it has no massive infrastructure.
but even then, it makes no sense to say that chatsecure is secure and client side encrypted, when it NEEDS, and BUILDS ON closed source software of (one of) the largest data collector companies in the world.
Looking forward to dropping the GCM requirement.
It's cognitively dissonant not to read GCM not as Galois Counter Mode in a crypto discussion.
I <3 Moxie.
Assuming that any given endpoint was already a surveillance target, the advantage here is that the traffic cannot be used (or is less readily used) to determine contacts -- who's talking to whom.
For contacts that have intermittent or expensive data connections, especially while roaming, the ability to use SMS was a selling point vs other messaging systems.
Telco's in my country record and store SMS data for a period and knowing this data was encrypted and unreadable by them was another useful feature of TextSecure.
I think Moxie is a total dude but wasn't SMS encryption the Unique Selling Point of TextSecure? It was the reason I installed the app and go through the inconvenience of typing a very long string into the app every time the app restarts.
I undertsand the logic of what Moxie is saying, if that's the case then the conclusion should be, "We need to shut down the entire app", not "We got to switch off encryption"
I get that SMS leaks metadata. It's like email in that respect, isn't it?. And we still want to encrypt email. Is it so much of a burden for you people to carry the SMS encryption code? Maybe a fund-raising drive to keep it financed and included?
The reasons make sense - SMS as a transport is almost unworkable, there's a lot of crap involved with MMS bugs that it would be good to rip out, and it can never be compatible with iOS.
A replacement for GCM/push/etc for wakeup would be nice - I wonder what that would look like? - but it'll do for now.
"Occasionally" is not what I desire. Being abroad and not being able to use data due to huge roaming fees leaves me vulnerable something like 80-90days a year. Leaking metadata is still better than leaking the contents which is why I'm feeling rather skeptical about this decision
But SMS still is the more reliable protocol. When I'm in a subway without stable data, and I tell my girlfriend I have an expectation for reliability of delivery that is shaped by SMS. So does she.
Roaming data is disabled by default on Android for good reasons, I pay insane amounts for it on my otherwise fantastically cheap data plan. So I am in Paris and all of a sudden her messages don't get through.
If there is an intelligent fall back to unencrypted SMS this could be a boon though. The risk of undelivered messages very strongly outweighs the risk of these messages being read in these use cases, so if SMS can not be made secure and usable, unencrypted fall back is absolutely fine.
They even justified focusing on their own open protocol over data as being useable by more people in the world. Any time you make a change, your going to impact usability for some people. But it sounds to me that they're going in the direction that increases global adoption and mind-share of encrypted communication. It's way too early, and adoption is way too low to sacrifice broad adoption (by not focusing enough) in favor of supporting current edge use cases.
I've perceived their own proprietary data transport as progressive enhancement that enables to cut the costs, not as a primary option. I.e. SMS transport being the core option, not a fallback. Personally, haven't bothered to use data transport at all - it was unable to handle multiple identities anyway.
Sadly, I was mistaken.
I use the term "proprietary" in sense that it's their own unique protocol that nobody else uses. (Don't tell me about their interop with CM, its partnership, not federation.) Or you know some alternative compatible SMS apps that use libaxolotl or Axolotl protocol? I don't. Would love to hear there are some.
Not sure about the SMS side of things (which is being dropped anyway) and how things work there, but using the phone number as an identifier makes federation without a central authority infeasible. I've been wishing since day one that they'd allow xmpp style usernames too in order to make federation possible.
The context analysis sideband leakage is the big win here for a data-based approach.
I understand the decision is, again, for the greater good, but I can't help to think it's going to leave a hole.
Yes, this was also one of my main use of TS, and also in the subway, where Data is limited... Else, I could use Whatsapp, with ZRTP...
I have been struggling for over a year now to get this one contact and I to have a smooth & reliable secure channel. Sometimes it works great and others times it just doesn't exist. And I usually have to jump through all kinds of hoops to get it to work again. Which makes it nearly impossible for me to recommend TS to others who are a little less technical than my one TS contact and myself.
I really want this to work smoothly, Moxie, I really do! If it does, then I can recommend it to everyone.
edit2: Moxie has quickly replied to my issue on github and will be pushing v2.6.1 soon.
What I'm trying to say is, very few people here care about SMS compatibility.
Does anyone have recommendations for a service that will encrypt my messages?
none of the services encrypt your sms anymore, though.